This message was deleted.

I have a customer, who's been using WDAC for quite some time. They just had a pentest and a couple of user-writeable paths were flagged. They advised us to look through WDAC and remove the ability to execute executables from these paths. Including the users own desktop. Anyone has a hint, as how to configure WDAC to remove that ability?

RCE bug in TCP/IP module: • CVE-2024-38063 (CVSS 9.8): 0-Click RCE Affects All Windows Systems https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063

Hi, curious if anyone has a best practices list for configuring MS Defender in VDI environments?

Does anyone know of a good ticketing/monitoring tool that allows importing vulnerabilities from various scanning software into one platform for centralized management and ticket creation?

that would be cool

if the ticketing solution could digest a CSV then many Vuln scanners can export to that to make tickets so it could be automated but don’t know of any integrations

I would be surprised if Service Now didn't have something.

Service Now is too expensive. but I have heard it has, but not practical at all

The reason I’m asking is that I might start developing this software and would like to see how many people/companies would be interested in it.

Maybe this Nucleus. Never heard of it before.

seems similar idea.

how big is the need for this

I would like to speak with people who are responsible for vulnerability management to learn how they are handling it and how they have solved it

i like the concept, the service now edition is crazy i think it has to integrate with tenable

i worry that can you make it cost effective enough for a customer that isn't intersted in serviceLater

Service now is very expensive. I have heard even higher than VMware Broadcom and other licences combined.

I’d like to find a few companies interested in paying for this kind of tool and developing the product with me, so I can create something that truly meets their needs.

I have officially found my favorite Windows Security Feature. Microsoft Defender SmartScreen won’t allow Microsoft Outlook (new) to launch.

Can someone share their Sentinel One configuration for non-persistent VDI? I’m experiencing perfomance issues in almost every project with Sentinel. Never experienced this performance gaps with Crowdstrike or Defender:

Can someone sanity check this for me please. In our enviroment events.teams.microsoft.com stopped working you get a blank white screen and nothing else. When i have investigated using the chrome developer options i see CSP (Content security policy violations) where javascript is unable to run from https://wcpstatic.microsoft.com see screenshots . When i check the CSP http headers for https://events.teams.microsoft.com the url https://wcpstatic.microsoft.com is listed under script-src as a trusted domain to run javascripts from. The issue we have seems to stem from Zscaler performing SSL inspection on https://wcpstatic.microsoft.com as when i go to that URL i see the Zscaler certificate being used which in turn changes the Origin URL to the Zscaler url + original url see screenhot and because this URL isnt allowed in the CSP the request is blocked by the browser. My security team are telling me its a local client browser issue !!! but i am pretty certain its a Zscaler issue and all they need to do is turn SSL inspection off for that URL where the javascript file is located. Using a CSP chrome add-in to strip out the CSP header the page loads fine

How looks your Jumphost hardening? The Jumphosts are accessible via NS GW and all CTX Security Policies like file transfer ecc. are in place I have in mind: CIS Hardening Policies, Applocker, Credential Guard

OSConfig for configuring AppControl for business(new new new name for Windows Defender Application Control), on a non-persistent Windows Server 2025. Any experience? Let's for the fun of it, say that the build VM, doesn't have access to the internet.

https://cybersecuritynews.com/hackers-exploit-rdp-protocol-to-gain-windows-access/ Who needs to Citrix?

Citrix released two security bulletins today, https://support.citrix.com/s/article/CTX692579-netscaler-console-and-netscaler-agent-security-bulletin-for-cve202412284 https://support.citrix.com/s/article/CTX692679-citrix-secure-access-client-for-mac-security-bulletin-for-cve20251222-and-cve20251223

Hello, We have deployed Windows Defender for Endpoint with Device Control on our FAT clients to block USB devices locally (which works), but they are still being mapped in Citrix and remain accessible. Any ideas?

Apparently, there are 3 CVSS 9/10 ESXi zero-days that are being actively exploited in the wild today. Patch, patch, patch.

Kevin Beaumont

3 different VMware zero days, under active exploitation by ransomware group

CVE-2025-22224, CVE-2025-22225, CVE-2025-22226

https://cyberplace.social/@GossiTheDog/114104596316369139