@UK_Daniel_Card @MikeTalonNYC @grok I wonder if it’s a local hosts file to from google.com to forcesafesearch.google.com
English
Nathan
541 posts
Nathan
@N1FFN4FF
Cybersecurity enthusiast. Cat enthusiast. Dog enthusiast. Things I can pet enthusiast. Occasionally builds useful things and shares them.
Cyberspace Katılım Ağustos 2018
67 Takip Edilen9 Takipçiler
@N1FFN4FF @MikeTalonNYC they have had that flag for ages. the http request will contain a unique user agent (most likely)... @grok how does safari indicate safe search mode to google?
English
@MikeTalonNYC @UK_Daniel_Card To your point, did you know it enforces Safari to signal to Google that Safe Search is on and cannot be disabled? The browser experience pre and post age verification is not the same. How long before that applies to other sites?
English
@UK_Daniel_Card Sweet Jesus...
Just don't do the freaking check - you'll still be able to use a web browser to watch cat videos.
English
Nathan retweetledi
English
Notepad++ had a security incident, their download page is 'interesting......
#SlavaUkraine
(but from corporate security point of view I'm still wondering what my actions should be.... there's been no IOCs released)
mRr3b00t@UK_Daniel_Card
'The incident began from June 2025. Multiple independaent security researchers have assessed that the threat acotor is likely a Chinese state-sponsored group, which would explain the highly selective targeting obseved during the campaign.' #NotepadPlusPlus #Notepad #Compromised #Cyber #Incident
English
@olafhartong @Sysinternals I agree with Defender’s assessment. This is not a go-to tool and can leak lots of things like registry information, user accounts and EDR processes. Then I just need to pickup the sysmon operational log with a single lolbin command.
English
I'm sensing some internal debate incoming at @Sysinternals and the MS Defender team :P
Just installed Sysmon on a dev machine, not even remotely trying to do anything malicious.
English
@RajGoel_NY @merill Would guess it’s the same. No effective impact until you enable the CA policy. In my experience any CA policy is the value of mitigating something vs the impact to business operations. Determine your business stakeholders and implement these, regardless if your tenant is old 😊
English
If I had to secure a Microsoft 365 tenant in a hurry, this is what I would do (just five steps)
1️⃣ Go to setup.cloud.microsoft
2️⃣ Sign in as admin
3️⃣ All guides → Deploy CA policies
4️⃣ Select Zero Trust category
5️⃣ Select all and deploy
spencer@techspence
For those using Microsoft 365, what are your goto Conditional Access policies that help protect against the impact of stolen credentials? Feel free to share your favorite strategies or configurations!
English
@NathanMcNulty @guiratcom I’d also add it implies the presence of IIS. If I saw this folder under C on an endpoint during an investigation, I’d maybe start getting worried. It does actually have me wondering how many detection tools look for activity coming to/from this folder. Thanks for posting.
English
@guiratcom It's like leaving a blank paper on a counter
It's not really hurting anything, but it's annoying to look at when it is serving no purpose
English
⚠️ Please do not delete inetpub ⚠️
This is the fastest solution they could come up with to a privilege escalation vulnerability in the update stack that results in SYSTEM privileges
If you delete it, at least deny write on the root of the drive
msrc.microsoft.com/update-guide/v…
Sami Laiho@samilaiho
April update adds an empty C:\Inetpub
English
And the docs for this are now live, and we can see it requires Security Reader or higher to use this feature
Speaking of which, I am absolutely loving all the changes over the last year to show the least privileged roles for these types of things :)
#policy-impact-preview" target="_blank" rel="nofollow noopener">learn.microsoft.com/en-us/entra/id…
English
This is huge!!! We can now see the impact a policy would have had historically without ingesting sign in logs to Azure Monitor 🤯
There's a new Preview on CA policies that provides insights on a per-policy basis, and the way they implemented this is so elegant and fast. I love it! :)
English
This week I’ve experienced so much change and that’s a lot to process. I find myself berating me because I have run 3km instead of 4km at the gym; for the first time I’ve been able to make it this week.
And yet, do I thank myself for just making it to the gym? Self care people.
English
@KyleJGlen Does this imply that censoring is happen after token generation? If so, it would would suggest the bias is not in the models itself, right?
English
@NathanMcNulty I think the ‘extra stuff’ is also part of the problem. Don’t have a license to use a product; MS still puts the option for you to click on it. Not saying Workspace doesn’t do the same, but I find MS suffers more because of its expanse. Results in an overwhelming experience 😕
English
@N1FFN4FF Workspace is definitely easier to manage, but not as easy as it used to be
I definitely think it's easier and a better fit for smaller orgs and those who don't need all the extra stuff in Microsoft land
English
What blows my mind is the education sector, which buys millions of devices a year, begged Microsoft for a ChromeOS alternative, and they gave us Windows RT
But they'll do it for Windows 365 to sell a few thousand overpriced boxes to businesses...
PatRyk@Patrosi73
The entire Windows 365 Link OS shell is a WebView, including the OOBE, initial login screen, CTRL+ALT+DEL menu (!), and the actual RDP session. It's literally a Chromium OS. everything is chrome in the future..
English
@NathanMcNulty @ITguySoCal Nice! Thanks for the clarification. Looks like the method that uses Global Secure Access is the best for least faff. Every day is a school day.
English
@N1FFN4FF @ITguySoCal V1 was based on headers, V2 is based on Cross Tenant Access Policies which is handled at the Authentication Service
Since Azure subs require authentication to an Entra tenant (afaik), the sub would have to be in an allowed tenant per our policy
English
@ITguySoCal M365 tenant restrictions should still apply to Azure afaik
It's controlling which tenants you can authenticate to, so if you are limited to only your tenant, then you can only access subs in allowed tenants
The one catch is SAS tokens or non-identity based auth
English