Mastodawn

@patrickcmiller and still only @Viss recommends putting #ExchangeServer behind #HAProxy with #mTLS

@sassdawe @patrickcmiller your first thought regarding exchange should be to look up cherenkov radiation and how it works. and treat your exchange server like the reactor. and also never ever, under any circumstnace let it touch the internet. proxy email to it through a postfix store and forward server, and setup haproxy/mtls for anything that wants to talk to it. for anything. including rdp.

@Viss @patrickcmiller we can and should run exchange on the gui less Core Edition of Windows Server, let's confuse the attacker in case they get in 😜

@Viss you know, I actually looked into a training reactor once and saw the blue light with my own eyes 😃

@sassdawe did you see ms08067 or any exchange vulns? :D

@Viss I can't remember, started reading about it.

@Viss ok, so I didn't remember this one, but I am also not stupid 😅
I used to operate TMG servers at at university.

@sassdawe i would have hoped that seeing the blue light directly would have a subcarrier wave that transmitted eldridtch knowledge directly into your brain :D

like seeing bugs before they get a cve, or are turned away by some dumbshit 24 year old analyst at mitre whos never seen a computer before but gets to decide what is and isnt a bug

@Viss I mean... I did give some tips to a red teamer in the past and when three later the Russian were using it in the wild this was me:

@sassdawe yeah thats sorta the thing with redteaming. the second you find a cool new thing or technique, eventually someone who wasnt supposed to sees the report and it leaks to attackers

gary Nov 4

@Viss @sassdawe don't put the best things in the report - save it for when you need it. is this practice unethical? call it needed gray area. wrap up first report and then escalate to expedited service rates for the clincher - that is ethical and appropriate #IJ goode

@Viss actually there was no report, they didn't have time or didn't consider it as a reasonable approach