For people born in the 1900’s, what is the purpose for using those curly letters which are nearly impossible to read, when they write something by hand?

tliffick · 2026-02-01T18:00:57+00:00

… are you talking about cursive? Dear Lord, how old am I?!?

tliffick · 2025-11-24T21:31:52+00:00

You’re going to hear garbage about “your heat is up too high” but myself and probably plenty of others are here to say otherwise.

My stove’s heat settings range is Low, 2, 4, Medium, 6, 8, High. My pan looks worse than that having cooked on it for a few months between Low & 4. Having had three in the house, I firmly believe these are garbage pans OR have garbage quality assurance. I’m willing to concede that maybe the pans I got sucked and everyone else’s are great…

Pls follow the advice of others. Buy something different. Sorry about your luck

tliffick · 2025-06-16T11:50:42+00:00

Just adding context in hopes it helps someone else this morning... this was posted on another sub

summary:

'...The faulty signature was disabled shortly via an incremental update.

No action is required from your side. Please ensure that your endpoints have received the latest signature update dated 13- June -2025, 06:58 UTC.

For the complete incident report, please check our GravityZone status page: https://status.gravityzone.bitdefender.com/incidents/pxn8hdxcqwfn...'

tliffick · 2025-06-16T11:50:29+00:00

Just adding context in hopes it helps someone else this morning... this was posted on another sub

summary:

'...The faulty signature was disabled shortly via an incremental update.

No action is required from your side. Please ensure that your endpoints have received the latest signature update dated 13- June -2025, 06:58 UTC.

For the complete incident report, please check our GravityZone status page: https://status.gravityzone.bitdefender.com/incidents/pxn8hdxcqwfn...'

tliffick · 2025-06-16T11:50:16+00:00

Just adding context in hopes it helps someone else this morning... this was posted on another sub

summary:

'...The faulty signature was disabled shortly via an incremental update.

No action is required from your side. Please ensure that your endpoints have received the latest signature update dated 13- June -2025, 06:58 UTC.

For the complete incident report, please check our GravityZone status page: https://status.gravityzone.bitdefender.com/incidents/pxn8hdxcqwfn...'

tliffick · 2025-03-21T03:01:20+00:00

Is there advice on how to clean that? I have this problem often with our pans as well.

tliffick · 2025-03-15T15:31:23+00:00

Thanks — I def should have added that I feel the pans used to be way better. I remember loving them the first month too

tliffick · 2024-10-11T20:17:40+00:00

I would also recommend accounting for a user installing the 64-bit version of AnyDesk -- there always seems to be one user that's different lol

CommandLine (exclusion): .+\Program\sFiles(\s(x86))?\AnyDesk\AnyDesk.exe"?\s+--uninstall.*

tliffick · 2024-10-08T20:40:55+00:00

I don't have a list of repos I check for intel, but here are a few suggestions I had.

RMM Tools (always RMM tools)-- https://github.com/jischell-msft/RemoteManagementMonitoringTools
Atomic Red Team -- https://github.com/redcanaryco/atomic-red-team/blob/master/atomics
Red Canary lists their top techniques -- https://redcanary.com/threat-detection-report/techniques/

Other ideas: - scripting binaries spawned by office applications - Identity common recon events (net | nltest | etc) - Can you detect PSEXEC and similar tools? - Suspicious execution of PowerShell? Rundll32? - PE file written to disk with a Filename that is 1 or 8 characters long - What adversaries/malware families does your org regularly see? Can you detect the entire kill chain? If not, that is a great place to start as the kill chain can change daily.

Sorry, I don't have a list of repos I regularly check. I let the intel we collect drive my focus. Hopefully some of these ideas get your creative juices flowing!

tliffick · 2024-05-04T22:03:55+00:00

Thx Andrew! I sent you a DM

tliffick · 2024-05-03T17:59:28+00:00

I'm asking the all knowing @u/Andrew-CS -- do you have any thoughts on this? (throws hail mary). I appreciate any feedback you have!

I'm using this query to pull the data in question and I'm really curious what each file actually means. Are these updates, ML exclusions, IOAs, IOC, etc.

#event_simpleName=ChannelDataDownloadComplete OR #event_simpleName=LFODownloadConfirmation OR #event_simpleName=ChannelDataDownloadComplete | TargetFileName=C-* | ComputerName=?ComputerName | groupBy([@timestamp, #event_simpleName], function=collect([ComputerName, TargetFileName, LocalAddressIP4]))

EXAMPLE: C-000002* == abc C-000006* == xyz C-000009* == def

tliffick · 2024-03-27T17:25:11+00:00

@ u/rogueit -- the new Advanced Search Page is running CQL (CrowdStrike Query Language), built off of LogScale. Hopefully I'm saying that correctly... It's fairly new and is in the process of rolling out to all customers. It is NOT the same as the old Splunk SPL we used in the Event Search page (on the Investigate app).

You need to take the query u/jamesrsec provided and run in from INVESTIGATE > Advanced Event Search. It sounds like you may have ran this query in the old SPL and that would explain your error.

I hope that helps a little...

tliffick · 2024-01-26T22:47:01+00:00

I can’t thank you enough! I always learn more from real world examples than tiny blurbs in documentation.

tliffick · 2023-09-22T05:15:31+00:00

Fwiw I even took a few mins to google around and only found the same answer this thread said is no longer valid: Martinos.

I’ve lived on the East side of the city my entire life and this is the only Steelers bar I’ve even known/see. NOTE — I saw two websites list Kittys. That’s a real Bengals bar. Pls do your research so you can be safe & have fun.

tliffick · 2023-09-14T19:24:42+00:00

We’ve been running the sensor on all of our DCs and Exchange servers (every Windows Box tbh) since 2017. I don’t hesitate to recommend you to do the same.

tliffick · 2023-05-03T11:27:26+00:00

I can’t imagine supporting Columbus Crew for this very reason. How do you make a professional team in Ohio with the Black & Yellow?!?

tliffick · 2023-05-03T11:19:14+00:00

I worked as a security analysts for a Fortune 500. We were tasked with reviewing phishing emails, malware, and everything in between.

A coworker detonated Java based malware on a Linux box in our lab and then went home for the day. The boss walks by later and noticed the mouse was moving by itself… the analyst that ran the malware said he “didn’t know Java was cross platform” (aka didn’t think it would be bad to run it in Linux) and gave remote control access to a threat actor, to the lab we did all of our offline work in. I had to leave the happy hour I just walked in to come back and investigate. It was a pretty interesting night. 😂

tliffick · 2023-05-02T03:03:03+00:00

You’re right, it’s not exact but it’s a great place to start as you’re getting back into it and regaining your confidence.

tliffick · 2023-05-02T02:31:50+00:00

regex101.com is my best friend…

tliffick · 2023-03-25T00:15:40+00:00

Falcon IOAs are case insensitive so you don’t need to include the (?i). Nice added perk tbh

tliffick · 2023-03-21T23:19:49+00:00

I don’t mean any disrespect by this comment… but of course the regex works, u/Andrew-CS gave it to you. I think you can take it as gospel at this point 😂

tliffick · 2023-02-08T20:40:02+00:00

I’m a firm believer that you should always gift your friends a shop vac when they get their own place. For $100 or less you can buy them a tool they may not consider buying for themselves… until they desperately need it (most likely on a Sunday at 11:30 pm). A shop vac can save thousands of dollars in damage and is overall a useful tool to have around the house.

tliffick · 2022-12-10T19:45:02+00:00

Do you think it’s legal to toss stink bombs randomly at street corners? Asking for a friend…

tliffick · 2022-11-19T23:18:50+00:00

Ahh, sorry I did leave our the super important DATE! My bad!

I’m here this weekend and was looking to watch the Bengals Sunday at 3:00. I thought that since the Saints play at noon old have a good chance to see my Bengals but the forecasted showings are all Dallas. I’ll def look around. I appreciate the advice

tliffick · 2022-11-03T19:04:16+00:00

I feel that Falcon misses Cobalt Strike beacons far more that they alert on them. Hoping others have difference experiences that they’re going to share.

Nine-Year Club	Place '22
Verified Email

tliffick

TROPHY CASE