Recorded Paradox

Shouting into the void, if anyone else can't get paperless-ngx running via Docker compose, the problem was postgres:16-alpine. Deleted the postgres database volume, updated compose to use postgres:17-alpine, redployed and it worked

Just created by #2026 reading and audiobook lists. What are you reading in 2026? 20x #books 8x #audiobooks

Created a proxmox cluster, installed proxmox v9 on a spare desktop, and joined the desktop to the cluster. Now I have a node to run lxcs and a node to run vms.

@FrankLesniak @NathanMcNulty If the DNS queries are transmitted through an encrypted connection, Defender for Endpoint can't see what the requests are. Disabling "Use secure DNS" is similar in purpose to blocking outbound UDP 443 (QUIC) when performing TLS Inspection on network traffic.

Does anyone know what bearing, if any, the "Use secure DNS" setting in Edge has on Defender for Endpoint? The CIS Benchmark for Edge recommends disabling the setting, which I am trying to rationalize. Ping @NathanMcNulty

@VICE the irony of the document containing a missing page being hosted on a server that no longer exists... vice.com/en/article/fou…

Active Directory Hardening Series Part 1 Disabling NTLMv1 techcommunity.microsoft.com/blog/coreinfra… Part 2 Removing SMBv1 techcommunity.microsoft.com/blog/coreinfra… Part 3 Enforcing LDAP Signing techcommunity.microsoft.com/blog/coreinfra… Part 4 Enforcing AES for Kerberos techcommunity.microsoft.com/blog/coreinfra…

@cyb3rops I am waiting for the flood of clients looking to move everything back on-prem. Many won't but others might.

Linux on the desktop is starting to look more appealing by the day - not because it’s getting better, but because everything else is getting worse and piling on features I can’t stand

🔥 hot take: "We're changing to IPv6" is the same as "We're changing to the metric system" but for the current generation.

@techspence Don't forget to link the GPO to an OU. Just don't link it to the domain root or the "Domain Controllers" OU.

Domain Admin shouldn’t logon to workstations. Here’s one way to restrict DA logins to workstations: Create a GPO… Computer Config → Windows Settings → Security Settings → Local Policies → User Rights Assignment → ‘Deny log on locally’ & ‘Deny log on through RDP’ → add Domain Admins Apply to workstations Done. Did I miss anything?

@HackingLZ I must assume your license plate is "zerocool"

Scrolling through LinkedIn, I was reminded that some people in this space really dislike the movie Hackers. I don't understand the hate. Do they actually want to see a 90s kid in their mom's basement, banging their head on a keyboard for days with compiler errors? Instead, the movie gave cool visualizations and made it way more exciting, like most movies do on any topic. Another thing about the movie is that people who had no interest in space at the time watched it and enjoyed it. I randomly meet people, often because of the license plate on my car, who are into it, but know nothing about computers or hacking.

@0xTib3rius Thank you for this knowledge

I don't know who needs to hear this today, but if you hold down Ctrl in Windows Task Manager, it pauses the automatic live-sorting of the table so you can click on the correct process. 👍

@HackingLZ I don’t hear this as often. As “defense in depth” (which was frequently neglected) became “zero trust” (while often not properly implemented has unquestionably resulted in a higher percentage of systems implementing MFA) attackers often need to be right multiple times in a row.

I haven’t heard this in years anyone else still hearing this?

@SamErde I didn’t know anything about this!

Have you heard about the Microsoft Artifact Repository yet? MAR has official container images, application frameworks, and #PowerShell modules. It helps ensure a more secure supply chain than the public PowerShell Gallery can provide. 📦🔏 Read more at day3bits.com/2025-06-20-usi…

@ImposeCost in case you didn’t see his post: “FBI Cyber sits at the intersection of law enforcement, intelligence, and national defense — uniquely positioned to impose cost on our cyber adversaries while supporting victims of cyber crime.” linkedin.com/posts/bleather…?

One of my children picked up a USB adapter (not storage device) and asked if it could be used to steal passwords. That led to, “Well… no but a FlipperZero can if you write a RubberDucky script to do that” along with a discussion about scripting, laws, and ethics.

@0xTib3rius To me those are different words, each having a unique meaning. In some cases one is a better choice than another.

The biggest disagreement in Cybersecurity is what word to use when a vulnerability is fixed. Fixed, Patched, Mitigated, Remediated, Resolved, Addressed, Hardened, Closed, Corrected, Locked Down, Eliminated, Neutralized, Nuked, Yeeted, Exorcised, Banished, Nerfed Am I missing any? 🤓

@acjuelich The pain can be real. I think for organizations where they can’t get synched files under 100,000 in a single root directory and 300,000 files total, Azure Files is a good alternative.

Everyone wants to navigate #SharePoint files via File Explorer but 'sync' causes a lot of performance issues and the OneDrive shortcut can, as well, especially if the site design isn't flat with thousands of files. Yet nobody wants to navigate via the web. What does Microsoft recommend here and how are others resolving this? @SharePoint

@cyb3rops Barracacuda Networks’ Email Gateway Defense filter uses ML but their Impersonation Protection leverages ML and AI to do close to what you described.

I wonder if anyone has already built a proper system or service that uses AI to assess suspicious email messages and rate them based on content and context. Not just some keyword filter, but something that looks at: - the message body and how it’s written - link targets and whether they match the supposed sender - visual elements and layout - attachment names, extensions, MIME types - metadata and header anomalies We’ve tested this internally and the results were honestly impressive. The AI was fast and thorough. The kind of assessment a level 2 analyst might take 5–10 minutes for – done in about 10 seconds. So, has anyone already turned this into a product? Or is everyone still stuck building phishing simulators?

For those who #homelab do you use haproxy, nginx proxy manager, or traefik, and what made you choose that over the others?

@IAMERICAbooted 1

What blog post would you be interested in most? 1. That M365 Role and the Terrible Things You Can Do With IT 2. Modern Phishing Attacks for M365 Initial Acces 3. How to Ransome an M365 Tenant