Mastodawn

@Viss JFC. The Corp I work for is currently moving to cloud. 4k-ish servers. Why? Who the fuck knows. It's a clusterfuck doing the move, and shit will get missed and we will be compromised. But, as long as the checks clear...

@Lightfighter want help?

@Viss I'm way too small a tail to wag a Fortune 200 dog. And we are half way through the transition. Just a very different world than I'm used to.

@Lightfighter it was worth a shot :D

@Viss I appreciate it. Just bitching. It's a mess of on-prem, Azure Entra, GCP hosting. I'm on the AD team, but the Entra and GCP IAM teams are doing their own things. And we just recovered from a ransomware attack last year, but haven't remediated everything yet because everyone is busy with move to cloud.

@Lightfighter i guess one tip would be to get all the hostnames for all your stuff and make sure none of that shit is publicly listening on 389. a couple years ago i got up on stage at hackcon in oslo and ran some ps1 that swept the entire ms .no datacenter space and tickled entra. i got usernames, groups, printers, etc.. which is 'below default security for entra', meaning people disabled default shit.

@Viss I'm monitoring what the cowboys in Entra are doing. Working on pulling the GCP audit logs. I'm going from contracted LogRhthm sme to IAM team member in charge of certs and pki and tech lead for the AD SysAdmins. No network diagrams, SNow as the inventory(nearly worthless), so I have my work cut out for me. On the positive side, there are some great people trying to make things right.

@Lightfighter youre gonna be busy :D