Notices by da_667 (da_667@infosec.exchange)

dawn of a new day, bright and full of possibility

slams the shades shut

:eyes_squint:

@FritzAdalis @tinker @LPerry2 @bsidesnova I can confirm 11 IoT edition removes most of the odious shit you have to deal with on a W11 install

• no bing search on the start menu
• notifications are muted
• from my experience, local accounts are still allowed
• No windows store
• No windows store apps
• No stupid ass app recommendations
• One drive nag on the taskbar is gone
• Onenote spam is gone

This is the third time I've gotten a phishing exercise e-mail, in which this has happened, and its hilarious every single time because I get to map your company's entirely list of phishing domains.

DA, you loveable scamp, how is this done?

grab the e-mail address/domain from the suspected phishing e-mail, input it into virustotal. Click on details for the domain, and pay attention to the "Last HTTPS Certificate" section. See if the Subject Alternate Name section looks like war and peace.

Done deal.

Phishing exercise orgs are the only ones who do this, because bad guys just use lets encrypt.

How to tell a phishing exercise domain is a phishing exercise domain: The SSL certificate specifies a Subject Alternative Names list that is a fucking novel.

Remember certification camps?

It's that, except its 2025, and you're trying to get in on the bubble Before it bursts, but you're threading the needle, because you're an inflation fetishist.

doing a windows 11 IoT Edition install. It's hilarious how much better this experience is over the standard Enterprise edition, and I've barely done anything on it so far.

Installed 24H2

• The start menu isn't trying to call out to bing when I search for shit on the desktop. That's right! THERE IS NO DEFAULT SEARCHING FOR SHIT ON THE INTERNET IN THE START MENU
• There is no embedded weatherbar/weather app in the taskbar
• Pictured is the complete list of installed apps currently:

Holy shit this really is a de-shittified W11 install.

I don't have either enabled for the proxmox VM I've set up. The only hard requirement I've seen so far is that your box has to have at least two cores.

oh yeah, forgot to mention that IoT Edition doesn't require TPM2.0 or EFI for that matter. Hilarious

• I was able to configure a local user when the network drivers (virtio) weren't found
• No nagware tray icon for OneDrive
• Notifications are muted by default
• No microsoft store

Gonna apply 24h2, and see what that does.

search and connected experiences still needs to be thoroughly disabled

search suggestions needs disabling.

appearance > co-pilot and sidebar needs to be disabled.

privacy search and security > use secure DNS (DoH) still needs to be disabled.

• system will idle the screen after a few minutes, but doesn't lock the screen.

Oh, I like that.

I'm considering moving my physical malware windows 11 host to Iot Edition now. Holy shit this is insanely better so far.

install ublock origin lite
dark reader
sponsorblock
and startpage... and there you go. It's almost a usable browser.

RE: https://infosec.exchange/@sans_isc/115265397054651431

This is a really nice write-up on the .well-known directory being abused to drop webshells. This would make for a good hunting rule for Suricata/Snort, so I'll be working on that today.

@gayint inquiring minds gotta know: is it an ass shooting out a rainbow, or pair of balls and a rainbow autoloader?

Hey, thought I'd let you all know that an opportunity for a staff security researcher has opened up in the proofpoint threat research team.

The work is remote, the pay scale is included in the job listing, etc. Benefits are really good. It's not the exact division that I work in (emerging threats) but we're in divisions that work together.

https://proofpoint.wd5.myworkdayjobs.com/en-US/ProofpointCareers/job/Staff-Security-Research-Engineer_R12883-1

@cR0w it certainly is.