How to mask a geographic IP address on corporate VPN [duplicate]

My wife is working remote due to COVID for a company that has a policy in place to not work from outside of California for an extended period of time. She logs in via a corporate VPN using our home WiFi network.

We are moving from LA to Phoenix had she would like to hang on to her job until COVID is over.

Are there any options to mask the IP address of our Phoenix ISP? I have read that one solution is the use of a VPN, but her company is already using one for her to log into her corporate environment. She has no admin access to her laptop.

Is it possible to craft a certificate signing chain that thwarts MITM corporate VPNs?

Some companies install corporate VPNs which also come with a root certificate installed on all employees’ machines. This allows for encrypted traffic to be decrypted by technology installed on the VPN. Some companies even have to do this to meet certain auditing and compliance requirements.

Is it possible for a website to set up a certificate signing chain in a way that if root cert that signed it is replaced by the corporate VPNs root cert, it would either fail to load the website, or prevent it from being overwritten by the root cert entirely in the first place?

Or, if there’s a root cert installed on a machine, is it impossible to prevent TLS intercepting by a MITM party?

How to detect use of personal NAS devices from corporate machines?

We have an issue where people are taking laptops home and connecting them to their personal home networks in order to backup corporate data to their private NAS devices. From a DLP standpoint we have trouble reconciling this activity because the activity destination is typically a private IP, something like 192.168.1.12, which is also being used within the corporate network for various labs and testing environments. Short of major policy changes about IP ranges in use and things like that, are there any creative ways to determine the difference between a personal NAS device on a home network vs a corporate-issued one being used from within the corporate network?

We tried frequency analysis of similar activities, but again many generic private IP’s are being reused across both corporate and personal environments. I thought about tracking against the ‘name’ of the network to which the user is connected, but haven’t had a ton of luck with that information being readily available in the logs I have. I’ve been tasked with trying to explore this from an incident response/SOC standpoint, so my available logs are more so correlated with IDS/IPS, mcafee, CIRT, and DLP-type solutions, rather than something like OS event logs.

Website redirects to strange corporate page? Any help identifying why? [closed]

There’s a strange website my friends and I keep track of. It’s hosted across neocities and 000webhost, two companies for website management. It has a password page, usually leading to something normal. Though someone I know entered a password and somehow made it to a government/bank domain that contains records for Chase bank in Manhattan. This website has nothing to do with any of those things, so we’re confused as to what any of this is.

This is the page it lead to: https://www.sec.gov/Archives/edgar/data/19617/0000891092-07-004320.txt

Why would an unrelated website ever bring up a page like this?

Inefficiency of search algorithms for intranet or corporate websites caused by poor design and/or implementation

I noticed recently that some of the search features on corporate websites and intranets seem to have implemented some of the search algorithms that are commonly associated with Facebook Graph Search or Google’s SEO ranked search results.

This is commonly seen when a user enters a very specific keyword but the exact matching results are not returned or not ranked highly on the search results, whereas a partially matching result will be ranked highly.

My suspicion is that with many organizations creating social networks and doing extensive analytics on internal traffic have the tendency to implement the types of search algorithms that place more weight on criteria such as recency and number of existing page views when returning search results. Unfortunately this has also created the side-effect of exact matching keywords (e.g. document names and other exact search phrases) not returning at the top of the search result.

This is despite the fact that many of these search features allow a user to filter results by things like document type and other meta data, which should allow a more specific or targeted results returned.

Has anyone else experienced this during their research and have you found the cause for this? Other research or examples from end users would also be helpful.

Nodejs pnp-auth (adfs) behind corporate proxy

We have a node/express app that connect to SharePoint onprem using pnp-auth and node-sp-auth-config. (IE connection settings : automatic) Works like a charm

Moving this app to another server On that server IE connection needs to be on manual proxy config to make be able to connect to SharePoint via the browser

For the node app the result is : nodejs app cannot connect to SharePoint “FetchError: request to ….. failed, reason: connect ETIMEDOUT …..:443 at ClientRequest. (d:\NODE\QOMV-CRExport\node_modules\pnp-auth\node_modules\node-fetch\lib\index.js:1444:11) at ClientRequest.emit (events.js:182:13) at TLSSocket.socketErrorListener (_http_client.js:392:9) at TLSSocket.emit (events.js:182:13) at emitErrorNT (internal/streams/destroy.js:82:8) at emitErrorAndCloseNT (internal/streams/destroy.js:50:3) at process._tickCallback (internal/process/next_tick.js:63:19)”

Anybody any pointers how to solve this ?

thanks

Flutter : How to get Flutter packages behind a corporate proxy?

Error

Got TLS error trying to find package cupertino_icons at https://pub.dartlang.org

Tried adding https_proxy=USERNAME:PASSWORD@hostname:port as system variable also tried DART_VM_OPTIONS="--root-certs-file={path.to.certificate.file}" but doesn’t help

PS: For Android Gradle I’ve generate a new keystore from dependencies websites certificates and injected it into gradle.properties to make it work.