>be musclehead works on-field because that's what i'm good for
>occasionaly repair laptops (replace lcd,keyboards .etc) / pcs (upgrade parts, reinstalling OS, getting pirated games) / flashing android phones
>central office suddenly needs one more sysadmin guy
>he's mid age guy, in next 6 month he need to take a month off because his wife needs C-section, this happened few years ago that's why the top dog doesn't want the sysadmin position get empty
>once internal recruitment open, everyone recommends me because i'm their "tech jesus"
>the words eventually heard by HR and i got called, i got tasked to assist sysadmin from now on
>ohshit.jpg
>my friends in workshop keep encouraging me because i'm young and i'm suppose to advance more steps than them (they were 28-35 yo and i'm way younger)
>they keep saying it's going to be ok and make sure to visit sometimes because they might need help on something or just play CS on LAN together
>ended taking the job on early january and visit my bros every 2 week when i'm on day off
>sysadmin job starts smoothly, he's a cool guy
>every single PC which uses windows 7 are properly licensed, for granny on finance uses debian and got costumized almost looks like windows
>it just for gsuite works and basic printing, no need for installing for office suite as the works done entirely in browser
>the browser set up with umatrix and will break for sites which outside of gsuite
>some PC which locked on windows 7 and can't upgrade because we need it for specific proprietary cad/cam software
>every morning sysadmin dude always spent 2-3 hours to reads latest blogpost for CVEs, threatlist, securelist and whatever on his rss server and plays WOW/ESO afterwards
>once daily routines are done, he'll update the hosts blocklist and push it to his git repo, update on users pcs are monthly though
>almost all PC conditions are actually stored in git (like pc number, license, parts list, latest condition, who uses it, reverse autossh port for remote vnc)
>the git is actually stored on his thinkpad with slackware, all ports except charger line are filled with epoxy. peak hakerman i've ever seen for now
>fast forward to current_month while he's start taking days off
>everything are peaceful and under control
>suddenly got called from one user asking why is his pc antivirus keep blinking if a connection has been blocked
>apparently msiexec.exe is trying to access some scrambled russian domain, after quick searching it was one of ransomware domain
>ayylmao.jpeg ayylmao.zip ayylmao.tar.gz ayylmaos.7z
>quickly added the domain on host blocklist so the antivirus stop screaming
>after shits under control i tried to msg the sysadmin guy, he says it's weird because all of our instances are up to date, no crack ever used, no user ever got access to install things or running some random program off flashdrive
>only got told to be cautious to watch security news and windows update
i can't think anymore attack vector on our workstation, we paid heck for everything windows, corel, adobe. for other program we're using 7z for archives, sumatrapdf for top dog epaper if they want to view cad drawings.
phones are never in same network with worktation, most phones are yellow-black screen or symbian nokias. the latest-tech lady are using blackberry that only has EDGE broadband.
where are those virus thing are come? zerodays on company that barely have 40 pc? or is it even possible from the router? we're still using TP-link from ISP and it's really giving me paranoia seeing RCE for routers even though we're behind NAT
or is it even possible the virus comes from DNS? because my sysadmin guy just tells me that few months ago we're redirected to a site when mistyping something in HTTP. the redirection page from ISP contains js-based ransomware that poking baidu domain. after DNS changed to google'sdns, the problem go away for few week but now it's back.no matter DNS we use it's still got randomly redirected, or if the site is in HTTP it'll get injected with ads from ISP. how this dns fuckery could be stopped?
i also wish i could se what users pc is trying to access on web browser so i could notice if they "accidentaly" poking russian or israeli sites and somehow take countermeasure. what kind of knowledge do i need for this monitoring things?
sorry anon i was never that bright kid and probably repeatedly using fucked keyword on search engine but i'm willing to reads and learn for this sysadmin job