What Are You Doing Right Now

siringo

chillin' to Hendrix.

DustinB3403

Finishing up two exchange rebuilds from last night. IE Checking the migration status and making sure everything is working smoothly.

gjacobse

Omg- domain to domain migration day two,.. they’ve managed to make a planet from a mole hill. This is going to take several hours to sort out,.. and the started it at 3pm yesterday.... and it’s 76deg F in the building.

DustinB3403

@gjacobse said in What Are You Doing Right Now:

Omg- domain to domain migration day two,.. they’ve managed to make a planet from a mole hill. This is going to take several hours to sort out,.. and the started it at 3pm yesterday.... and it’s 76deg F in the building.

Use Forensit for the user workstation migration. That'll make your life so much easier.

Dashrender

@DustinB3403 said in What Are You Doing Right Now:

Finishing up two exchange rebuilds from last night. IE Checking the migration status and making sure everything is working smoothly.

Rebuilds?

DustinB3403

@Dashrender was I unclear?

Dashrender

@DustinB3403 said in What Are You Doing Right Now:

@Dashrender was I unclear?

I just wanted you to expand upon that - why where you doing Exchange rebuilds? I'm not entirely sure what an Exchangae rebuild is - an Exchange server died, so you have to rebuild it and restore from backup?

or was it a new Exchange server replacing an old one - so it's really more of a migration?

just looking for convo more than anything.

hobbit666

Can't remember.............................. so many little projects to many distractions.

hobbit666

Does anyone here run internal Vulnerability scans internally? What do you use?
I'm playing with Nessus and Nexpose at the moment just wanted to see different options.

I have also setup a Wazuh server and deployed some agents.

DustinB3403

@Dashrender said in What Are You Doing Right Now:

@DustinB3403 said in What Are You Doing Right Now:

@Dashrender was I unclear?

I just wanted you to expand upon that - why where you doing Exchange rebuilds? I'm not entirely sure what an Exchangae rebuild is - an Exchange server died, so you have to rebuild it and restore from backup?

or was it a new Exchange server replacing an old one - so it's really more of a migration?

just looking for convo more than anything.

Because of Microsoft's recent zero-day we found several customers who had been compromised with additional scanning utilities, since this has been an evolving ordeal.

We previously patched and closed the doors but the "hacker" was technically in.

So we built several new VMs for different clients last night, installed exchange and migrated the users over.

DustinB3403

@hobbit666 said in What Are You Doing Right Now:

Does anyone here run internal Vulnerability scans internally? What do you use?
I'm playing with Nessus and Nexpose at the moment just wanted to see different options.

I have also setup a Wazuh server and deployed some agents.

Greenbone Security Assistant (the open source one) is likely what you'd want to setup and use.

There is a Github repo that has a "1-click" installable on Ubuntu Server.

Dashrender

@DustinB3403 said in What Are You Doing Right Now:

@Dashrender said in What Are You Doing Right Now:

@DustinB3403 said in What Are You Doing Right Now:

@Dashrender was I unclear?

I just wanted you to expand upon that - why where you doing Exchange rebuilds? I'm not entirely sure what an Exchangae rebuild is - an Exchange server died, so you have to rebuild it and restore from backup?

or was it a new Exchange server replacing an old one - so it's really more of a migration?

just looking for convo more than anything.

Because of Microsoft's recent zero-day we found several customers who had been compromised with additional scanning utilities, since this has been an evolving ordeal.

We previously patched and closed the doors but the "hacker" was technically in.

So we built several new VMs for different clients last night, installed exchange and migrated the users over.

same domain or new domain? If the same, how do you know the invaders can't hop onto the new box?

gjacobse

@hobbit666 said in What Are You Doing Right Now:

Can't remember.............................. so many little projects to many distractions.

I have all these migration follow -... hey look, the 3D printer finished,....

gjacobse

@DustinB3403 said in What Are You Doing Right Now:

@gjacobse said in What Are You Doing Right Now:

Omg- domain to domain migration day two,.. they’ve managed to make a planet from a mole hill. This is going to take several hours to sort out,.. and the started it at 3pm yesterday.... and it’s 76deg F in the building.

Use Forensit for the user workstation migration. That'll make your life so much easier.

If only we had a choice!

DustinB3403

@Dashrender said in What Are You Doing Right Now:

@DustinB3403 said in What Are You Doing Right Now:

@Dashrender said in What Are You Doing Right Now:

@DustinB3403 said in What Are You Doing Right Now:

@Dashrender was I unclear?

I just wanted you to expand upon that - why where you doing Exchange rebuilds? I'm not entirely sure what an Exchangae rebuild is - an Exchange server died, so you have to rebuild it and restore from backup?

or was it a new Exchange server replacing an old one - so it's really more of a migration?

just looking for convo more than anything.

Because of Microsoft's recent zero-day we found several customers who had been compromised with additional scanning utilities, since this has been an evolving ordeal.

We previously patched and closed the doors but the "hacker" was technically in.

So we built several new VMs for different clients last night, installed exchange and migrated the users over.

same domain or new domain? If the same, how do you know the invaders can't hop onto the new box?

Same, and because this exchange vulnerability is executed against the exchange system account and we've checked and no accounts have been added/changed or removed.

Others that are old are being looked at with a fine tooth comb.

Dashrender

thanks for posting the link to the scanner.

Dashrender

@DustinB3403 said in What Are You Doing Right Now:

@Dashrender said in What Are You Doing Right Now:

@DustinB3403 said in What Are You Doing Right Now:

@Dashrender said in What Are You Doing Right Now:

@DustinB3403 said in What Are You Doing Right Now:

@Dashrender was I unclear?

I just wanted you to expand upon that - why where you doing Exchange rebuilds? I'm not entirely sure what an Exchangae rebuild is - an Exchange server died, so you have to rebuild it and restore from backup?

or was it a new Exchange server replacing an old one - so it's really more of a migration?

just looking for convo more than anything.

Because of Microsoft's recent zero-day we found several customers who had been compromised with additional scanning utilities, since this has been an evolving ordeal.

We previously patched and closed the doors but the "hacker" was technically in.

So we built several new VMs for different clients last night, installed exchange and migrated the users over.

same domain or new domain? If the same, how do you know the invaders can't hop onto the new box?

Same, and because this exchange vulnerability is executed against the exchange system account and we've checked and no accounts have been added/changed or removed.

Others that are old are being looked at with a fine tooth comb.

OK good that no other accounts were added - privilege escalation is the major worry here to allow them to make new accounts on the domain.

hobbit666

just wondering. I'm spinning up a new Ubuntu server.
Does anyone encrypt the drive(s)?

Obsolesce

@hobbit666 said in What Are You Doing Right Now:

just wondering. I'm spinning up a new Ubuntu server.
Does anyone encrypt the drive(s)?

I do. You should always have your data encrypted at rest.

WrCombs

patiently waiting for the "hey we know that March madness is going on right now, and we forgot to get these Drink Specials programmed for this weekend.. " calls to start rolling in with the games starting at 11:15am CST.