hkelley
hkelley
Running AzureHound, I get the following after approximately 60m of exporting. Will poke around the code a bit to see if this is an expired OAuth token (needs a refresh)....
After running Sharphound in the same environment for many months, something has changed. We now get this when running a collection against our largest domain: v4.0.2 and 4.0.3 binaries both...
The very first time I ran Invoke-SecretStealer I encountered this error. After recycling IIS I haven't been able to reproduce. SecretServer version is 10.4. Exception calling "ReadAllBytes" with "1" argument(s):...
ASPX will have a Request object with an Item property, requiring a dot in the middle. `\sPage\sLanguage=.Jscript.%>
I post the following alert to TheHive 4.1.2-1 via the API. Alert is created but customFields comes back empty. Do custom fields only work with template? ``` { "title": "High...
It might helpful to check for Protected Users membership in one of these functions so that you can alert the users that the NTLM relay test results will not be...
Eyeballing [EwsConnector.py](https://github.com/TheHive-Project/Synapse/blob/2a507b4eb755b93a207308865669d4cc16da77fa/workflows/objects/EwsConnector.py), it does not appear that Synapse allows the use of OAuth2Credentials. Microsoft is steadily shutting down use of BASIC auth to O365: https://developer.microsoft.com/en-us/office/blogs/deferred-end-of-support-date-for-basic-authentication-in-exchange-online/ Has anyone worked out a...
I didn't get a reply on the forum so I'm posting here. When I read .gz log files, the files are not being deleted after logstash processing. When I read...
From my logs: `[logstash.inputs.s3snssqs ] config LogStash::Inputs::S3SNSSQS/@sqs_delete_on_failure = true` From lib/logstash/inputs/s3snssqs.rb ` config :sqs_delete_on_failure, :validate => :boolean, :default => true` [docs:](https://github.com/cherweg/logstash-input-s3-sns-sqs/blob/480cf2f5a8fab0d8d217ed04f4647c867865095a/docs/index.asciidoc#plugins-inputs-logstash-input-s3-sns-sqs-sqs_delete_on_failure) sqs_delete_on_failure The default value for this setting is FALSE.
Has anybody tried to audit failed requests? I'm thinking of a tweak like this so that the cmdlet takes a user-specified SDDL and that the default SDDL audits for failure....