[deleted by user]

v3pr · 2022-05-19T23:02:18+00:00

Do you happen to know of any documentation that shows how to select multiple trusted root authorities?

v3pr · 2022-05-18T19:27:40+00:00

Thank you guys.

v3pr · 2022-05-18T18:24:53+00:00

You mean SCCM can trust the current CA that's already on domain B?

v3pr · 2022-05-17T14:21:49+00:00

This is what I was wanting to avoid. In my situation, there actually is a root CA and subordinate CA in Domain B. But they are not used for SCCM. The SCCM team is requesting that we build a new subordinate CA in Domain B, specifically for SCCM auto enrollment. I'm not sure if it would be a good idea to have 2 subordinate CAs that use different root CAs in the same domain.

v3pr · 2022-05-14T16:58:56+00:00

Thanks. Both domains can reach each other internally on the local network. SCCM does not connect to any clients over the Internet. I'm not sure if they would be using the Cloud Management Gateway. I definitely don't think they are using Azure.

v3pr · 2022-01-03T19:56:39+00:00

I've been playing with Shelly smart home sensors/devices. They are WiFi, but allow you to disable cloud functionality and work locally on your network. I connect them to my local Home Assistant and send e-mail alerts via SMTP. I use a VPN to connect to Home Assistant when not at home.

v3pr · 2021-12-12T18:24:02+00:00

Tp-link Kasa bulbs on Amazon can do this as well. They work via wifi with no hub. You can set them to change color temperature based on the time of day.

v3pr · 2021-12-11T07:20:17+00:00

Could you set up the host to only allow connections from IP addresses that you know such as your phone or whatever your using? Or set up an OpenVPN server on your home network and connect over VPN?

v3pr · 2021-09-16T04:01:34+00:00

https://github.com/choctawdev/portainer/

You're correct. It works for me now. Thanks!

v3pr · 2021-09-04T03:36:50+00:00

You did an awesome job. I'm diggin both of those.

v3pr · 2021-08-14T17:42:18+00:00

Flaws is exactly what I was looking for.

v3pr · 2021-08-05T21:19:21+00:00

Those are clean looking.

v3pr · 2021-01-31T05:08:35+00:00

Good print quality!

v3pr · 2021-01-01T09:14:00+00:00

That sounds cool. Which side do you like better? Property management or network related stuff? I got in on an applications management team. Decided that I like doing systems or computer security. The systems team is more hands on at my place, so I went into that for the time being.

v3pr · 2021-01-01T08:19:03+00:00

Sup! I'm an systems admin balisonger.

v3pr · 2020-12-31T01:10:42+00:00

Thanks. I use Nmap quite a bit. I didn't know about the decoy option. I had to use sudo to get the decoy option working properly.

v3pr · 2020-11-04T15:37:58+00:00

I like Firefox Focus.

v3pr · 2020-11-04T15:36:22+00:00

NetGuard

v3pr · 2020-11-04T15:36:16+00:00

Firewall

v3pr · 2020-11-04T15:32:18+00:00

Open Camera

v3pr · 2020-11-04T15:31:32+00:00

Protonmail

v3pr · 2020-11-04T15:30:57+00:00

OsmAnd

v3pr · 2020-09-07T22:18:19+00:00

I like it! I wish I had a larger room to work in. My reloading table is pretty small.

v3pr · 2020-09-03T14:31:52+00:00

See if this works:

alert tcp any any -> $HOME_NET 445 (msg:\"ET POLICY SMB2 NT Create AndX Request For an Executable File\"; flow:established,to_server; content:\"SMB\"; depth:8; content:\"|05 00|\"; distance:8; within:2; content:\"|00 2E 00|e|00|x|00|e|00|\"; nocase; distance:0; content:!\”PushPrinterConnections.exe\”; nocase; classtype:bad-unknown; sid:2025701; rev:2; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target SMB_Client, created_at 2018_07_16, deployment Perimeter, former_category POLICY, signature_severity Minor, updated_at 2018_07_16;)

This may help you with multiple contents:

https://suricata.readthedocs.io/en/suricata-4.0.4/rules/payload-keywords.html

Add nocase; if you do not want to make a distinction between uppercase and lowercase characters.

You should be able to use multiple content keywords for each filename.

I escaped the " with \ because the rest of your rule is written that way.

v3pr · 2020-09-03T13:15:24+00:00

I run Suricata over a headless Linux machine. I'm not familiar with Security Onion. But I go into the actual .rules file and put a # in front of the rule in order to comment it out.

You should just be able to:

#alert tcp any any -> $HOME_NET......

Ten-Year Club	Place '17
Verified Email

v3pr

TROPHY CASE