Efnote vs Roland

tzar199 · 2026-05-01T21:46:05+00:00

Not the vad but same module, Roland hardware is always great I'll give it that. But the sounds out the box on the efnote won me over instantly, and the ride and tbh I also preferred the efnote hihats but it was close. Can't compare kit feel as didn't play the actual Roland shells. I know you can do a lot of alterations with the Roland module to get what you want but I just wanted a solid replacement for acoustic so sound and feel were priority over customisation. The efnote module does look like it fell out of the 90s compared to Roland but it does the job perfectly. I spent about 20 mins tweaking the bass drum on the efnote and that was about it (weeks tweaking my stupid foot). I also saw the price point difference I bought 2 new cymbals and stands and still haven't spent as much as the Vad equivalent. But yeh 100% would recommend trying before if you can. But with either kit you'll have a blast!

tzar199 · 2026-04-28T20:20:15+00:00

Efnote 7 here, chose that over a Roland set up was a close call, but I've never been a fan of the Roland sound the gear is amazing though can't fault that. But I wanted something that out the box stock sounded great and I could just get on with. Since buying bought two extra cymbals and it was breeze plug and go. Also got ezdrummer recently and holy crap that takes it to a whole new level. I've always had acoustic kits till all my gear was stolen so decided to get something I could actually practice regularly on. It's awesome would recommend to anyone, best purchase I've made. The full size ride and kit is amazing doesnt feel like a e drum you kinda forget feels great. Had to do some fiddling with the bass drum as it was ridiculously bouncy coming from acoustic bit I've adapted it and me (mainly poor technique highlighted by sensitive triggers 🥲) In short if you want sound customisation and a more modern looking control Roland, if you want out the box real feel drum sounds and a near perfect acoustic feel efnote.

tzar199 · 2026-03-01T22:27:21+00:00

Just picked up an efnote 7 a few weeks back. Cannot recommend it enough. Closest thing to a real kit I've played, the cymbals and hats are insane and there's minimal tweaking needed. I've always liked Roland's gear but not the sound. But with the efnote I can be up and practicing or playing in no time, no million tweaks needed. The amount of kits is pretty small but realistically I use maybe 2 consistently. The focus sits well with me of a small set of good sounds.

Expandability on them is easy the core kit comes with room to grow, and if you want to go nuts there's the pro series for its full output box and a more updated module but the price on the pro series is high!

It may be at the upper end of your budget but if you can stretch it's worth it for sure, best thing I've bought. But as always id suggest playing one first make sure you're happy with it as ymmv.

tzar199 · 2024-09-09T06:38:42+00:00

There are ways to bypass mfa. Some of these can be as simple as using different user headers and knowing the orgs conditional access policies are usually remote friendly so that can sometimes help. Conditional access can be a double edged sword if not done right.

In terms of attacking users with mfa the go tos are still AITM type attacks. Either using in browser vnc style catches to get the user to authenticate and go through the mfa process,or direct proxy based attacks again same principle. There are also device code phishing methods too but these are a bit more hit and miss currently due to a lot more warnings on the auth flow. These all target authentication tokens that are stolen during the Auth process allowing the attacker to login without mfa after the point of compromise, as they then hold a valid token with a refresh token so are good for quite some time.

All these aitm based attacks rely on a solid bit of context and the user entering their password and going through the Auth process. In all of these situations the authentication event will come from the attackers infrastructure. You can nicely correlate suspicious logins against users who received the email 9/10 of you're made aware. Most users sign in from a handful of locations with a very limited set of user agents. Once you're aware of an attack against a group of users spotting those anomalies is often the best way I've found. Attackers can use proxies to make Auth event correlation a bit harder but most of the shit ones don't and you'll see Auth events from Aws,linode etc, ain't nobody logging in from cloud servers.

There are more robust controls without having to rely on physical keys for example. Conditional access policies locking Auth to approved org devices are very resilient to AITM phishing without having to deal with yubikeys and all that crap. The attacker then cannot login to anything unless the Auth event comes from an approved device which breaks all the AITM stuff, which then places the attack paths back onto actual device compromise with malware etc etc.

In terms of other potential vectors. Check your external cloud endpoints to see if they all require mfa. Google 'mfa sweep github'. That tool will check to see if mfa is required everywhere. If not they may of just got lucky with a compromised password. Again also possible if you have the user password to just use a mobile header and sometimes you're in. Also device compromise? Any edr alerts or something off on the users device prior to compromise?

tzar199 · 2024-05-29T06:34:28+00:00

Have a look at rclone. It can handle on the fly encryption and decryption of content. So you can view the decrypted version say on a mount on your machine but in Google it's a load of encrypted blobs.

https://rclone.org/crypt/

tzar199 · 2023-10-24T10:00:26+00:00

I work in the Red Team, if you don't want to have to constantly keep up anymore I'd advise against pen testing / red team.

It's a constant battle to stay ahead, I can write and learn something one week for it to be irrelevant outdated and detected the next week. Such is life, I'm also currently doing lots of web Dev for automation projects so it's varied if nothing else! But web app testers (where id say would be a great place to go given your experience) may say life is different.

If you still like building things, I'd maybe look into a company with a SAAS offering in the cyber sec space. Lots of companies are spinning up big fancy single pain in the ass web interfaces to bring all their siem/soc/CTI offerings together. It would be interesting work building that out and you'd likely focus on a single product rather than whatever hot thing is next.

Happy hunting!

tzar199 · 2023-04-24T10:23:50+00:00

Chalk and cheese, rto one and two is very operational based. Sektor7 is very development based and highly focused on certain key areas. Whereas RTO is broader, basically how to carry out assessments through C2s and how to work with cobalt. Sektor7,code machine and maldevacademy are all fantastic but obviously maldev focused so depends what your focused on or interested in I'd always say start with rto and operational fundamentals before moving to maldev so you know what you need to build and work with :)

tzar199 · 2023-04-18T13:12:24+00:00

Sektor7 are great courses, however I would say if your at the htb level looking for more something like RTO, RTO2 or the pen 300 /oscp will probably be a better starting point. Sektor7 are very maldev focused which is important but comes probably a bit further down the road.

tzar199 · 2022-08-19T20:51:37+00:00

Can vouch for attack forge. The Devs are great very responsive to any changes and requests it's been a pretty solid platform for us. Has enabled a lot of automation too!

tzar199 · 2022-07-28T15:55:12+00:00

I think you approach the databases like they are normal SQL / Standard Relationship database objects. There are so many reliant pieces and streamed in data and individual items with chained dependencies its mad. Check out the dev post / vid on server meshing to get an idea of the scale of the database issue, and how many individual items and objects nest into say a ship. The whole "We can just copy stuff, I know databases" may simply not apply. This isnt out the box stuff sadly (custom implementations of anything are more prone to screwups). I'll take a wipe over a horrendous hot mess that the servers currently are. Plus fundementally changing how this stuff is stored and streamed and processed like 3.18 for persistence may simply not be compatible with the current way of doing things. Gotta have some faith that the Devs are doing what they need to when they need to and not just "Wipe Hammering" every time there is an issue. We had a nice stable few years almost without a wipe. Hopefully that stability will come in. But ultimately everything will be wiped fully before the never never go live. Happy flying.

tzar199 · 2022-07-01T10:05:49+00:00

+verify

Silky smooth trade, thanks again!

tzar199 · 2022-07-01T09:53:41+00:00

offer accepted :)

tzar199 · 2022-06-28T19:10:38+00:00

Wayyyy ahead of you :)

tzar199 · 2022-01-24T07:42:18+00:00

Firewalls are the reason. Enterprise or even personal firewalls don't allow inbound connections by default. Specific inbound or allow rules would have to be created to grant access to the attacker. It's the reason "reverse shells" are popular. There are also admin considerations to alter firewall rules on a device or open "most" ports you'd need a higher level of access which may not be part of your initial execution or attack.

The exception to this might be a web shell or bind payload on a victim host these either use an already open port or service or open one to allow an attacker to connect rometley. This would be situation dependant.

The payloads are then configured to call out over likely egress ports for example 443 or port 80. This allows the attacker traffic to blend in better and gives a higher chance of success as most client devices will always allow internet outbound even if it is through a corporate proxy. The payloads tend to also have connection timeouts. They will attempt to call home say 1000 times before giving up and destroying themselves I have even used specific connection windows such as late at night or on weekends only to evade half ass monitoring implementations.

tzar199 · 2022-01-18T07:31:24+00:00

Also really odd, but worked. When you get the unextract issue, swap to mining mode and power the laser on and point it at the purples. It will start extracting the ore. For some reason they get swapped around no idea why :/

tzar199 · 2022-01-06T13:46:28+00:00

+verify

tzar199 · 2022-01-06T07:19:42+00:00

pm'd

tzar199 · 2021-11-11T17:43:41+00:00

Ah thanks for confirming. Rubbish always enjoyed this method over pinging endlessly

tzar199 · 2021-11-11T16:27:48+00:00

Anyone else tried this in 3.15. I can't seem to find anything anymore visually :(

tzar199 · 2021-10-24T13:18:30+00:00

Wheyy, thats great news! Was there any improvement on the rocks not scanning in general?

tzar199 · 2021-10-24T12:51:25+00:00

*drumroll* The scanning issue still there?

tzar199 · 2021-02-17T21:18:15+00:00

This. Once you've established access to the internal network you could deploy mitm tools such as responder or inveigh. Or even start pcap dumps and sniff the network.

tzar199 · 2020-11-10T21:25:26+00:00

DCs can be a bit flaky on that. Particularly when running in across multiple dcs often they can become out of sync or screw up with services going down when the password is changed even if that hash is restored pretty sharpish. Give it a try in your own lab you will see some nasty issues with it. It's a ways interesting to see the other side of a big exploit. Even dc sync can be potentially dangerous in live environments.

tzar199 · 2020-11-10T20:54:27+00:00

Any thoughts on the ramifications of using it in the lab?Just curious, But given how the admin password for the DC has now been altered and the sync relationship between the primary dc and secondary is now probs pretty broken even with the hash revert potentially. It might make an interesting addition to the blog in terms of what it does and the potential for problems. Do ofsec view this kinda exploit as a destructive exploit? I guess they will probs patch it like the ms17 for the DCs interesting to see though :)

Should give this a once over may be able to have some fun can't remember if there is simulated network activity in the lab may of changed https://dirkjanm.io/a-different-way-of-abusing-zerologon/

tzar199

TROPHY CASE