20241118

nginx security header - CSP


        # Add Security Headers

        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

        add_header X-Content-Type-Options nosniff always;

        add_header X-Frame-Options "SAMEORIGIN" always;

        add_header X-XSS-Protection "1; mode=block" always;

        add_header Set-Cookie "Path=/; Secure; HttpOnly; SameSite=Lax" always;


add_header Referrer-Policy "no-referrer-when-downgrade" always;


add_header Permissions-Policy "geolocation=(self), microphone=()";


add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';";

        # end


No comments:

PHP.ini

 expose_php = Off

No comments:

20240523

【2024 最新方法】Win 11 (23H2 & 24H2) 免綁定微軟帳號!

 Shift + F10

oobe\bypassnro


No comments:

Standard preset security policy & Strict preset security policy

 


M365 Exchange online:


Connect-ExchangeOnline -UserPrincipalName <UPN> [-ExchangeEnvironmentName <Value>] [-ShowBanner:$false] [-DelegatedOrganization <String>] [-SkipLoadingFormatData]


# Connect-ExchangeOnline -UserPrincipalName xxx@xxx.onmicrosoft.com



View quarantine policies in PowerShell

# Get-QuarantinePolicy | Format-Table Name

# Get-QuarantinePolicy -QuarantinePolicyType GlobalQuarantinePolicy

# Get-QuarantinePolicy -QuarantinePolicyType QuarantinePolicy


# Get-QuarantinePolicy -Identity DefaultFullAccessPolicy

# Get-QuarantinePolicy -Identity AdminOnlyAccessPolicy

# Get-QuarantinePolicy -Identity DefaultFullAccessWithNotificationPolicy



<Standard preset security policy:>

# Write-Output -InputObject ("`r`n"*3),"Standard anti-malware policy",("-"*79);Get-MalwareFilterPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Standard"; Write-Output -InputObject ("`r`n"*3),"Standard anti-spam policy",("-"*79);Get-HostedContentFilterPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Standard"; Write-Output -InputObject ("`r`n"*3),"Standard anti-phishing policy",("-"*79);Get-AntiPhishPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Standard"



<Strict preset security policy:>

Write-Output -InputObject ("`r`n"*3),"Strict anti-malware policy",("-"*79);Get-MalwareFilterPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Strict"; Write-Output -InputObject ("`r`n"*3),"Strict anti-spam policy",("-"*79);Get-HostedContentFilterPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Strict"; Write-Output -InputObject ("`r`n"*3),"Strict anti-phishing policy",("-"*79);Get-AntiPhishPolicy | Where-Object -Property RecommendedPolicyType -eq -Value "Strict"


閱讀全文
No comments:

20240520

VMware Customer Connect portal for vSphere downloads - OEM Custom Images and Addons (After May 2024)

 new instruction after Broadcom (vmware custom download)


ESXi Downloads 

Full ISOs:

    1. Under the Products Tab, choose the user entitlement for VMware vSphere (e.g. click on VMware vSphere - Enterprise).
    2. Select the major version of vSphere required. 
    3. Click View Group on the right side of the VMware vSphere Hypervisor (ESXi) item. 
    4. Use the drop-down in the upper-right to choose the desired version. 

Patch Builds:

    1. Under the Solutions Tab, choose the user entitlement for VMware vSphere (e.g. click on VMware vSphere - Enterprise).
    2. Select the major version of vSphere required. 
    3. Find the desired version of ESXi in the list. 

Custom ISOs & OEM Addons:

    1. Under the Products Tab, choose the user entitlement for VMware vSphere (e.g. click on VMware vSphere - Enterprise).
    2. Select the major version of vSphere required.
    3. Select the Custom ISOs or OEM Addons tab.
    4. Click on the desired Custom ISO or Addon by OEM name and ESXi version.
    5. Download the desired deliverable and readme file for links to any OEM documentation. 
      • Accept the Broadcom EULA by marking the checkbox, if required. 
      • Address any legal, export/trade or other verification, as required. 

Notes:

      • All Custom ISO and OEM Content visible in any given tab for any given version of vSphere is identical and can be used on the given OEM server and ESXi version, e.g. the “Dell Custom Image for ESXi 8.0U2 Install CD” is the same download wherever it is seen.  Another way of stating this is that there is only one OEM Custom ISO and Addon download for any given OEM server and any given ESXi version, regardless of the various entitlements of vSphere.
      • You can also find the Custom ISOs and OEM Addons tabs from the VMware vSphere Hypervisor (ESXi) group under VMware vSphere - Enterprise. Here, you can filter the release specific Custom ISO or addon.
        1. Click on View Group against vSphere Hypervisor (ESXi). 
        2. Select the desired ESXi release from the drop down under the Primary Downloads tab.
        3. Go to Custom ISOs or OEM Addons tab.
        4. Click on the desired Custom ISO or Addon by OEM name or ESXi version. 
        5. Download the desired deliverable and readme file for links to any OEM documentation.
          • Accept the Broadcom EULA by marking the checkbox, if required. 
閱讀全文
No comments:

20240516

intune - app protection policy

 App Protection Policy - 一放了policy , end user就會被上app managed, 需要intune portal




No comments:

20240510

Sentinel Analytics KQL "Conditional Access Policy Modified by User"

 


AuditLogs

| where TimeGenerated > ago(30d)

| where OperationName has "conditional access policy"

| where Result =~ "success"

| extend userPrincipalName = tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName)

| extend CAPolicyName = tostring(TargetResources[0].displayName)

| extend ipAddress = tostring(parse_json(tostring(InitiatedBy.user)).ipAddress)

// | where userPrincipalName !in (Azure)

| extend NewPolicyValues = TargetResources[0].modifiedProperties[0].newValue

| extend OldPolicyValues = TargetResources[0].modifiedProperties[0].oldValue

| project TimeGenerated, OperationName, CAPolicyName, userPrincipalName, OldPolicyValues, NewPolicyValues

| order by TimeGenerated




No comments:

20240121

香港渣打馬拉松2024 全馬篇 - 破四回憶錄 (sub4)

#sub4

#香港渣打馬拉松2024 

#全馬拾科


2023年8月至12月這4個月內, 左右雙腳不斷受到阿基里斯腱傷痛影響, 心情很是低迷。 


<2023年12月17日> 香港街馬 : 我早已劃定此比賽為健康輕鬆跑以作全馬篇之準備。我完全無刻意目標時間。比賽前一週雙腳阿基里斯腱還是微微疼痛,我只好每日吃消炎痛去安撫它。比賽前三天,我更加大藥度,每天早晚都吃止痛藥以希望它可以有好轉。


以前的我,完全不明巴西足球國家隊的朗拿度 或者中國田徑國家隊的劉翔為什麼要打著止痛針吃著止痛藥而上去比賽呢? 


原來我不知不覺間都學著:「他一直在玩命!」


我這幾個月裡有反問自己:「我是為什麼呢?


香港街馬2023比賽當天,我就一路忍耐著疼痛一路放輕跑, 而當中我記得跑至32公里之後有過一陣暈眩

而跑到36公里的補水站,我停下來深深的回著大氣,當時印象最深刻的一幕就是工作人員大叔親切的向著我問候道


「OK嘛? 你得唔得?

我馬上就回「得! 我一定得!

我心裡想著我一定得! 我一定得! 我一定得!


最後我把用04:20:00完成了這個預賽於操的一課,雖然成績不是太理想但傷痛已再無惡化


我開始感覺到傷痛總算比前一週好多了, 感恩。


接著的下一週, 我馬不停蹄的進行著一個月的密集操練, 並希望我的第三次全馬篇會有所突破。 


12月的練習課之中, 我專門做了一次亞索800測試, 試了一課sub4, 並辛苦地完成了9組。 



12月時份, 我再操練了兩次長課, 一次22公里和一次32公里, 久違了自己的身體感覺, 輕鬆地以無傷無痛之下完成


1月時份, 我轉為速度課, 因為我身體太需要高強度和速度感, 所以完成了四次馬速配速跑(Tempo Run), 四課都保持在配速5:30分: 

第一次8公里

第二次12公里

第三次8公里

第四次12公里

當中再加插一課18KM的中距離輕鬆跑。 這四次的馬速跑我都緊緊的保持著配速並記在心裡, 就讓身體適應到這個速度吧


我感覺雙腿完全無痛楚, 並開始感到自己已從傷患之中康復了。 

所以我可以實在地進行2024全馬篇了。 


<2024年 1月24日>

閱讀全文
No comments:
Labels:
Subscribe to: Posts (Atom)
Related Posts Plugin for WordPress, Blogger...