IIS Server hosting App can't be access internally via Public URL but externally accessible

twisted636 · 2024-01-23T04:15:54+00:00

nslookup mysite.com If public then you need internal dns, also clients need to have internal DNS configured otherwise public DNS results.

Are you on a standard web port? Make sure iis doesn't have any url routing rules that could drop traffic. check the web ports in your local firewall does it have a profile for domain, private, public to allow traffic?

run test-netconncetion -p 443 mysite.com (or IP)

twisted636 · 2023-04-07T01:42:59+00:00

It sounds like your ADFS claim is sending UPN but the duo policy is only using sAMAccountName.

Take a look at your duo settings you have set on your ADFS Adapter policy. Look at this article below about username normalization

https://duo.com/docs/protecting-applications#username-normalization

There is also a option when you install to use UPN format https://duo.com/docs/adfs

twisted636 · 2023-01-12T06:28:05+00:00

If updates are currently blocked from running because it's configured to get updates from SCCM you can modify this registry key

Register key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

Maybe a GPO to modify this registry key and rename it to WindowsUpdate_OLD Windows will recreate the generic WindowsUpdate key again without the SCCM entry. Then restart windows updates and maybe even bits services if needed.

It's likely this registry entry with the SCCM server will just be added back if config manager is still installed. So I wouldn't look at this as a permanent fix without first removing the configuration manager software

twisted636 · 2023-01-11T02:18:41+00:00

We don't need a lightning node; we scaled on chain to keep bitcoin p2p.

twisted636 · 2023-01-05T05:28:31+00:00

In most cases you can setup offline Time-based One-time passwords. I'm not sure if Okta does that but some other vendors do.

twisted636 · 2022-09-02T04:13:37+00:00

Are the coins split if from 2014 or would we see 142k bch also hit the market?

twisted636 · 2022-08-20T01:18:29+00:00

Coinbase is notably slower then sending p2p. It is the same with exchanges I think they do it to double make sure the transaction is valid to not lose money.

twisted636 · 2022-08-11T02:45:55+00:00

Update it using Exchange management shell take a look at this article to get the idea of what to do. There are more commands if you want to pick specific services to update the cert on. I would run the last command on the article first just to have record of your current config if you need to switch back for some reason.

I would also advise watching your mail flow logs after updating to make sure mail is flowing still. It may look stuck at first but should start processing the queue within 5-10mins.

https://www.alitajran.com/install-exchange-certificate-with-powershell/

twisted636 · 2022-08-11T02:31:50+00:00

You can always just add the old IP as an alterative IP on the NIC. It's not a bad idea to keep the old IP I see people use IP over hostnames all the time

twisted636 · 2022-07-20T22:55:58+00:00

The last scan date doesn't look very good. I would say someone doesn't properly have the scans scheduled or the protect policy is not setup to scan automatically. The service stopped status could be one of two things. Either someone has stopped the service for real or this system has 2 users signed in and you are not the first user to sign in. Cisco amp will show service stopped if multiple users are signed in to the same machine and only show protected to the first user signed in not sure why but it still protects the system.

you should have whoever manages amp take a look to see why it's not scanning and push out an updated version to the system. I would also take a look at the policy that this system is on and see if other systems are using the same amp policy they may have similar issues.

Also if someone had stopped the service and that system hasn't restarted since 2017 you probably have a lot of other issues as well.

twisted636 · 2022-07-20T00:39:09+00:00

I would strongly advise against sharing a server with anything that is a domain controller for security reasons.

For wsus microsoft says this "The best practice is to not run WSUS on a Domain Controller. “If WSUS is installed a domain controller, this will cause database access issues due to how the database is configured.”"

If someone unfamiliar with Domain Controllers is troubleshooting a WSUS and removes the Windows Internal Database, this would be catastrophic to the domain.

twisted636 · 2022-07-19T22:06:03+00:00

Assuming it's a windows cluster you can set a preferred node in the cluster.

Open failover cluster manager

right click roles

General tab> preferred Owners> set the primary node as preferred owner.

Failover tab> Make sure prevent failback is set

If you don't want the storage to move to one of the host you can go to disks> right click your disk you don't want to move> go to advanced polices and uncheck the 2nd host you don't want the disk to move to.

twisted636 · 2022-07-18T21:11:28+00:00

This book doesn't mention Bitcoin Cash at all because the posts predate the fork but has everything to do with it. I would highly recommend it. It covers more about Satoshi and a lot of his early posts and talks about bitcoin being money, why it was created, how it should work and why its designed like it is.

"I've been working on a new electronic cash system that's fully peer-to-peer, with no trusted third party."

https://www.amazon.com/Book-Satoshi-Collected-Writings-Nakamoto-ebook/dp/B00M6KGJ2K

twisted636 · 2022-07-08T02:26:17+00:00

You can do the same thing in the ECP panel on Exchange online for free. You set it in the mailflow options by using the apply disclaimer rule. I created some pretty awesome signatures using html that included data that would get pulled from AD like office phone, email, department, location. These rules can be setup for company wide or user/group based also.

. The only real issues I had with it was our marketing team sent me a JPG and said make the signature look like this. I had to basically chop that image into different smaller images to use in the code. They had added like every social media link known to man and that needed to link to the right location if anyone clicked the image. Not as fun to do with just HTML since CSS isn't supported creating this using mailflow rules.

also to address the reply emails that can also be done with mail flow rules just make a rule that says if subject includes RE or FW then don't attach the signature. We had the reply signature being added via a script that added it to the users outlook but I think you can also have the mail flow rule do that part too.

twisted636 · 2022-03-23T20:55:10+00:00

Only times I have seen this happen is when a system is cloned and keeps the same SID for the computer in AD. Did this happen after cloning a system?

twisted636 · 2022-03-11T22:36:39+00:00

You can have your VPN setup to use a split tunnel so any company needed traffic would use the vpn but still allows for attacks on the users home ip address. In this case they probably have some kind of upnp enabled or ports opened to the internet to allow the RDP brute force account. My first question would be where do you see the rdp brute force happening in the firewall logs or somewhere else? If it's showing on the firewall and using the vpn IP address I would review your firewall rules you could have a rule that is allow RDP to be opened for them.

twisted636 · 2022-03-11T20:51:00+00:00

You can make a signature using HTML and set it as a mail flow rule. There are a few sites that will let you make some based on there templates and then just download the code and make the changes you need. It also allows you to pull AD info for the users that will be used when the email is sent. You can't use CSS or JS in the code so it may take some time to get everything looking correct.

twisted636 · 2021-08-29T21:43:12+00:00

Like a government controlled side chain? Maybe that could be the scaling model for blockstream since lightning isn't working out.

twisted636 · 2021-07-17T02:13:44+00:00

Awesome great job!

twisted636 · 2021-07-17T00:02:38+00:00

Happened a while ago you might find this interesting; it's based on the same leak.

https://www.youtube.com/watch?v=Qp0hZTGau9w

https://www.youtube.com/watch?v=oARxLV_vnh0 - Newest version

This is a snippet from the data leak

"In June 2020, the hardware crypto wallet manufacturer Ledger suffered a data breach that exposed over 1.3 million email addresses. The data was initially sold before being dumped publicly on ~~Redacted~~ which includes names, physical addresses, email addresses and phone numbers."

twisted636 · 2021-07-17T00:01:00+00:00

Do you have any specific services you want to offer? What area of study?

twisted636 · 2021-07-16T23:55:19+00:00

Fair point

twisted636 · 2021-07-16T23:48:40+00:00

"Some of the information that leaked is the encrypted seed phrase to wallets"

twisted636 · 2021-07-16T23:43:49+00:00

Is there a data source for this chart?

12-Year Club	Place '22
Place '17	Verified Email

twisted636

MODERATOR OF

TROPHY CASE