my world of IT

CITC is back for 2026 and this year I’m talking about how trivial it is to compromise identities and how to prevent it with phishing resistant authentication. Please see below the video presentation. Reference article links: The Register – Lock down Microsoft Intune, feds warn after Stryker attack – https://www.theregister.com/2026/03/19/microsoft_intune_lockdown_stryker/ The Register – 1K+ cloud environments infected following Trivy supply… Read more

In getting ready to move Panorama to PAN-OS 12.1 from 11.1 (to manage some new PA-5×0 series firewalls) if you haven’t already performed the ‘224GB’ disk size increase you are likely to bump into this error message: Successfully downloaded Software version: 12.1.2 Preloading into software manager Failed to create required free space. Free space: 3191 MB, Required space: 3717 MB… Read more

I recently had a need to process Active Directory timestamps in Node-RED (based on the output from LDAP) to work out if a specific action should be carried out on a user or not. Microsoft is a bit weird (Microsoft) here where ‘the value is stored as a large integer that represents the number of 100-nanosecond intervals since January 1,… Read more

When connecting to SharePoint using PowerShell the default authentication prompt does not permit the use of hardware security keys (such as YubiKeys or the Security Key by Yubico), to get around this limitation use the -UseSystemBrowser $true parameter at the end of the connection command. Reference example 6 (at time of publication) at: https://learn.microsoft.com/en-us/powershell/module/microsoft.online.sharepoint.powershell/connect-sposervice?view=sharepoint-ps#example-6

An interesting problem solved by a simple solution. When renewing the SubCA certificate for an Active Directory Certificate Authority and clicking through the ‘Renew CA Certificate…’ prompt after being asked if you want to keep the current private key or not the CA service simply restarts without displaying the usual CA Certificate Request prompt (as above). The solution – a… Read more

Another unexpected Zone Protection Profile doing it’s thing – in this case sending a ping from an end-user device (such as Windows/macOS computer) to an IP interface (gateway) on a Palo Alto Networks Next Generation Firewall was coming back with a response, but requests from HPE ProCurve (Aruba) switches (2920/2530) appeared to disappear into oblivion with no response. A little… Read more

By kind invite of the organising committee I had the pleasure of presenting at the CITC 2025 conference at the RAF Museum Hendon. Shaking things up even more from last year I not only presented from a GitHub repo but also managed to convince screen recording on my iPad mini to work to capture the slides. I’ve had to exclude… Read more

In having a play with a general purpose way to get CSVs and other log data into Graylog with PowerShell I’ve been converting the files contents into JSON to then import over RAW HTTP – hardly the most speedy way but as a proof of concept it works. However, after configuring a JSON extractor (System > Inputs > (your input)… Read more

In investigating issues with users on GlobalProtect VPN not being able to connect to Citrix VDA servers I bumped into this forum post. In investigating I first disabled the Packet Based Attack Protection > IP Drop > Fragmented traffic at Network > Network Profiles > Zone Protection > Profiles for GlobalProtect and the zone hosting the Citrix application. While this… Read more

Something new for this year’s presentation at CITC, instead of your classic PowerPoint slides I’ve produced a GitHub repo with the intent on building out the knowledge and ideas presented overtime. GitHub repo: https://github.com/jamesfed/0DayMitigations/