Philip Elder

10.3K posts

Philip Elder banner
Philip Elder

Philip Elder

@MPECSInc

Microsoft MVP '09-Present. We design & build HA solutions for on-premises, data centre, & hybrid. Workload Migration Specialists. Active Directory Security.

Alberta, Canada Katılım Ağustos 2011
415 Takip Edilen2.7K Takipçiler
Sabitlenmiş Tweet
Philip Elder
Philip Elder@MPECSInc·
Azure Local and Storage Spaces Direct Lab Setup From top to bottom: - Ubiquiti UDR7 -- Wi-Fi access and Switch Management - Ubiquiti PRO XG 24 Switches - NVIDIA/Mellanox SN2410 Switches - AIC Industrial PC 1U 2-Node Server - APC NetShelter 24U - 4x Intel Server Systems R2224WTTYS Servers - 2x Tyan AMD EPYC Rome/Milan Servers - 2x APC 2200VA Network Managed UPS Systems - APC 1U Switched PDU Node Networking - 2x NVIDIA/Mellanox ConnectX-4/5 25GbE Dual-Ports - 2x Intel X557/X540/X550/X710 10GbE Dual-Ports Node Storage - 5x 12Gbps Toshiba/KOXIA SAS SSDs - 2x RAID 1 Intel Enterprise SATA SSDs The Rome/Milan Servers are actually a different lab setup thus they are not plugged in at the moment. There are three more identical units on the To Build List. The online systems will be moved into our server closet once we have everything set up and ready for workloads. Then we will finish the Rome/Milan build, rack, and plug everything in. We're starting with Storage Spaces Direct (S2D) on Windows Server Datacenter 2025 using Server Core. RDMA will be via RoCE for the storage fabric. Once we have confirmation that all ports are lit and good to go everything will be tied down and tidied up.
Philip Elder tweet media
English
0
0
8
368
Philip Elder
Philip Elder@MPECSInc·
@guyrleech Heh ... I don't speak that language very well. ;-) The primary reason being it's so complicated with such a steep learning curve ... that's always changing.
English
0
0
0
18
Guy Leech
Guy Leech@guyrleech·
@MPECSInc Because I'm doing non-persistent Entra only short session duration AVD with one user type and don't need the complexity and overhead of Intune
English
1
0
1
27
Philip Elder
Philip Elder@MPECSInc·
ACTIVE DIRECTORY: USE GROUP POLICY! SCRIPTS ARE SO NT4! To deal with logon scripts we can use: - Group Policy Objects and OU Structure -- Deploy almost all software via .MSI -- Printer deployment in Active Directory --- Computer/Machine targeted for us -- Windows Firewall 3 Profiles ON -- Windows Firewall Logging ON -- Windows Firewall Protocol Exception Pop-Up ON - User Security Environment -- Fine tune access to all Forest/Domain resources! - Group Policy for Operating System Settings -- WMI Filtering FTW - Group Policy Preferences -- Enable Extensions and Hidden Items -- Create Folders on user's systems -- Create Folders on RD Farm Session Hosts -- Item Level Targeting for Preferences And so much more! I personally can't think of _one_ reason to use a script over Group Policy Object setup and Group Policy Preferences setup.
spencer@techspence

There's another logon script abuse that I found on a recent internal pentest. Wasn't able to abuse this due to not having the required permissions on NETLOGON.; Here's what it is... 1) A logon script is defined in a user(s) scriptPath attribute 2) but it doesn't exist anywhere in NETLOGON 3) and the attacker has the ability to create the logon script somewhere in NETLOGON Here's some of my logon script research from a few years ago 👇 offsec.blog/hidden-menace-…

English
5
3
33
4.7K
Philip Elder
Philip Elder@MPECSInc·
FRUSTRATION: BEING TOLD MICROSOFT HAS DISCONTINUED SOMETHING ... WHEN THEY HAVEN'T BECAUSE CLOUD FIRST No, Microsoft has _not_ discontinued Microsoft Dynamics 365 Business Central Essentials/Premium (D365 BC) on-premises. We've run into a Cloud First IT Consulting Company that has pushed that and justified it by stating that Microsoft has discontinued licenses purchases for D365 BC. See what they did there? While this is true, that perpetual licenses have been discontinued, what was neglected to mention was that D365 BC on-premises was indeed still available but only through the Cloud Solutions Provider Partner Program. That is, by subscription only. Why is this a problem? The company that is looking to migrate their Dynamics Great Plains to D365 BC is a cloud averse company. The owner prefers to keep everything they can on-premises. Indeed, that was the original request to Cloud First IT. Instead, the resulting proposal, and quote, was a push to put the entire setup in Microsoft's cloud. That's outright dishonest. Offering _both_ options to a company that is primarily cloud native would be our go-to with the understanding that they would probably choose to put the service in the cloud. And that's okay. The same goes for a company that prefers to have their IT on-premises. If both options exist then both options should be on the table. Once all of the information is on the table the business owner/decision maker should be the one to ultimately make up their mind on what direction to head in! Indicated page in the snip: techcommunity.microsoft.com/discussions/bu…
Philip Elder tweet media
English
0
1
3
212
Philip Elder
Philip Elder@MPECSInc·
LEGACY REMINDER: HYPER-V IS THE MOST STABLE HYPERVISOR THERE IS! This little box kept on and on minding its own business holding up a legacy app all on its lonesome. Remember: It's _Risk_ versus _Reward_ when evaluating for a client's needs how to deal with legacy apps that can cost six or seven figures to "update" from the vendor. Proper network segmentation and Active Directory Group Policy security including Windows Firewall setup means this little box keeps humming along generating revenue for the client all the while safe from prying eyes. And yes, that's over 5 years! Not bad eh? ;-)
Philip Elder tweet media
English
1
4
8
396
Philip Elder
Philip Elder@MPECSInc·
@DanielLubel Where Group Policy Objects leave off is in Group Policy Preferences. I'm interested to know if there is a real need for scripts anymore. Both GPOs and GPPs pretty much do it all.
English
0
0
0
10
Daniel Lubel
Daniel Lubel@DanielLubel·
@MPECSInc I think the main reason is GPOs are not versatile enough for everything. Its great for static configuration, but a script may be better when you need something dynamic like "if the user is out of storage at logon, open a ticket at the IT helpdesk system" or something similar
English
1
0
0
41
Philip Elder
Philip Elder@MPECSInc·
@IAMERICAbooted Good point. One of the reasons we locked down then locked out VBS and macros virtually everywhere. I still hate logon scripts. So many variables to figure out why they were not working.
English
0
0
1
13
EZ
EZ@IAMERICAbooted·
@MPECSInc 😆 🤣 😆 🤣 😆 This was before ransomware. But I know you know everyone did that even after ransomware became a thing
English
1
0
0
81
Philip Elder
Philip Elder@MPECSInc·
My EGO Tripped Up with a Humility Lesson Yeah, I get it. The following is the lesson I learned to help folks make the necessary changes without crushing anyone's ego. The lesson has stuck with me and enabled me to be parachuted into the most elite of IT teams and come away with them really enjoying our time together. ;-) *** I've seen ego blow-outs in the automotive repair shops, warehouses, engine reman plants, construction crews, and here in IT as well. A couple decades ago a contractor pulled me aside one day in the middle of a project, "Philip, you are f*cking killing me here man!" Me: Huh? C: You're lack of tact and expectations are unreasonable. Me: Oh? * Reflects on the last couple of days ... oh :-( Me: Okay, what do you suggest? C: Lighten up, check the ego at the door, and start pulling the team together. Me: Okay Later ... Team: Wow man! You changed mid-stream and we've really enjoyed the change and working with you! What I learned: - Be humble - Assess - Ask questions - Disarm - I'm here for you ... - Delegate tasks to peeps that can do them well - Compliment them .. always - Ask more questions - Provide constructive feedback - Eventually the team gels and I never have to mention what my expectations are! Educating can be a fun experience. When it comes to Active Directory and Group Policy it's actually not too difficult to get buy-in once the changes are seen in action! The keys are simplicity and ease of troubleshooting down the road. Scripts are, and always have been, a bear to manage!
spencer@techspence

@MPECSInc “It’s the way we’ve always done it”

English
2
2
6
1.7K
Philip Elder
Philip Elder@MPECSInc·
This is an absolute gem on separating what we _do_ from who we _are_ because we are _not_ what we do! I love it! Well Done!
vx-underground@vxunderground

Nah, I have to share some of my personal experiences for a second. I saw a few newer people in information security share some code, or ideas they had, on social media. They retracted their posts, or code, because of criticism they received. This wasn't one singular person, to my surprise I saw like, five noobies sharing stuff. Very cool. Let me tell you something, stinky new people: yes, people online are mean. They are very mean. I have been BOILED ALIVE by stinky nerds online. I have been called every synonym for idiot you can imagine over the past ... uhhh, 21 years of doing malware related stuff. And because this is the internet, and we're connected across the globe, I've had the pleasure of being called an idiot (or something similar) in English, Spanish, French, Russian, Mandarin, Hindi, Arabic, Portuguese, and more. While these people are not nice, I very sincerely recommend filtering out the negative verbiage and focusing on the underlying message (if applicable). It is a skill that you'll need to adapt and grow in this field. In the "hacker" sphere, intellectuality is like, the thingie people value the most (or at least claim to). Hence, if you share something it will be heavily critiqued. When you share something, whether you explicitly say it or not, you're inviting your peers for feedback. You WILL receive feedback, good or bad, and you will have to learn to handle it, process it, or learn from it. Someone say your code is trash? Good. That is an opportunity to improve. Someone criticize you for leaning heavily on AI? Good. Use AI as a tool to learn and stop using it as much. Someone misunderstood what you said and called you a bad name? Good. Use that as an opportunity to practice improving your phrasing and writing. Someone say your idea is repetitive and has been done before? Good, you discovered an idea for yourself, learned about an existing idea, and now you know how to find more ideas.

English
0
0
0
301
Philip Elder
Philip Elder@MPECSInc·
My EGO Tripped Up with a Humility Lesson Yeah, I get it. The following is the lesson I learned to help folks make the necessary changes without crushing anyone's ego. The lesson has stuck with me and enabled me to be parachuted into the most elite of IT teams and come away with them really enjoying our time together. ;-) *** I've seen ego blow-outs in the automotive repair shops, warehouses, engine reman plants, construction crews, and here in IT as well. A couple decades ago a contractor pulled me aside one day in the middle of a project, "Philip, you are f*cking killing me here man!" Me: Huh? C: You're lack of tact and expectations are unreasonable. Me: Oh? * Reflects on the last couple of days ... oh :-( Me: Okay, what do you suggest? C: Lighten up, check the ego at the door, and start pulling the team together. Me: Okay Later ... Team: Wow man! You changed mid-stream and we've really enjoyed the change and working with you! What I learned: - Be humble - Assess - Ask questions - Disarm - I'm here for you ... - Delegate tasks to peeps that can do them well - Compliment them .. always - Ask more questions - Provide constructive feedback - Eventually the team gels and I never have to mention what my expectations are! Educating can be a fun experience. When it comes to Active Directory and Group Policy it's actually not too difficult to get buy-in once the changes are seen in action! The keys are simplicity and ease of troubleshooting down the road. Scripts are, and always have been, a bear to manage!
spencer@techspence

@MPECSInc “It’s the way we’ve always done it”

English
0
0
2
462
Philip Elder
Philip Elder@MPECSInc·
I love running. Always have since I started in my tweens. Short legs means I am well below my age average for a 5K time so I run against myself. Today, I beat 30 minutes which was my goal when I started. Had I shaved a bit off that first 1KM I'd have beat 29!!! Some of the benefits of regular runs: - The post run high is crazy good! - My wife's amazing cooking and deserts are unlimited - My calorie burn on run days levels everything out - Sitting/Reading heart rate: 55bpm - Sleeping heart rate low: 48bpm - My sleeps are shorter but much deeper and fulfilling - Thinking is crisp and clear One of the key indicators of cardiovascular health, to me, is head on the pillow and hearing that BUD ... DUMP .... BUD ... DUMP when I'm in peak condition. The heart sounds amazing! There are times when I don't run for months. Then the heart sounds like Wiff WIFFF ... Wiff WIFFF. It's wild how the muscle changes with, or without, exercise. Running also keeps the lungs in tune which leads to my voice being clear. I love to sing and do so regularly though no choir due to time demands in the business and fam. The worst thing to hear is when I'm walking up a flight of stairs with someone chatting and by the time we get to the top they are wheezing big time while my breathing rhythm hasn't changed at all. :-( Time is precious. We can't take it back. Some of it needs to be invested in my heath. My 2016 accident taught me that. Health is just as precious. And, it's a part of my obligation to my wife, family, and clients to make sure I do all that I can to be there for them!
Philip Elder tweet media
English
0
0
2
178
Philip Elder retweetledi
vx-underground
vx-underground@vxunderground·
"Hey smelly, I work for (company), we had a threat actor phish an employee and use ScreenConnect to get access to their computer. The Threat Actor then dropped a .exe on the computer. Our AV/EDR stopped it, but we don't know what it is. Do you want to see?" > yes, absolutely, give me goopies > give malware > download > look inside > position independent c code > points to section of memory > xor'd several times > un-xor's thingie in memory > creates process of random thingie > pauses process of random thinie > hollows out process > puts goopies it extracted from itself into it > resumes process > lol process hollowing from embedded payload > payload not in .exe section > payload in .rdata mixed with other stuff > omg w/e fine, make me work > run the goopie > bonk with stick > find thingie it hollowed out > grab the magic goop from it > yay > look inside > another .exe > ok, .exe has .exe hidden inside, runs random .exe and puts secret .exe inside it > look at secret .exe thingie > c#.net .exe > ok lol > look inside > has hidden .exe inside it > omfg why bro are you doing this to me > pull .exe out of hidden .exe (im on secret .exe two now) > dies > base64 encoded the .exe internally > omfg why bro > base64 decode second secret .exe internally > get the goopies > second .exe is actually .dll > heavily obfuscated c#.net > really annoying me now > check virustotal > second mystery .exe (actually .dll) never seen before > look inside more > sniff sniff > sniff sniff > PURE-RAT > attributed to suspected Vietnamese Threat Actor group > matches known tactics, techniques, and procedures of group > matches details from Trellix and Huntress > group still evolving > went from noobs to doing p good malware My Brother in Christ, your organization is (probably) being targeted by a known Vietnamese Threat Group
vx-underground tweet media
English
60
154
4.1K
102.2K
Philip Elder
Philip Elder@MPECSInc·
@rbf8493 @madaomoshiroi YES! Wren. Tiny Bird. Big Freaking Voice. 05:15 to 05:30 every freaking morning in the tree beside our bedroom. It's decided a fir tree near the end of the property is a better location. Good for it and for me.
English
1
0
8
184
rbf8493
rbf8493@rbf8493·
@madaomoshiroi Not at fucking 5:45 in the morning on a weekend it doesn't.
English
4
0
20
6.4K
まだ面白い
まだ面白い@madaomoshiroi·
周波数432Hzの鳴き声を持つ小鳥 この音はセロトニンなどの幸せホルモンの放出を助け、血圧や心拍数を自然に整えてくれる効果があるらしい...
日本語
273
8.6K
52.9K
1.6M
Philip Elder retweetledi
spencer
spencer@techspence·
By default on Windows11 everything you've ever copied to your clipboard is saved in the "clipboard history." Super fun right! :D It saves images, text, urls. To disable it, go to Settings > System > Clipboard and toggle it off.
spencer tweet mediaspencer tweet media
English
14
26
165
17K
Philip Elder
Philip Elder@MPECSInc·
@whitypedia AI won't help with this much either. The permutations are "Gut Feel" level tied in with a long term experienced "Wisdom" and perhaps a slathering of libations along the way. ;-)
English
0
0
2
86
AClitheroeKid
AClitheroeKid@whitypedia·
@MPECSInc Just wish the Young ones would learn this, then I can stop repeating myself and retire a happy IT guy 🤗
English
1
0
0
88
Philip Elder
Philip Elder@MPECSInc·
ACTIVE DIRECTORY AND GROUP POLICY GEMS - Software Restriction Policies - Item Level Targeting - GPO Scope Filter via WMI * Great for targeting a single OS - GP mandated Windows Firewall _LOGGING_ * I hate it when someone asks, "Have you turned the Windows Firewall OFF?" - Mandatory UAC on the Secure Desktop for All - GP Scoped by Security Group Membership * Remember to give Authenticated Users READ - GP Scoped by OU membership *** Familiar with CSS? GP + OU structure = same same GP + OU TIP: A properly structure OU and Group Policy Object setup will _NEVER_ require a BLOCK INHERITENCE! DEFINITIONS GP = Group Policy OU = Organizational Unit CSS = Cascading Style Sheets
Philip Elder tweet media
spencer@techspence

Active Directory security features a lot of people still don’t know about, despite being around forever: - LAPS - Fine-grained password policy - Managed Service Accounts - Authentication Policies & Silos

English
2
9
83
5.4K
Philip Elder
Philip Elder@MPECSInc·
@T3chFalcon Some of us are "old" enough to remember the BlackBerry spat with a certain government to open up their encryption. BB refused ... until they didn't(?). A worldwide BB outage that lasted days followed that spat ... then silence on the subject. Needless to say, BB no more.
English
0
0
0
232
IT Guy
IT Guy@T3chFalcon·
The EU just passed Chat Control today. Here's what it is, what happened, and why 2.0 is the one that actually matters. What is Chat Control? a regulation that lets online platforms scan private messages for child sexual abuse material (CSAM). Framed as child protection. critics call it mass surveillance infrastructure because a system built to scan for one type of content can scan for anything. the timeline: → March 2026: EU Parliament voted to let Chat Control expire. 307-306. one vote. → April 3: the law expired. legal basis for scanning gone. → July 2: EU Council repackaged the same proposal and brought it back → July 7: Parliament fast-tracked it using a rarely-used emergency procedure 331 to 304 → July 9 (today): passed. extended to April 2028. the procedural trick: by using the second-reading procedure, the Council forced Parliament into an impossible position — to block it, they'd need 361 votes, an absolute majority of all MEPs, not just those present. timed for the last session before summer recess. the EU's own Legal Service had already said the proposal violates the EU Charter of Fundamental Rights. didn't matter. what it actually scans: Instagram DMs, Discord, Snapchat, Xbox messaging, Gmail, iCloud Mail. End-to-end encrypted apps like Signal and WhatsApp are not directly affected; voluntary scanning can't work on messages platforms can't read. yet. YET: Chat Control 2.0, the permanent version, is still in negotiation. it would: → require mandatory scanning, not voluntary → target encrypted messages directly → allow detection orders without a court order or reasonable suspicion → include mandatory age verification across messaging platforms if 2.0 passes in its current form, end-to-end encryption in the EU is functionally over. the global implication: when the EU creates legal infrastructure for scanning private messages, authoritarian governments use it as a template. and any backdoor built for Brussels is technically a backdoor for anyone who can access the same system.
IT Guy@T3chFalcon

EU tryna revive chat control? 😳🤔

English
14
132
317
28K
Philip Elder
Philip Elder@MPECSInc·
In my automotive days: Hmmm, why is it running funny? In my Small Business Server Days: What, you didn't use the Wizards? Say it isn't so! In my Hyper-V Cluster Days: Um, that design ... is not resilient! won't perform the way you expect it to! will fail in X, Y, and Z ways! ETC. ETC. ETC. The more things change the more they stay the same! ;-)
Deep@DeepStarts

"I only took 3 days to build SAAS with 0 coding knowledge using AI. Developers are obsolete." Their build:

English
0
0
2
372