Web Monetization makes it easier than ever to offer new payment solutions, and getting started is simple:
Download the Web Monetization beta extension:
Chrome | Firefox | Edge
Sign up for an Interledger Wallet to start supporting and engaging with content in a whole new way!
Connect your wallet and explore flexible payment options for your consumers.
Want to get started? Learn more at: https://webmonetization.org/
Announcement: Beta Launch of Web Monetization!
Web Monetization is here to offer more content support for owners and publishers, while consumers can access content on their own terms.
Today, we announce the beta release of the Web Monetization extension, allowing for seamless micropayments powered by Interledger Wallets.
Read all the details in our blog: https://interledger.org/news/announcing-interledger-foundations-web-monetization-extension-beta-release
#TechTuesday
This #Lemmy post https://programming.dev/post/22672085 links to the recording of the talk I gave earlier in the year, about how #dotNet #dotNetMAUI and other #programmers #developers can get the most out of #Mastodon and the #Fediverse in general. Show to people you want to come here, or watch yourself if you feel like you could learn more about it.
CC @andypiper @evanprodromou@evanp.me @evanprodromou@socialwebfoundation.org @Gargron @mapache @alvinashcraft @alvinashcraft.com @jamesmontemagno
Solar energy is a clean, renewable power source. It’s harnessed using solar panels which are made up of solar cells.
Solar energy is sustainable, reduces carbon footprints, and is an important step towards a greener future. This new factory, bringing jobs and training to Albuquerque, was make possible by the Inflation Reduction Act. #DemocratsDeliver #TechTuesday #GreenTech #RenewableEnergy #Solar
New solar cell manufacturing factory will bring 900 jobs to Albuquerque:
https://nmpoliticalreport.com/quick-reads/new-solar-cell-manufacturing-factory-will-bring-900-jobs-to-albuquerque/
Calling #sysadmins using PKP software!
Want to upgrade to 3.4 but not sure if your server environment is ready? Read our Release Notebook for everything your sysadmin will need.
Minimum PHP version bump Changes to config options Recommendations for processing jobs Breaking changes for custom plugins and themes
https://docs.pkp.sfu.ca/dev/release-notebooks/en/3.4-release-notebook
1/5
This week I have a #MathsMonday #TechTuesday cross-over event. 
I'm going to use #Mathematics topics as my examples, but the tip can be applied to any kind of #hashtags you're following on #Mastodon, not just #Maths, that tip being how you can follow multiple #Math (or other) hashtags in a List! This means you can now exclude your followed hashtags from your Home timeline! With thanks to @jasdemi for the original post about this - https://jasdemi.com/@jasdemi/statuses/01J4E9C36X2MC98AC0C5NV2N35
Here are the steps...
Thanks to a world-wide community of users & contributors, PKP's free open source software for #ScholarlyPublishing, Open Journal Systems (#OJS), has more than 44,000 installations globally!
Wondering about key features, documentation, user guides, downloads, world-wide usage, how it works, or trying a demo?
Control your publishing with workflow & production by scholars, for scholars: https://pkp.sfu.ca/software/ojs/
#TechTuesday #OpenJournalSystems #ScholComm #AcademicChatter @academicchatter
Active Directory Certificate Services (AD CS) is Microsoft's way to establish and manage a public key infrastructure in Active Directory. It can be used to manage certificate templates, issue certificates or revoke them. And because those certificates can be used for client authentication, AD CS is a very appealing target for attackers.
We have already looked at the escalation primitive "ESC1" before (https://infosec.exchange/@lutrasecurity/112399051244845571). Today we will have a look at ESC4. Just like ESC1, an attacker can abuse this misconfiguration to escalate their privileges from a regular domain user to Domain Admin.
This time, the misconfiguration is that a regular domain user can modify a certificate template. This means, that an attacker can simply modify the template and configure it to be vulnerable to ESC1. Then, the attacker can easily exploit the ESC1 misconfiguration they added and escalate their privileges.
The tool "Certify" can be used to identify and perform almost all AD CS attacks. In case of ESC4, an attacker only needs to change the certificate template to allow the enrollee to supply a subject (CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT). Then, an attacker can request a certificate using the modified template and provide the username that they want to impersonate as an argument. That’s it. They can now impersonate the user and take over the entire domain.
So how can you detect and defend against it?
First and foremost: CA servers are Tier 0 assets. This means that they are as important as your Domain Controller and should be hardened as such. To fix the misconfiguration, you need to review the permissions for the certificate template in question. For this, open “Certificate Authority”, right-click on “Certificate Templates” and choose “Manage”. There you can view the “Security” tab within the properties and manage the permissions (see screenshot). In this case, remove the dangerous permissions of the Domain Users group (Full Control, Write).
For detection, monitor requests (EID 4886) and issuing (EID 4887) of certificates as well as the modification of CA settings, such as certificate template modifications. And of course: Search for these types of misconfigurations to find them before the real attackers do.
I'm working on a use case to detect unusual increases in interactive logins to Windows machines, indicating potential lateral movement (MITRE T1021). To achieve this, I’m using a tstats search on the authentication data model, leveraging standard deviation to calculate dynamic thresholds by user and asset. If these thresholds are breached, an alert is triggered. 
Here’s a more detailed look at the SPL I’m using:
| tstats summariesonly=true dc(Authentication.dest) as device_count from datamodel=Authentication where Authentication.action=success AND source=WinEventLog:Security AND NOT Authentication.user IN ("DWM-*" "UMFD-*") by _time span=1d Authentication.user
| eventstats avg(device_count) as avg_devices stdev(device_count) as stdev_devices by Authentication.user
| eval threshold=avg_devices + 2.5*stdev_devices
| where device_count > threshold AND stdev_devices > 1
This approach helps in identifying potential security threats by dynamically adjusting thresholds based on user and asset behavior.
Interested in the SPL or need it for another SIEM system? Drop a comment or DM me! 
Ever since the iPad came out, a tablet has been an integral part of my tech setup, both for personal and work purposes.. Whether it’s been an iPad itself, an Android tablet, or a Chromebook running Android apps, a tablet has put the “product” in my “productivity”. A couple recent YouTube videos have had me start to question whether I truly need a tablet in my technology rotation.
https://medi-nerd.com/2024/06/04/tech-tuesday-do-i-really-need-a-tablet/
@ErikvanStraten sorry for the late reply, I've been quite busy and your post quite long.
You made a lot of valid points. For a #LutraKnows post - which usually aims to explore a single term - most of them probably go too deep, which is why we skipped over them in the original post. But I think it might be an interesting topic for #TechTuesday. I have suggested it as a topic to the college in charge.
Attackers typically use masquerading to either trick users into running a malicious file, confuse defenders, or attempt to blend into a target environment. Today, we will take a look at the MITRE TTP "Masquerading: Right-to-Left Override" (T1036.002) and will see, how an attacker can use this feature to their advantage.
First things first: What is "Right-to-Left Override" (RTLO) anyway? As we all know, there are languages that are written from left to right and others that are written from right to left. In computers, the RTLO Unicode character U+202E makes this possible. This character can be used to force a right-to-left direction for text. As an example, let's look at the string "LutraSecurity" and see what happens when we insert the RTLO character in the middle: "Lutra[U+202E]Security" (where [U+202E] is the RTLO character). This string will then be displayed as "LutraytiruceS", because the RTLO character reverts everything after it, in this case the "Security".
So what can an attacker do with this? In filenames, they can abuse RTLO to conceal the true extension of a file. For example, let's say you find the following file somewhere on a network drive:
Salaries-And-Benefits-Annexe.pdf
You know that a PDF is mostly harmless, so you double-click it to see what's inside. But your PDF viewer will not open. This is because you have actually just run an .exe file.
Why? Because the filename of the file is not really "Salaries-And-Benefits-Annexe.pdf". The attacker has added the RTLO character to reverse the last characters of the filename to make it look like a PDF ("exe.pdf" instead of "fdp.exe"). So the actual filename is "Salaries-And-Benefits-Ann[U+202E]fdp.exe".
Bad news is: There isn’t much that can be done about that. The only thing possible is to look out for files that have the inherently benign RTLO character within their filename. This can be done with a filesystem minifilter. But of course, this only works if right-to-left languages are rarely used in your organization. Otherwise there will be too many false positives.
Join us tonight at the hackerspace for #TechTuesday! Have a few drinks with some friendly people, brainstorm new projects, and connect with fellow tech enthusiasts. See you there! #hackerspace https://hsbxl.be/events/techtuesday/726/
Catch me on @karenhunter show for #TechTuesday today #KarenRebels #Knubia @UrbanViewRadio
In celebration of my first day of the quarter after taking a sick day yesterday. How about an #EngineeringProfessorQuiz?
#BlackSTEM #WomenSTEM #BlackTwitter #BlackFediverse #BlackMastodon
#BlackInEngineering #TechTuesday
What are the polls of my transfer function,
H(s)=2/(s^2+2s+1)?
Today's Tip is for the #Excel Enthusiasts! 
Tired of images floating on top of your Excel sheet? Say goodbye to the struggle! 
With the revolutionary IMAGE formula, you can seamlessly insert images into your worksheet cells.
Learn how to use the IMAGE formula to keep your images neatly within cells, maintaining that perfect aspect ratio. 
Explore sizing options, from fitting to the cell to creating custom dimensions with a breeze! 
No more copy-pasting woes! 
Watch my video to discover the ultimate way to insert those images into your worksheets!
https://buff.ly/3GhMCll
