Markus
@secmark.fyi
Cybersecurity | Infosec | Tech | Privacy | White hat
https://secmark.fyi/
https://secmark.fyi/
Been a while since I've last felt work exhaustion but today suddenly realized that past two meetings I had just been fully out of it with my head in a spin. Decided to just finish the day early then and there.
Thankfully it's almost weekend and get some time to unwind.
Thankfully it's almost weekend and get some time to unwind.
November 20, 2025 at 7:57 PM
Been a while since I've last felt work exhaustion but today suddenly realized that past two meetings I had just been fully out of it with my head in a spin. Decided to just finish the day early then and there.
Thankfully it's almost weekend and get some time to unwind.
Thankfully it's almost weekend and get some time to unwind.
After AWS and Azure, I was really expecting it to be Google next and not Cloudflare
November 18, 2025 at 1:29 PM
After AWS and Azure, I was really expecting it to be Google next and not Cloudflare
"Hey could you delete the email I sent you, I wasn't allowed to share that information"
November 11, 2025 at 6:09 PM
"Hey could you delete the email I sent you, I wasn't allowed to share that information"
Aaand now I've spent few days setting up Elastic.
Just got firewall logs and logs from the first EDR installation flowing in.
I obviously can't get enough of this during my daily work so I have to do it at home as well 😂
Just got firewall logs and logs from the first EDR installation flowing in.
I obviously can't get enough of this during my daily work so I have to do it at home as well 😂
October 28, 2025 at 9:15 PM
Aaand now I've spent few days setting up Elastic.
Just got firewall logs and logs from the first EDR installation flowing in.
I obviously can't get enough of this during my daily work so I have to do it at home as well 😂
Just got firewall logs and logs from the first EDR installation flowing in.
I obviously can't get enough of this during my daily work so I have to do it at home as well 😂
Bought an older firewall for my home office & lab use. Today spent building the networks, and VLANs, and setting up baseline deny rules.
Tomorrow documentation and finishing server installs.
#cybersecurity
Tomorrow documentation and finishing server installs.
#cybersecurity
October 25, 2025 at 9:09 PM
Bought an older firewall for my home office & lab use. Today spent building the networks, and VLANs, and setting up baseline deny rules.
Tomorrow documentation and finishing server installs.
#cybersecurity
Tomorrow documentation and finishing server installs.
#cybersecurity
Started watching a new cyber security podcast from episode 1, which is right from the beginning of Trump's current term. Funny look back.
October 24, 2025 at 11:20 AM
Started watching a new cyber security podcast from episode 1, which is right from the beginning of Trump's current term. Funny look back.
Lots of talk about the SSPR and MFA deprecation in Entra ID on the 30th.
Another Entra change hitting that day is the deprecation of diagnostics retention settings.
So remember to migrate your log retention management to Azure storage lifecycle management. #EntraID #Intune #security #logmanagement
Another Entra change hitting that day is the deprecation of diagnostics retention settings.
So remember to migrate your log retention management to Azure storage lifecycle management. #EntraID #Intune #security #logmanagement
September 16, 2025 at 11:26 AM
Lots of talk about the SSPR and MFA deprecation in Entra ID on the 30th.
Another Entra change hitting that day is the deprecation of diagnostics retention settings.
So remember to migrate your log retention management to Azure storage lifecycle management. #EntraID #Intune #security #logmanagement
Another Entra change hitting that day is the deprecation of diagnostics retention settings.
So remember to migrate your log retention management to Azure storage lifecycle management. #EntraID #Intune #security #logmanagement
Hypocrisy around the shooting of Charlie Kirk is insane, "Never make fun of someone dying, thats so insensitive, he was a real person, I don't condone violence."
Yet these same people post little mermaid memes during Oceangate and idolize Luigi Mangione 😅
Yet these same people post little mermaid memes during Oceangate and idolize Luigi Mangione 😅
September 12, 2025 at 5:59 AM
Hypocrisy around the shooting of Charlie Kirk is insane, "Never make fun of someone dying, thats so insensitive, he was a real person, I don't condone violence."
Yet these same people post little mermaid memes during Oceangate and idolize Luigi Mangione 😅
Yet these same people post little mermaid memes during Oceangate and idolize Luigi Mangione 😅
Leaving the best to last...
Been watching previous Defcon talks slow and steady while leaving best titles as last, shouldn't have 😅.
Actually verified I can exploit one misconfig vuln in our environment.
Better late than never I guess 😅
#cybersecurity #blueteam
Been watching previous Defcon talks slow and steady while leaving best titles as last, shouldn't have 😅.
Actually verified I can exploit one misconfig vuln in our environment.
Better late than never I guess 😅
#cybersecurity #blueteam
August 20, 2025 at 9:59 AM
Leaving the best to last...
Been watching previous Defcon talks slow and steady while leaving best titles as last, shouldn't have 😅.
Actually verified I can exploit one misconfig vuln in our environment.
Better late than never I guess 😅
#cybersecurity #blueteam
Been watching previous Defcon talks slow and steady while leaving best titles as last, shouldn't have 😅.
Actually verified I can exploit one misconfig vuln in our environment.
Better late than never I guess 😅
#cybersecurity #blueteam
During the past days there has been lots of articles demonstrating FIDO bypasses with downgrade attacks, for Microsoft environments deploy WHfB across the board and ensure that you enforce phishing resistant MFA requirement with conditional access policies for users who have a key registered.
August 15, 2025 at 10:07 AM
During the past days there has been lots of articles demonstrating FIDO bypasses with downgrade attacks, for Microsoft environments deploy WHfB across the board and ensure that you enforce phishing resistant MFA requirement with conditional access policies for users who have a key registered.
From overall cyber security perspective, would it be more responsible from tech giants to just deploy computer/device breaking patches to actual outdated OS'es than keep providing consumers some security updates for a year or two after EOL... I see this becoming an even bigger issue in the future
August 7, 2025 at 1:57 PM
From overall cyber security perspective, would it be more responsible from tech giants to just deploy computer/device breaking patches to actual outdated OS'es than keep providing consumers some security updates for a year or two after EOL... I see this becoming an even bigger issue in the future
Been on a vacation for couple of weeks. OOF states that I can only be contacted via my private number in case of emergency.
Today received first message, I call that a success, been able to totally detach from work 🥰
Today received first message, I call that a success, been able to totally detach from work 🥰
July 10, 2025 at 1:11 PM
Been on a vacation for couple of weeks. OOF states that I can only be contacted via my private number in case of emergency.
Today received first message, I call that a success, been able to totally detach from work 🥰
Today received first message, I call that a success, been able to totally detach from work 🥰
Anyone know if you can somehow pull the dynamic tags from Defender XDR via API?
Manual and system tags(Config policy/Regedit/GPO) are there on the api/machine , but would like additional control on larger sets on top of your regular RBAC group/tag controls.
Manual and system tags(Config policy/Regedit/GPO) are there on the api/machine , but would like additional control on larger sets on top of your regular RBAC group/tag controls.
June 25, 2025 at 5:14 PM
Anyone know if you can somehow pull the dynamic tags from Defender XDR via API?
Manual and system tags(Config policy/Regedit/GPO) are there on the api/machine , but would like additional control on larger sets on top of your regular RBAC group/tag controls.
Manual and system tags(Config policy/Regedit/GPO) are there on the api/machine , but would like additional control on larger sets on top of your regular RBAC group/tag controls.
Likely will not get me to leave np++, but will test it for sure!
www.bleepingcomputer.com/news/microso...
www.bleepingcomputer.com/news/microso...
Microsoft now testing Notepad text formatting in Windows 11
Microsoft announced today that the Windows 11 Notepad application is getting a text formatting feature supporting Markdown-style input.
www.bleepingcomputer.com
May 31, 2025 at 10:23 AM
Likely will not get me to leave np++, but will test it for sure!
www.bleepingcomputer.com/news/microso...
www.bleepingcomputer.com/news/microso...
2025
Included chapter about usage of CDs DVDs and Floppy disks into a security policy.
While I personally haven't used them in years to store data, older company employees might, from either habit, or from a requirement of a legacy production systems.
In the end, it's all about managing risk.
Included chapter about usage of CDs DVDs and Floppy disks into a security policy.
While I personally haven't used them in years to store data, older company employees might, from either habit, or from a requirement of a legacy production systems.
In the end, it's all about managing risk.
May 30, 2025 at 3:02 PM
2025
Included chapter about usage of CDs DVDs and Floppy disks into a security policy.
While I personally haven't used them in years to store data, older company employees might, from either habit, or from a requirement of a legacy production systems.
In the end, it's all about managing risk.
Included chapter about usage of CDs DVDs and Floppy disks into a security policy.
While I personally haven't used them in years to store data, older company employees might, from either habit, or from a requirement of a legacy production systems.
In the end, it's all about managing risk.
Original post: cyberplace.social/@GossiTheDog...
May 30, 2025 at 2:54 PM
Original post: cyberplace.social/@GossiTheDog...
Gotta love ~flow~ state when working.
Ended up spending last ~6 hours starting and finishing an authentication policy document for the entire organization.
#cybersecurity #infosec #iso27001 #iso27k #flowstate #auth #authentication
Ended up spending last ~6 hours starting and finishing an authentication policy document for the entire organization.
#cybersecurity #infosec #iso27001 #iso27k #flowstate #auth #authentication
May 15, 2025 at 5:08 PM
Gotta love ~flow~ state when working.
Ended up spending last ~6 hours starting and finishing an authentication policy document for the entire organization.
#cybersecurity #infosec #iso27001 #iso27k #flowstate #auth #authentication
Ended up spending last ~6 hours starting and finishing an authentication policy document for the entire organization.
#cybersecurity #infosec #iso27001 #iso27k #flowstate #auth #authentication
Change management is an important process in both IT and in Cyber security to ensure proper planning, design, documentation and assessment of risks.
Do you think these two should share the same processes and gates or have a totally different change process?
Do you think these two should share the same processes and gates or have a totally different change process?
April 21, 2025 at 9:22 AM
Change management is an important process in both IT and in Cyber security to ensure proper planning, design, documentation and assessment of risks.
Do you think these two should share the same processes and gates or have a totally different change process?
Do you think these two should share the same processes and gates or have a totally different change process?
Been thinking of getting experienced on a new topic, Intelligence.
Any tools, or guides, or other topics you would recommend looking at?
I'm not expecting answers like Shodan or Google Dorking but more towards Intel management, tools and analytics
#intel #intelligence #osint #cybersecurity #opsec
Any tools, or guides, or other topics you would recommend looking at?
I'm not expecting answers like Shodan or Google Dorking but more towards Intel management, tools and analytics
#intel #intelligence #osint #cybersecurity #opsec
April 12, 2025 at 5:04 PM
Been thinking of getting experienced on a new topic, Intelligence.
Any tools, or guides, or other topics you would recommend looking at?
I'm not expecting answers like Shodan or Google Dorking but more towards Intel management, tools and analytics
#intel #intelligence #osint #cybersecurity #opsec
Any tools, or guides, or other topics you would recommend looking at?
I'm not expecting answers like Shodan or Google Dorking but more towards Intel management, tools and analytics
#intel #intelligence #osint #cybersecurity #opsec
Which is better?
12 character machine generated password
Or
20 character user generated password
And why?
#security #cybersecurity #infosec
12 character machine generated password
Or
20 character user generated password
And why?
#security #cybersecurity #infosec
April 11, 2025 at 6:45 PM
Which is better?
12 character machine generated password
Or
20 character user generated password
And why?
#security #cybersecurity #infosec
12 character machine generated password
Or
20 character user generated password
And why?
#security #cybersecurity #infosec
Pulled my bicycle out of the winter storage, first short trip done and yeah... It will take a few more for my body to catch back up after the winter 😅
April 1, 2025 at 12:02 PM
Pulled my bicycle out of the winter storage, first short trip done and yeah... It will take a few more for my body to catch back up after the winter 😅
Reposted by Markus
March 28, 2025 at 10:29 PM
Winter vacation just started 🥳🥳
Which means!!! Time to start stressing the workload that will be waiting for me when I get back!
Which means!!! Time to start stressing the workload that will be waiting for me when I get back!
March 27, 2025 at 2:54 PM
Winter vacation just started 🥳🥳
Which means!!! Time to start stressing the workload that will be waiting for me when I get back!
Which means!!! Time to start stressing the workload that will be waiting for me when I get back!