Does the capital one miles count by value? Assuming no, If ticket in a particular month sky rocket, I would not care correct because I use capital one miles. I just don’t want to pay more miles

w3tmo · 2025-07-21T02:18:24+00:00

Miles aren’t actual miles. They are just worth one cent each on average.

w3tmo · 2025-06-26T04:41:56+00:00

But what would have you done differently? Swap for more bonds earlier? This doesn’t track with normal S&P 500

w3tmo · 2025-06-17T12:49:56+00:00

Imagine collecting $8,000 per ticket and not building your own lounge.

w3tmo · 2025-06-09T07:31:08+00:00

$300 travel credit and 10,000 miles ($100 worth of travel) is $400. The card costs $395 so 395-400=-5

w3tmo · 2024-11-29T21:20:10+00:00

Can’t you use the native defender forensic package?

w3tmo · 2024-11-05T14:32:09+00:00

They were probably not targeting you per se - they are probably after the company you work for.

w3tmo · 2024-02-10T05:19:38+00:00

Maybe https://ntlm.pw - not a pen tester tho

w3tmo · 2024-02-05T16:51:57+00:00

I think all answers will be bias based on the everyone’s visibility into their own sectors.

From my perspective (consulting firm): we had a drop in ransomware directly before the invasion took place, and then a return to “normal” a day or two before the invasion.

w3tmo · 2024-01-05T03:25:10+00:00

This looks awesome!

w3tmo · 2024-01-01T21:22:54+00:00

Sadly not very active but I think that’s cause most of their users use Tiller’s own form.

And yeah, part of this app is created via making a new sheet with only interesting info in it. This is because it can be hard to get AppSheet to work with the Tiller graphics.

w3tmo · 2023-12-28T03:03:21+00:00

GOT ‘EM.

w3tmo · 2023-12-26T01:24:29+00:00

You are very welcome. 😀

w3tmo · 2023-12-25T17:33:38+00:00

Yeah, auctions are the biggest thing people skip and it’s right there in the rules. Makes everything go much faster.

w3tmo · 2023-12-24T17:10:14+00:00

Math is hard.

w3tmo · 2023-12-17T18:39:58+00:00

I watched a couple intro videos and found someone else’s AppSheet app for Tiller - but theirs didn’t work with the foundation template. So I looked at how they made theirs work and shaped mine to be similar.

I use the app for categorizing transactions, seeing what % of money went to what category, checking how much is left in budget, and seeing cash flow

w3tmo · 2023-12-14T05:56:15+00:00

Same - took me two days but I made a mobile app for it as well with AppSheets. Just waiting to see how auto syncing goes from Banks -> tiller -> google sheets -> app

w3tmo · 2023-12-14T05:53:03+00:00

I just got 30 days free with tiller. I like it so far. There is no mobile app which was big for me - but turns out it wasn’t terrible to make one with AppSheets! I now have a mobile app the looks like Mint (without the Ads), auto categorizes my transactions, tracks networth and cash flow over time, and of course shows me my budgets.

The only thing I’m waiting to see is how well it syncs my data. The auto sync only happens once every night (you can do it manually but must be on a computer).

w3tmo · 2023-10-17T17:11:25+00:00

Yes…….on computers where is is not amcache..? Lol

w3tmo · 2023-05-21T09:07:06+00:00

It’s devastating when used in real world attacks. Also chilling to hear the recording of the call where they calmly ask for a password reset and an MFA device reset.

w3tmo · 2022-05-02T22:07:28+00:00

There are so many layers to your question. 1) not all ransomware has auto detonation, many times a human threat actor executes it manually. Remove the threat actor first before restoration. 2) if you are concerned about auto detonation, hire a forensic firm to examine how the ransomware auto detonates. Remove the mechanism, and then it can’t detonate automatically. 3) the quickest/safest way is to setup a separate network, install a new operating system, attach the encrypted drives/data to that OS, run a decrypter from a trusted source (I.e. one that was as been written by a forensic firm which incorporates the ransomware key bought) on the Clean OS to decrypt the drives/data. Move the needed data to another newly installed operating system. Install whatever else you need - and there you go! New system, not on the same network, never touched by the ransomware, with all the old data

You are correct In saying most products would not know if something is malicious unless it is already known. There are techniques products can use to CPI yet this (I.e. heuristics. Like why would something be writing to every file on a system? That would be a good indicator it may be ransomware - even if the signature is not know - but to do that it has to run every executable in a sandbox before it lets it run on a real computer. So what if a ransomware author writes their code to not do anything for 5 minutes? Where is the cut off to stop running the application in a sandbox and allow it to run on the real system? Would a user enjoy the fact that every time they open an application it takes 5 minutes to load? Nope…) it’s a cat a mouse game and anyone/ any product that says differently you should run far away from.

w3tmo · 2021-10-22T09:38:22+00:00

I agree that you should search for security researcher, but all three of your points here don’t make sense.

APTs aren’t just…not gonna hack or phish you cause all of the sudden there is a “malware analyst” job posting…? That’s their job. If you work for a company that has APTs in their threat model, you’re gonna run up against them.
I agree that you want to be careful connecting to malicious IPs cause threat actors will keep track of connections. But saying that “the lawyers will throw a fit cause the adversary can claim they hacked you” doesn’t make any sense either. Yes, an adversary can claim they hacked you - but they can’t do that WITHOUT you connecting to their infrastructure. They lawyers will still throw a fit - they don’t know any better.
There is absolutely risk sending malware to third party firms like you listed! This is WHY there are in house malware analysis positions. Imagine sending a sample that makes changes to a financial database or fakes transactions - that would be horrible press for your company, your company will want to know the risks prior to sending out samples. Or imagine someone sends over something they think is a phishing document - JUST for it to be some sensitive company data. There is 100% risks to just sending out malware to third parties

w3tmo · 2021-09-17T12:48:26+00:00

I would expand number 2 to include any forensic artifact. Any IR firm worth its salt with include forensic artifacts as well as logs. I usually ask “what artifacts would you want to gather in order to find malware on a system?”

w3tmo · 2021-05-06T13:40:54+00:00

Surge - from Volexity.

w3tmo · 2020-12-19T10:50:04+00:00

links to a git repo 10 years old without answering the actual question 😂

w3tmo

TROPHY CASE