wiki: compile kittle (full) — BEC/ACH incident, entry-point root cause, CA hardening; mark kittle-design superseded
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -37,11 +37,11 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
|
||||
| [Equity Valuation Services (EVS)](clients/evs.md) | Financial services; minimal infra documented; single Win11 VM maintained by Howard; Win11 right-click menu fix applied | 2026-05-24 |
|
||||
| [Furrier / Desert Rat](clients/furrier.md) | Mike Furrier owner; desertrat.com on websvr/cPanel; DMARC p=reject + Mailprotector SBR fix applied 2026-04-21; tim@ is a forwarder (not a mailbox); Syncro ID 391491 | 2026-05-24 |
|
||||
| [Horseshoe Management](clients/horseshoe-management.md) | Property management; prepaid block 31.75 hrs remaining at $175/hr; APC Smart-UPS P.17 bypass relay fault cleared; repeat UPS failures suggest electrical issue; plaintext creds in Syncro notes — needs vault migration | 2026-05-24 |
|
||||
| [Kittle Design & Construction](clients/kittle-design.md) | Design & construction; M365 kittlearizona.com; breach confirmed (Alexis hidden inbox rule + duplicate Authenticator); broad OAuth consent revoked; Ken inbox rule unresolved; no Entra P1/P2 | 2026-05-24 |
|
||||
| [Kittle Design & Construction](clients/kittle-design.md) | **SUPERSEDED → see [kittle.md](clients/kittle.md)** (consolidated 2026-06-09). Older M365-breach-only article; the canonical Kittle record now lives at clients/kittle.md. | 2026-06-09 |
|
||||
| [Wolkin Law](clients/wolkin.md) | Law practice; contract type (verify); Robert Wolkin (owner/attorney) + Julie (assistant/remote worker); M365 rswolkin.com (Julie has FullAccess to Robert's mailbox); 3 GuruRMM Win11 agents (FRONT office PC, RSW-Laptop remote, DESKTOP-V1JT1SE Bob's desktop); ZeroTier mesh VPN 17d709436c834c9b (10.147.19.199 FRONT, 10.147.19.54 RSW-Laptop); SMB shares Data/OneDrive/ClientFiles accessible via ZeroTier; printer access incomplete (deferred to Windows PC); active ticket #32369 remote work setup | 2026-06-07 |
|
||||
| [The Law Offices of Chris Scileppi](clients/scileppi-law.md) | Law firm; Syncro ID 9601863; Sylvia Mac mini (M2 8 GB) mail memory exhaustion; Mail disabled; on webmail; replacement Mac mini (M4 16/24 GB) pending order; GuruRMM enrollment blocked | 2026-05-24 |
|
||||
| [Western Tire](clients/western-tire.md) | Tire retail (jackfurriers.com brand); Mike Furrier owner (Syncro ID 391491); email migrated from websvr to IX 2026-04-22; 30 mailboxes; SSL cert expires 2026-05-30 | 2026-05-24 |
|
||||
| [Kittle (general contractor)](clients/kittle.md) | General contractor Tucson AZ; Syncro 32460233; HPE MicroServer Gen11 WS2025 EVAL at 10.0.0.5; no backups, no firewall; DKIM/DMARC missing; 3 plaintext creds in Syncro notes; GuruRMM onboarding 2026-05-08 | 2026-05-24 |
|
||||
| [Kittle Design & Construction LLC](clients/kittle.md) | **Canonical Kittle article.** GC Tucson AZ; Syncro 32460233; M365 kittlearizona.com (tenant 3d073ebe); **major June 2026 BEC/ACH-fraud incident** — Ken+marco+Accounting compromised, fraudulent bank-change to City of Tucson + Town of Marana ($130K+ exposure, PREVENTED, no loss), IC3 filed; root cause = April credential theft + incomplete remediation (password never reset → ~2mo persistence); CA hardened + Entra P2 added 6/9; HPE MicroServer WS2025 EVAL, no backups/firewall | 2026-06-09 |
|
||||
| [Khalsa (two-site)](clients/khalsa.md) | Two-site client (Camden + River); onboarding not completed; domain khalsa.local, DC TROUT at 10.11.12.254; Mac domain-join runbook documented; template docs otherwise empty | 2026-05-24 |
|
||||
| [Lone Star Electrical Systems](clients/lonestar-electrical.md) | Electrical contractor Tucson AZ; Syncro 33809612, prepaid block 13.5 hrs; Google Workspace (not M365); ManageEngine MDM (Zoho); Unraid server (7.1.4, USB migrated 2026-06-02); LS-1/LS-2 Sophos removal COMPLETE (2026-06-02); Defender active on both; field/mobile-first | 2026-06-02 |
|
||||
| [Anaise](clients/anaise.md) | Single workstation client; contact David (anaisedavid.office@gmail.com); DESKTOP-O8GF4SD; creds in vault at clients/anaise/desktop-o8gf4sd.sops.yaml; onboarding incomplete; M365 enrollment unconfirmed | 2026-05-24 |
|
||||
|
||||
Reference in New Issue
Block a user