Sign in

Hello everyone. I was debating putting this writeup on another site, but I settled with keeping it on medium for the time being. My latest writeup is going to cover how I got re-started with reverse engineering android APK’s.

Now I’m a Microsoft fanboy, it’s no big secret. I’m all about their vision of making the bigger picture of technology available and accessible to everybody. From Hyper-V virtualization technologies, the Windows ecosystem with 11 coming soon, to Azure’s sprawling cloud infrastructure, and I’m even hooked on the IDE of Visual Studio Code.

When I began looking at an android application…

Hello folks, the next topic we’ve been taking a look at has to do with MultiFactor Authentication or MFA for short.

Recently CISA has added single factor authentication to its list of account provisioning that should never take place. This is a major step forward for getting MFA rolling across the industry. However, some consumer awareness still needs to be maintained on keeping each part of the MFA scheme secure. https://us-cert.cisa.gov/ncas/current-activity/2021/08/30/cisa-adds-single-factor-authentication-list-bad-practices

I intended to make this a long and investigative blog, but I’m releasing it as a footnote due to this decision and some attitudes about “password-free” login.

Everyone has…

Researcher’s footnotes: a sailcloth adjustment.

Hey folks, just wrapped up my exam with MS365 SA and I wanted to post some thoughts that I’m allowed to share on the coursework and journey.

On the course material through microsoft learn, there was a section talking about how cloud app security detects and logs mimikatz activity on the network. Microsoft’s stance and adaptation of mitre attack framework through sentinel playbooks was also on display. That was the stuff I was engaged in, getting trials for and getting my hands dirty building out.

A good portion of the content I reviewed alongside that…

Hey folks, I’m back with another writeup on Azure services. Now that I’ve concluded most of the learn courses and textbook work, I’m at a level where I’m ready to prepare for the first of 2 tests on Microsoft 365. I honestly do not feel as ready as I could be for the upcoming exam, but with of intense focus, and pairing it with the adjacent Azure 365 labs, I think I can make this dual cert plan work. The format for the blog this month is services I’ve configured with problems worked around, followed by my pentester/attacker perspective on…

This blog could just say “Studying for Microsoft 365 Security Associate certification by building an Azure AD connect Active Directory server while poking at Powershell” and it’d be basically done and done. How am I going to put a spin on this? Stick around and find out.

Break out the pen and paper! Yes, pencil and paper, like old school engineers used. I find that when I study, forcing myself to slow down and scribe makes me better retain the topics at hand, so I need to go very deliberately through my training resources in order to get the details…

Good evening everyone. It’s been a long yet productive day and I’m doing my darndest to get this post out before we hit the brick wall of Monday. I’ll go over this post as needed to clean up links and formatting later on. First up, our update for the month.

This month has been exploratory once again. I challenged myself to utilize visual studio code, finding the ins and outs of Node, React, Next, Docker, Eslint and Graphql. …

Hello folks!

So Windows 11 launched this week, and that means every single tech outlet on the planet scrounging to review the latest build, 22000, and beat everyone else to the punch. I myself am no different, having migrated my VmWare home lab to Microsoft Hyper-V via virtual disk imaging (Azure, you’re next!) But that’s not all I did, I also looked at some of the functionality of Microsoft’s older protocols. Windows server 2022 was launched this past year in march of 2020. Within it, the default setup contains all sorts of local-headed default configuration goodies. …

Hello all,

This week was a rough one, full of on the fly learning and adjustments. The following two takeaways describe it well.

If you don’t know the answer to a problem, search and ask it out.

&

If someone else can’t fix a problem, offer to help fix it yourself.

Anyway, I spent time learning Next.js through an online discord and conference by setting up node on my virtual system. I handled NPM and NVM configurations, looked at after dozens of essential plugins for logs, network connections, debugging and much more. …

An all too common line for all sorts of software.

Here’s an interesting thing I’ve noted on between my headaches, FAQ’s and service desk interactions. I stumbled onto this all too common line and thought for a moment. “Permit our software to bypass your A/V software please.”

Well sure thing. It’s probably a false positive right? The software is just there to be annoying right? What is this actually teaching people about their AV software’s effectiveness? It’s teaching them to throw it in the trash, because our use case testing is for wankers.

This I feel is part lazy and part misleading about software downloaded from the internet, especially software…

Hello everyone, this week’s a short blog to try and keep people engaged to my writing instead of leaving it as desolate as it has been. As an update, I’ve passed my annual CompTIA exams and can continue to pursue IT and infosec topics for another 1000 days. I’m incredibly thankful for the people who have surrounded and encourage me to get to this point and go beyond from here. I turned a small thank you into a blog post. If you have free time, feel free to read through it.

I digress to this week’s topic.

The hot button…

Masq31

Web security blogger, Lifelong IT learner, Community first

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store