What Are You Doing Right Now

scottalanmiller

@dbeato said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

Another fun day of ransomware remediation.

Another one?

Same one, got hit again because they didn't go to full scorched earth. It was a calculated risk. They know the attack vector now, though, it was identified as one of their non-IT vendors who is also in the same boat.

Internally, it was AD to spread. So they've removed AD to secure the environment.

siringo

@scottalanmiller said in What Are You Doing Right Now:

@dbeato said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

Another fun day of ransomware remediation.

Another one?

Same one, got hit again because they didn't go to full scorched earth. It was a calculated risk. They know the attack vector now, though, it was identified as one of their non-IT vendors who is also in the same boat.

Internally, it was AD to spread. So they've removed AD to secure the environment.

which ransomeware is it?

nadnerB

@scottalanmiller said in What Are You Doing Right Now:

@dbeato said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

Another fun day of ransomware remediation.

Another one?

Same one, got hit again because they didn't go to full scorched earth. It was a calculated risk. They know the attack vector now, though, it was identified as one of their non-IT vendors who is also in the same boat.

Internally, it was AD to spread. So they've removed AD to secure the environment.

If you mark admin accounts as sensetive in AD, you CAN slow it down/ stop it in its tracks as it can't impersonate admins and spread further/as fast

scottalanmiller

Just hung up the phone. My part is done, at least for now.

dbeato

@scottalanmiller said in What Are You Doing Right Now:

@dbeato said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

Another fun day of ransomware remediation.

Another one?

Same one, got hit again because they didn't go to full scorched earth. It was a calculated risk. They know the attack vector now, though, it was identified as one of their non-IT vendors who is also in the same boat.

Internally, it was AD to spread. So they've removed AD to secure the environment.

AD like a VPN or RDS?

scottalanmiller

@dbeato said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

@dbeato said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

Another fun day of ransomware remediation.

Another one?

Same one, got hit again because they didn't go to full scorched earth. It was a calculated risk. They know the attack vector now, though, it was identified as one of their non-IT vendors who is also in the same boat.

Internally, it was AD to spread. So they've removed AD to secure the environment.

AD like a VPN or RDS?

Nope, Just AD.

dbeato

@scottalanmiller said in What Are You Doing Right Now:

@dbeato said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

@dbeato said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

Another fun day of ransomware remediation.

Another one?

Same one, got hit again because they didn't go to full scorched earth. It was a calculated risk. They know the attack vector now, though, it was identified as one of their non-IT vendors who is also in the same boat.

Internally, it was AD to spread. So they've removed AD to secure the environment.

AD like a VPN or RDS?

Nope, Just AD.

a non-IT vendor I get it but it is so vague lol

WrCombs

Just getting back in due to being out sick for last 3 days last week, Had my brothers wedding this last weekend.

dafyre

@WrCombs said in What Are You Doing Right Now:

Just getting back in due to being out sick for last 3 days last week, Had my brothers wedding this last weekend.

Hope you are feeling better!

WrCombs

@dafyre said in What Are You Doing Right Now:

@WrCombs said in What Are You Doing Right Now:

Just getting back in due to being out sick for last 3 days last week, Had my brothers wedding this last weekend.

Hope you are feeling better!

lots better, I started feeling better Friday , after i was up half the night Thursday. Crazy stomach bug.

Dashrender

@scottalanmiller said in What Are You Doing Right Now:

@dbeato said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

@dbeato said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

Another fun day of ransomware remediation.

Another one?

Same one, got hit again because they didn't go to full scorched earth. It was a calculated risk. They know the attack vector now, though, it was identified as one of their non-IT vendors who is also in the same boat.

Internally, it was AD to spread. So they've removed AD to secure the environment.

AD like a VPN or RDS?

Nope, Just AD.

How was this and AD issue?

hobbit666

Wondering if this would make an OK(ish) Lab server.
2019_03_04_14_43_31_Dell_R610_2x_X5690_3.46GHz_Hex_Core_96GB_5.4TB_HDD_Configurable_PowerEdge_Server.png

Dashrender

@hobbit666 said in What Are You Doing Right Now:

Wondering if this would make an OK(ish) Lab server.

Sure - but why have your own box? why not just spin up some Vultr instances?

hobbit666

@Dashrender Main reason is i want to test, Apps, Servers OS, Logging, Security, Pen Testing, stuff easily between all the VM in a isolated "Lab"

Have just found a HP Server for £150 (2x Xeon Hex Core, 128GB RAM )

Dashrender

@hobbit666 said in What Are You Doing Right Now:

@Dashrender Main reason is i want to test, Apps, Servers OS, Logging, Security, Pen Testing, stuff easily between all the VM in a isolated "Lab"

Have just found a HP Server for £150 (2x Xeon Hex Core, 128GB RAM )

The problem with any server class machine will be the noise of the fans.

hobbit666

@Dashrender I've got a server room to hide it in

travisdh1

@Dashrender said in What Are You Doing Right Now:

@hobbit666 said in What Are You Doing Right Now:

Wondering if this would make an OK(ish) Lab server.

Sure - but why have your own box? why not just spin up some Vultr instances?

Because he's like me, and wants to run about 50 different things, which adds up quicker than you'd think.

@hobbit666 That looks like an ok home lab box. I recently picked up a used server for a home lab myself. Mine is an R620, 2x E5-2660, 96GB RAM (24x4GB) PERC H710. I picked up 4 500GB SSD to put in it. It's frankly overkill for what I'm doing and have planned for it, but that just means I can experiment with more things. I say go for it.

hobbit666

@travisdh1 Spot on
I've been looking into Elsatic Stack, Cyber Security, Pen Testing etc etc. Doing this on a laptop/desktop soon bombs out.
Don't want to do this on works network incase

So i thought buy a "Lab" Server and do what i want

scottalanmiller

Morning conference call.

scottalanmiller

Dealing with Merchants & Professional Collection Bereau who is committing financial and medical fraud.