Fun fact I made a typo in sysmon-config many years ago, when I was working in Helpdesk.

I got my shot and was hired to the big firm with the big fancy expensive tools I would've never dreamed of.

Do you know what I find in that tool, auditing it?

My typo. They pasted it in. They just... copied the whole thing.

I sit at my desk. And I realize I was always enough.

Oh look, the exact thing everyone but Google said would happen has happened.

https://futurism.com/artificial-intelligence/google-ai-overviews-media

Look me in the eye and tell me any amount of money—let alone a massive loss—is worth this.

This technology is anti-human.

https://www.cnn.com/2025/11/06/us/openai-chatgpt-suicide-lawsuit-invs-vis

Today I learned: Using diskshadow to fetch the NTDS.dit. As mentioned several times, I love reading the HTB writeups from 0xdf because I always learn something new. Like here [1]:

"To dump the domain hashes, I’ll want to get the C:\Windows\NTDS.dit file. Unfortunately, this file can’t just be copied as it is locked and in use. I can access it via a shadow copy, which I’ll generate with diskshadow and this script:

set verbose on
set context persistent nowriters
set metadata C:\Windows\Temp\0xdf[.]cab
add volume c: alias 0xdf
create
expose %0xdf% e:

and pass it [the script from above] to diskshadow:
C:\programdata> diskshadow /s C:\programdata\backup"

Attackers love vssadmin, and so do the EDR vendors. How about diskshadow? We tested the attack flow in our lab with various EDRs, and the results were .. interesting. Would the command above trigger an alert in your environment?

And here, for reference, is the corresponding lolbas article [3]

[1] https://0xdf.gitlab.io/2025/09/19/htb-baby.html
[2] https://raw.githubusercontent.com/elastic/protections-artifacts/b5a0c1956d0aa92e2f44156bc9983c25ddc817d1/behavior/rules/windows/credential_access_credential_access_via_known_utilities.toml
[3] https://lolbas-project.github.io/lolbas/Binaries/Diskshadow/