incident response – How to investigate potential infected client workstation

In case a central endpoint security or SIEM solution alerts on Indicators of Compromise on one client workstation in a windows domain.

there is it-staff which got admin accounts (domain accounts) on these workstation?

  1. Admin logs with domain account in per RDP with NTLM-Authentication (interactive logon type):
    Dangerouse because the Credentials are stored in LSASS Memory and are dumpable as ntlm hash from a dump with tools like famouse mimikatz, WCE, …(?)

  2. Admin logs with domain account in per SMB, WMI, WinRM (network logon) (also ntlm-auth, no kerberos):
    Is this save? Microsoft documentation says that there a no credential chached with a network login. An access token is created but with these, if use token impersonation techniques, your cannot authenticate remote to another host on network. But the potiental attacker on workstation can replay the netntlmv2 hash? So doing a relay attack with tools like inveight, responder, …

  3. If Admins are part of “Proctected User Group”, there are only enabled to authenticate with kerberos isnt it? So its would be save to use rdp AND/OR smb,wmi,….?

  4. What is the best practice here?
    Every time use the LAPS Account for investigation?

Please share your thoughts on this 🙂

Excel: How To Write A Potential “IF” Formula With 3 Outcomes (For Work)

I am looking to potentially create an “IF” formula (might be a different one) for my workplace. I’m not the best at excel, but not terrible either but am having trouble with this.

My workplace wants me to create a formula in which there will be 3 outcomes for our temperature testing. Currently I have the formula written like this for cell H46: =IF((OR(D46>=C46, E46>=C46, F46>=C46)), “FAIL”, “PASS”)

C46 is the max. allowable temperature, and D,E and F46 are the temperatures that were taken from the test. The formula basically says if D,E or F46 are greater or equal to C46, its a “FAIL” otherwise, “PASS”. The issue with my managers is that if C46 is blank, the formula counts “FAIL”.

They want to have it where nothing changes above, EXCEPT the want to have it as well if C46 is blank with no values, that H46 will show “N/A”. I don’t know how to keep the current formula, but add in if C46 is blank that “N/A” or “n.a” will show instead of “FAIL”.

Any help on this is greatly appreciated, thank you!

Potential problems with global scope via isolated file bundling in .NET for JavaScript files?

If anyone can suggest a much better worded question, but what I am trying to ask here is, I turned in a well designed JavaScript frontend, but the .NET developer could not get it to bundle using the Mads Kristensen bundler tool.

The bundler complained about the import statements. There was nothing wrong with the import statements they were used correctly and made for a working frontend. The error kept referring to an unexpected end of input citing the semicolons of the import statements.

So the individual decided to remove all import statements and bundle all the files in isolation, which I believe runs into the issue as answered by Martijn:

why are globals bad in javascript

If I am correct about the above applying to this case, could someone provide a concrete example as to what are some potentials or cite a use case where doing things this way went really bad? Saying that everything has access to everything and is contrary to encapsulation goes over the head of non-technical audience.

user centered design – What would be a good scenario for a meeting with a potential client regarding a new web app?

I have an upcoming meeting with a potential client and about a web app for their business. Actually, we already agreed that I will make it for them. Now we will meet again to understand everything from their point of view, what features they need, in other words, understand their as a main daily user needs. This system will be used only by them in their company. This is just the beginning of this process. I really want to get this project right from the UX side (and of course later also the development part) and my question is:

algorithms – Potential function for a dynamic stack

Consider a dynamic stack stored in an array of size m with n elements (initially n=0) and only a push operation. If upon a push n=m then expand the array such that m = 3n (That is, triple the size of the array).

Define a potential function based on the number n of elements in the array and the total number m of slots in the array, and show that the push operation has a constant amortized time.

My attempt:
Let the potential function be Ď•(n)= 3n – m.

Consider T*(push) = T(push) + Ď•(n) + Ď•(n-1)

If n < m then T(push) = 1 (since there is space in the array so you only need to add the new element) and so T*(Push) = 1 + 3n – m – (3(n-1)-m) = 4

If n=m then T(push) = n+1 (since there is not enough space so you need to copy all the elements plus the new one to the new array).

Ď•(n) = 3n-m, but m = 3n since the array is full it must be expanded for the push so Ď•(n) = 3n – 3n = 0

Ď•(n-1) = 3(n-1)-m, but prior to the push the array is full so m=n and thus Ď•(n-1) = 3(n-1)-n = 2n-3

Thus, T*(push) = n+1 + 0 – (2n-3) = -n + 4, which is not constant.

If anyone could help show me where I went wrong that would be great!

equation solving – Using Solve[] to find Eigenstates of a 1D Double Dirac Potential

I’d like to Solve

$$ k^2 equiv – frac{2mE}{hbar^2} = (- frac{mA}{hbar^2} (1+ e^{-2ka}))^2 $$

for E, in terms of m, $hbar$, A, a.

I tried using the following command:

Solve(-((2 m ene)/h^2) == (m^2 A^2)/h^4 (1 + E^(-2 a*Sqrt(-((2 m ene)/h^2)))), ene)

Isn’t working well for this task. What do you recommend? At first glance it seems it could not be simple to solve “by hand”.

Background: This problem comes from Solving a 1D Quantum well with 2 Symmetric Dirac’ Deltas $delta_a$ and $delta_{-a}$, where $A$ is the amplitude.

agency potential business model logos and more

The sale is just for the 2 Domains

ap.analysis of pdes – Boundedness of Riesz potential on hardy space

I encounter the following claim in one paper:

If $(-Delta)^{frac14}uin L^{2,infty}(mathbb{R})$, then $uin BMO(mathbb{R})$. Equivalently, if $uin mathcal{H}^1(mathbb{R})$, then $(-Delta)^{-frac14}uin L^{2,1}(mathbb{R})$. Here $L^{2,infty}$ and $L^{2,1}$ are Lorentz space and $mathcal{H}$ is the hardy space.

I do not know how to show this fact. My knowledge of Riesz potential tells me if $uin mathcal{H}^1(mathbb{R})$, then $(-Delta)^{-frac14}u=I_{1/2}uin L^2(mathbb{R})$, but why does it lie in the smaller space $L^{2,1}$?

The paper says the first half of the claim is contained in the paper: Adams, D. R. (1975). A note on riesz potentials. Duke Mathematical Journal. I read Adams’ paper and could not figure out why.

Selling – – potential for a multi million dollar auto pilot website

Was formerly a very popular site with backlinks on USAToday and tripadvisor etc.

Collected 300+ leads on the coming soon page. Has traffic. Content has been done for 3 States.

Why are you selling this site?

I don’t have the time to complete this project

How is it monetized?

Currently being rebuilt, I envisage monetization via affiliate deals, private advertising for local businesses relevant to attractions.

If you sold just one adspace at a meagre sum of $250-$500 per year you make bank on autopilot. This was an incredibly popular site, the site was hacked when the owner passed away (check

I have collected over 300 leads on the coming soon page from fortune 500 execs, teachers and individuals.

There is no other resource like it on the internet.

Does this site come with any social media accounts?


Facebook and Twitter

How much time does this site take to run?
It needs to be rebuilt and content done, once this is completed, the site runs on auto pilot once it’s completed.

What challenges are there with running this site?
Content, there are over 5,000+ attractions to be reviewed and listed.