>work in IT
>everyone is either a fucking r3ddit tier retarded onions chugging marvel watching funko consuming faggot
>OR total robot with 0 emotions, personality, will not even speak for weeks
I miss my waiter job, everyone in the bar and the restaurant was cool as fuck.
>I use my workplace to fulfill my social needs
If you attempt this in the Sims your character would become increasingly unhappy, why do you think it would be positive in reality? Employment is to get enough starter capital that you can maintain yourself on your own you're not meant to build yourself around it.
>just be a good jewish golem for 8 hours a day and only spend time working for your overlords without showing any sign of humanity
dunno dude I cant do that
Dead detected.
bah i wish i was a robot, people tend to speak out of their asses, and i got tired fo the same complaints that other servers were always complaining about. It was literal groundhog day, well i guess you can say that about any job.
Undervaxed detected.
If you work in IT you should be working from home, not in the office user. Do you clean the bathrooms?
Based
In the UK we re-opened the offices for like 3 weeks, we closed them down again this week
user,
Welcome to /IT/,
I don't know if you're a help desk first week on the job, or an actual productive SDE or something.
But that's good, it's good everyones a shitty NPC.
It means it's an easy place to level up, everyones personality is at a default, devoid of emotion and intelligent told.
They're empty slates you can manipulate and have fun, and if you're smart you'll understand how to control the situation to benefit yourself more.
How to benefit yourself?
>More money.
>More Freedom.
>Get to decide who to hire/fire.
>Get to control emotion in the office and everyones opinion.
You can do *so* much, especially if you have mailbox permissions, you can go through mail, you can setup interesting rules, triggers and redirection and delete auditing trails.
You can even work *extra* hard and impress other managers and get comfier jobs where you automate everything but show how *hard* your work is to them, most direct managers want turn key and understand this level of discretion and if it succeeds and it's a profit center, you get to do bullshit all day and have fun. I personally charged the corporate account my flight lessons (15K over 3 months) alongside business and economy class tickets - it's great. I don't do hotels because it shows up as the location and most of it has been international.
So, user - you're at level 0/1.
How creative are you?
OR are you just one of them, posting on Zig Forums instead of reddit?
I work in IT, but don't need to interact with anyone, I work alone in a basement and some days I never even see anyone all day, most of my time is spent watching Twitch streams or playing wow too.
it's the most comfy job I can think of
>I personally charged the corporate account my flight lessons (15K over 3 months) alongside business and economy class tickets - it's great.
I work in cybersec, nobody can just fuck with mailboxes and authorization without someone elses approval.
truly a job for autists
eat a dick OP
go back
You people really are so naive you think bosses aren't somewhat aware of your wrongs? They just stealing orders of magnitude more on their own respective ends.
Hahah, sure, faggot. 99% of the time no one checks the permissions logs, or even assigns proper permissions to global accounts, breakfix, etc.
It's fucking fun as fuck.
So many people share one admin account, you can jump onto an active RDP, or even better, use one that is for outsource password reset and there you go.
With powershell, you don't even need to logon to the account, you can set redirection, mailbox mirroring and more as long as you can connect to azure ad. But this is more of pro gamer move that probably you or op has no idea about.
>but user, what about the logs?
Logs are reactive, no one has true active alarms for most accounts that are useful to you.
You can review how help desk, curries or filipinos reset users passwords and piggy back on that.
You can even use a reverse shell if they have VNC, screenconnect, or if you're on the domain, easily. Most computers have a localadmin password that's the same throughout the org that'd allow you to grab the local SAM file which you can force crack.
If you have server creds, just copy the shadowcopy of the SAM, why not.
There's many more ways, of course, but, most of the faggots on here are going to go cry foul, no, that's not possible, not on my system when at most they may run graphite that looks for event ID's that *may* be piped to a mailbox to be reviewed by a overworked, underpaid itsec guy, or worse, curries/filipinos.
And it's also friday, the netsec guy is not going to be working hard vs fucking around with the Ops teams about read only friday.
Fuck you faggot.
>you can go through mail
yeah any sysadmin doing this would get fucked pretty hard. there's usually auditing setup so an email gets sent to higher ups when you perform a search on user mailboxes or anytime an admin gives themselves ownership of another users mailbox.
are you working for a company still running Windows server 2008 and shit with absolutely no auditing or security setup as the sole admin ? sure you might be able to do some shit but what's stopping them from hiring a tech consultant or pen testing group to take a look into some things once they realize some shady shit maybe going down with their one man IT dept ?
based redditor
who do you work for?
some 10 employee no name start up?
I work for a major investment banking firm and we dont fuck around here with the security
So you learn of the auditing and you can work around it. Holy fuck, you can setup a redirection rule, or a local rule.
You can setup a rule on the fucking edge server, you can make a mailbox called "INFOSEC-TEST" or "INFOSEC-QUARANTINE" or make up bullshit like "All mail will be delayed for these users by 5-10 mins to test for crap"
There are *so* many ways you can do this so you don't need to immediately have a log showing that you gave yourself access to someones mailbox.
*NO* one ever checks the mail flow rules, ever.
Then if you want to add in compliance, security, and threats of audits, it's pretty much easy peasy.
Tech, not FAANG, not startup.
You guys are fucking fools if you think auditing rules and event logs are going to really stop you - and as I fucking said - if your company has curries or filipinos.
BLAME IT ON THEM.
My company sends out a telegram alert to everyone in the infosec group whenever anyone uses their privileged account, unless you have a written approval digitally signed by our head of information and cybersecurity you cannot use your privileged account, if you do you will immediately be audited and potentially fired.
Further more, we have a rule where if you sign into a privileged account, you cannot be left alone in that room and someone will have to stay there and watch you for the full duration.
I also consult on the side, and do the same with a major insurance company.
There's nothing security wise per se outside alerts that are generated but never looked at, they're sent to a mailbox, with a servicvenow poller that puts them on a dash, but that team just closes the tickets within SLA so they get their tendies and good boy points and report that they're doing a good job securing the network from hackers.
So, it's also incompetence all around, but most people don't really do red team shit - most logs also don't go back 90 days.
fuck, if your tenant is old enough on o365, you don't even have "true" auditing/logging, you litereally need to enable auditing in three different places to actually confirm shit is being recorded vs a generated email, that, any admin can change the delivery mailbox to for when you do a content search that you've described.
You're also forgetting that exchange, a users mailbox is essentially a fucking database.
You can download someones mailbox in PST via EMC, including EXO EMC. you can also just ps-session into someones computer, copy the OST file locally, then compress it grab it over.
Fuck, you can even copy the copy of the PST, upload it to that users onedrive, then give yourself access to their onedrive (which doesn't really show much in logs, it's one line item.)
You fucking faggots really have no creativity. And I'm not even talking about persistance, scheduled tasks or having fun with backups yet.
Bro don't you know you can just hack into le mainframe? It's easy, just use powershell
I think I'll keep my script kiddy shenanigans to my personal home lab rather than out my career at risk. literally what are you gaining that makes all of this risk worth it ? Chad status in the office because you secretly read everyone's emails ? risk to reward ratio out of whack here user
>r3ddit tier retarded onions chugging marvel watching funko consuming faggot
Imagine seeing someone like something and thinking you're better than them because youre above what they like
Congrats, you're in one place that sounds like it's in some russian hell hole that doesn't follow standard NIST security practice.
Which may be good for you guys, but having that, like that, would fail the big 4 compliance/auditing which would mean business indeminity insurance, breech insurance and more would increase while really having no true security.
>who the fuck uses telegram commercially in that scope.
Unless you're a cryptokinda investing banking firm.
Banks/investment firms are 100% behind the curve when it comes to security and tech. To them SSH keys are fucking new from when I declined JPM and BOA,
So I don't know what to say user, tell me more?
Jesus Christ this larping faggot is such an idiot
This will never work in any organization over 10 employees. All these rules, setups etc. work such that they store everything immutably. You will he fired without hesitation immediately as soon as you do anything like that.
While you’re just a retarded iT drone, the cybersec guys above you have implemented 100 different versions of Varonis or something else to catch everything you do as you do it.
t. Work in identity and role management security and monitoring
Oh my god, you’re such an idiot.
This
>most logs aren't stored after 90 days
In what indian waste management facility?
Dunno why we use telegram but we do, it was there before I started working there, as for the security its pretty much top notch, I heard it was shit before but they revamped the whole department.
The company in question is french based investment banking firm with a blue logo, its pretty big in the EU but no JP morgan or something, around 10 billion euroes flow trough the firm annually so we keep it pretty locked down
if you work in identity then you fucking now how broken most orgs are and how they don't even tie in their users to HR hiring/firings so that they remain dormant until password expiration.
Fuck even until recently Workday didn't support AD Object creation/disabling.
But, go on, talk to me about how onboarding/offboarding works alongside SOX compliance and call me a LARP, faggot.
So many infosec guys are fucking painfully ignorant or lazy.
I know, cause I'm one, I'm lazy as fuck but I enjoy this and building up cases which show how this protects the org, data and such is fun.
Lol this. Faggot is cringier than watching "leet haxors" on network TV. With about the same amount of fluffy (made-up) buzzwords.
>has never worked in IT
You don't understand. These fucking people are insufferable. They're still using le ebic over 9000 all your base are belong to us memes, they talk endlessly about the latest goyflix shows, I want to fucking blow my brains out when I am forced to interact with them
omg user, how did you get hired, you're not a personality fix here.
>feelthebern
lol california is feeling the burn right now tho.