@GossiTheDog @riskybusiness aren’t all forward web proxies identity-aware these days?

@horse @merill that's the traditional CyberArk model -- have a handful of highly privileged accounts that authorized users can check out and use for a limited period of time (or use them via a privileged session manager connection through a CA RDP proxy). I've never liked that approach because it makes it harder to correlate administrative actions to a person.

@patrickcmiller love to see this!

@patrickcmiller *FortiNOT*

@re_chief @thomasfuchs interesting…I haven’t noticed this but I’m going to keep an eye out for missing replies.

@GossiTheDog Wasabi uses the domain wasabisys.com for their storage service. You should block access to *.wasabisys.com too #threatintel

https://docs.wasabi.com/docs/service-urls?highlight=url

@SkywalkerIsNull @GossiTheDog This looks like one too. An unlikely account to be found on ioc.exchange

@Melody LOL “Most of the expats who want to move to the village are Catholics….” Why not move to Italy? They could live in Rome, right next to Vatican City? Are they worried the Pope isn’t Christian enough?

@goatsarah I got the arsed version