pwrflcat

If you are installing defender for identity and your servers don’t support the v3.0 sensors you should update them. If you can’t, then for the love of god install the DefenderForIdentity powershell module and save yourself the nightmare of manual configuration.

@HimugLamuh @kmcnam1 @gnukeith I will if it is installed already =)

@Darkwebcomputer @kmcnam1 @gnukeith no you don't

holy fuck

@HimugLamuh @kmcnam1 @gnukeith I use edge btw

@kmcnam1 @gnukeith you kids wanna hear a scary storry?

@jiratickets You guys are dumb I’m learning how to code in Chinese.

started learning how to code, just in case

Stryker no wiping

@_MG_ @joegrand Do you read it with a laser on the chip?

My friend @joegrand did it again. He’s not just recovering millions in crypto wallets, but also unveiling messy relationships, betrayal, etc. A very entertaining watch reminiscent of the start of a murder mystery. He’s also upgraded from voltage glitching to electro magnetic (EM) glitching. It’s sort of a very complicated Jedi Mind Trick on chips. Here’s a high level explainer: Let’s say the hardware wallet has a max pin retry limit. And it’s coded like this: if attempts >= MAX_ATTEMPTS: lock_device() Inside the chip, the values of attempts and MAX_ATTEMPTS are just bits. 0s and 1s. Literal voltage levels that are low or high. Stored in tiny transistor circuits. When the processor reads them, those electrical states travel through logic gates that perform the comparison. Normally the comparison works fine. But what if you could reach inside the chip and disturb those electrical signals right at the moment the chip is doing that comparison? That’s what EM injection allows. It’s essentially just a few loops of wire held over the chip and a very fast bust of voltage is sent through it. It’s not as simple as it sounds though. You have to discover: - the exact moment in time during execution - the exact physical spot on the chip package - the right distance from the chip - the right pulse voltage - the right pulse duration - the right probe geometry The search space is HUGE. An exponential needle in a hay stack. If you are really familiar with hardware, you can narrow things down, but it’ll still take weeks of searching even after you have automated it. And even after all of that, there is still risk to the wallet across all the steps. Hell, the wallet could be somewhat damaged before Joe even gets it. And tons of people end up not even having the crypto they thought they had. Imagine if one of those people ends up with a dead wallet and blames Joe for it, all while incorrectly thinking they had millions. 😬 youtu.be/MhJoJRqJ0Wc

@_winter_wonders What if we add a couple of hands to it? Like holding open a portal to the internet.

it looks like a recording icon so they can tease their new product, PalantirCam

@DanBalitewicz @NathanMcNulty Often I don’t think it is intentional. They don’t know how to setup the enrollment config correctly in tons of orgs.

@NathanMcNulty Never ever ever ever install a corporate MDM solution on your personal device. But this is some shady shit companies are doing.

"Executives had personal phones wiped because corporate MDM was installed on their private devices!!" Wiping devices is honestly the least concerning thing a TA could have done with that level of access... TAs don't honor the "we won't look at you stuff, pinky swear" IT policy

@IAMERICAbooted Alone even

@IAMERICAbooted I know hehe. You aren’t along brother. I feel your pain with enforcement scopes and whatnot.

Things your Intune Admins manage: A. Scripts and 3rd party app configs. This includes your security stack :] B. Device groups and filters C. CSP, ASPX, OMA-URI configs D. Who can login to each device E. Device certificates F. Device networking G. Adding managed devices H. Device compliance policies F. Device authentication G. Device certificate authority configs H. Federation configs I. Custom roles and RBAC J. Device cleanup rules K. Device wiping L. Device Connector Configurations M. Device enrollment configs N. Azure Join or Hybrid Configs O. Bulk enrollment tokens P. Device supervision Q. Mobile phone data security R. DEP S. Device Encryption T. Remote Access U. Device performance monitoring V. Office App Configuration (think Macros) W. Browser Configurations X. LAPS Y. ASR Rules Z. Firewall Rules And so much more but I ran out of letters 😋

@IceSolst Muh shitbox

Idk how to convey the emotional significance of a Miata to future generations

Me: let’s buy the users FIDO2 keys for $30 CFO: no that’s too expensive let’s buy them $1,000 iPhones and configure Microsoft Authenticator as FIDO2

@ZackKorman Possibly the best and worst year of my life thus far

The lack of enterprise infosec experience will definitely be a problem for AI cybersecurity startups (mine included!) But the good ones will try to learn and engage seriously. If you get a chance to work for or even with one of those, you absolutely should take it.

@trshpuppy Not me I just get drunk and misspell things.

People on this app actually sit around and create fake scenarios in their heads so they can get pissed off and yell about them.

@NotNordgaren Above my pay grade. They are always going out to lunch with clients and eating things. Different life.

@Darkwebcomputer But product managers don't consume tokens... LLMs consume tokens. If the product managers are eating them, they're useless!

My AI Architect told me product managers keep eating our tokens so I asked how many tokens we get and he said he just goes to the Anthorpic and gets more tokens so I said it sounds like he’s just feeding tokens to product managers and then our CFO started crying.

Cat distribution system is undefeated.

@manelrodero @merill Yeah I had started reading the documentation but got distracted. Merill is correct pretty sure about it finding usage for stuff and putting them in place but I can’t find the learn document.

@Darkwebcomputer @merill thank you This is what we were looking for to create them in the tenant where they are not. However, we will continue without knowing why one tenant had them and the other did not. Mysteries of the Microsoft world.

In our production tenant we have some conditional access policies managed by Microsoft. These policies are not in our test tenant. Is there any way to activate your creation? thank you

Morgan Freeman: It was not in fact fixed

@AzureSupport You just got it fixed. 15 minute outage whole region no communication. Not the best look.

@Darkwebcomputer Thank you for contacting us! Please send us a direct message with more information about your concern, so we can look into it further. You can use this link to connect with us: msft.it/6010QYCmn. We’re here to help! ^AV twitter.com/messages/compo…

@AzureSupport come on guys you can’t give bullshit metrics and pass SLAs. Central Log Analytics has been down for 10 minutes. Change the portal. Be honest. Tell us what’s up.