This is a fun little rehash of the “what naming scheme should I use for my servers” discussion that will never end.

I agree, I use fun cutesy shit as aliases and whatnot but actual hostnames are boring and logical.

I use atomic moves. I used to have everything configured to land in a staging directory and once ready for it to “go live” move it to the appropriate location and kick off a scan.

Using a .ignore file is probably the simplest though.

Are you using indexes made by someone else or did you make it yourself? I highly suggest doing it yourself so you’re more familiar with the layout and how your brain seeks content. I had tons of duplicate entries because search context matters. One question may ask what HTTP response code 301 indicates or it may ask what response code is returned when content has been Moved Permanently. Don’t rely on memory to differentiate. Figure out how you’d begin looking the answer up and make sure it’s covered in your index, then do it again for any other contexts you can think of.

I used this Lesley Carhart post as the basis for creating my index.

You’re right that there’s an untenable amount of knowledge if you’re relying on your memory to get through it. Much like working in the industry, you don’t have to have encyclopedic knowledge on any topics, but you do need a reliable method to find answers. I literally went page by page building my index over the course of a week. The prep was well worth it because not only did I have a solid index, I had gone over every piece of material shortly leading up to my test.

I did almost get blind sided by the clock though. I finished with about 2 minutes left. Please do also keep in mind certs are not remotely necessary. There’s a person on my team that has zero certs but runs circles around me during forensic investigations.

I passed the GCFA exam last year. What are you struggling with?

Are you okay? They asked a very specific question and you’re coming in with answers that don’t matter.

When did I say anything about dhcp or mention randomized mac being a silver bullet for privacy? Your opinion on how effective it is or isn’t has nothing to do with the fact that they can turn it off for their network and it will solve the issue they’re asking about.

Eh, in pihole mac or ip address is a valid way to add a device to a group so you can give it a different policy. I have multiple access points but they’re not meshed so if I randomized I’d have to have multiple client entries for a single device. Or turning off randomization for my trusted networks means just 1 client entry.

Assuming Android, you’ll want to deselect randomized MAC for your wifi. No reason to randomize on a trusted network. You can turn it off on a per network basis.

Oh interesting. I just saw it was recently updated so I went with it. I’ll have to look into what’s going on with it though.

Thanks for the Thunder suggestion. This thing seems really solid.

Wait what happened with Raccoon? I recently switched to it after finally giving up on the Sync dream.