Defense
We move around in many places, we sit in plain sight, you might know we are there, or you might not. We work in the shadows, yet we shine a light. You see we’ve been inside your networks; we’ve sat in your cabs, we’ve worked with your teams. We have read you annual reports and we’ve mapped your company; we do this in a way that often you can’t even see.
Read more “Confessions of a white hat hacker”
Defense
In Part 1 (Initial Access Defence and Checklist) we looked at ways of hardening your attack surface to defend against initial access. When it comes to ransomware there is a range of elements and variables in the kill chain that need to be successful for the outcomes to be achieved by the criminals. Here we are going to move further into the kill chain to look at further defences. Remember you need to have an “Assume Breach” mindset if you are going to be able to defend against ransomware, that being said, there is a hell of a lot of things you can do for 0 to low investment costs that provide a great ROI. Now some of this is going to be repeated guidance from part 1, that’s ok repetition is good (make sure you are covered from multiple perspectives). Ok let us get to it! Read more “Ransomware Defence: Part 2a – Persistence, Privilege Escalation and Lateral Movement”
Defense
We looked after about 3-3500 endpoint devices. We were running Windows servers/clients and we leveraged technologies such as:
Defense
We keep seeing organization get hit, in some kind of a sick way I think me and some of my friends in the industry are bored with the over dramatic responses of “sophisticated” “advanced” and “unpreventable” because most times the kill chains simply are not like this. But still the onslaught keeps coming. Well I know this much, whilst I would love to deploy with the team and harden everyone’s networks that simply isn’t possible. So what we thought we would do is write something to try and spread the knowledge a bit further and hopefully have some positive impact.
It’s not just that your data will be encrypted, it will likely be exfiltrated and sold. You will likely have access sold, data sold and be extorted. The Ransomware business model is adapting to defender responses. Even if you can restore from backup they will likely try and attempt to extort. This brings a key point in this equation, the best position is to NOT get pwn3d to start with. Ok that might sound silly to say but when we look at these kill chains you might start to see the world from my perspective a little. Read more “Ransomware Defence Checklist – Part 1 : Initial Access”
Defense
Ok so you might think I’m mad with the title but bear with me!
So, the world is in an interesting place, we’ve got a pandemic, we’ve got prolific cyber crime and we have all kinds of different views on how we should tackle this problem.
Now I love a framework and there’s ton’s of them. But the truth is they are complex, detailed, nuanced and generally require a level of nerd that a lot of organistaions do not have.
In 2020 during the pandemic I decided to try and write something to simplify this position, whilst I didn’t want to be too narrow, I wanted to try and capture the breadth of cyber security that is relevent to the general purpose organistaion. I came up with a set of 140 questions which I believe are a good take on things to consider and ask when conducting a security review at a high level. (yes 140 questions is a high level view, this stuff is complex as hell at the detailed end of things, and the devil is in the detail).
Read more “Cyber Security Assesments for Normal People”