News
Currently there appears to be a relatively significant cyber security incident at Marks and Spencer. So I thought I would give a demo of using AI (LLM, GROK) to create a timeline:
(since this is generated by an LLM please take this with a health pinch of salt, I wanted however to show the actual content and method I’ve used so people can understand it)
Defense
When a suspected email mailbox compromise is reported, initiating an investigation promptly is critical. However, to ensure the investigation is effective, certain minimum intelligence requirements must be met. This blog outlines the bare minimum data needed to start investigating a suspected email mailbox compromise, whether the intelligence comes from an internal team or a third-party source.
Read more “Minimum Data Requirements for Investigating Email Mailbox Compromise”
Education
[This is why we need humans and not AI to write things!]
This is what an LLM said about my Cyber Noir game…. I think this is going to need me to write something! But that will come another day, today you can enjoy how humans are, not entirely replaced yet!
Enjoy! (perhaps just play the game!)
https://mr-r3b00t.github.io/cyber-detective
In the neon-drenched streets of Neon City, where high-tech crime and shadowy conspiracies collide, a new kind of detective story awaits. Cyber Noir Detective, an innovative choose-your-own-adventure game, invites players to step into the shoes of Riley Voss, a seasoned investigator tasked with thwarting a catastrophic cyber breach at NexCorp. This browser-based experience, crafted by cybersecurity experts at PwnDefend, blends immersive storytelling with subtle educational insights, making it a must-play for fans of interactive fiction, cyberpunk aesthetics, and digital security.
At its core, Cyber Noir Detective is an interactive narrative where every decision shapes the story’s outcome. Players navigate a series of comic-style panels, each accompanied by narration and choices that lead to multiple endings. Whether you succeed in saving NexCorp or fall victim to Neon City’s dark underbelly, the game’s replayability ensures that each playthrough feels fresh and engaging. This format, rooted in the classic choose-your-own-adventure genre, empowers players to drive the narrative, making every choice feel consequential.
The game draws inspiration from the cyber-noir subgenre, a fusion of cyberpunk’s futuristic technology and film noir’s gritty, moody atmosphere. Set in Neon City, the narrative unfolds against a backdrop of neon lights, rain-soaked streets, and corporate intrigue—reminiscent of iconic works like Blade Runner (5 Classics of Cyberpunk Noir). Visuals are enhanced by a toggleable noir filter, which applies a high-contrast, grayscale effect to evoke the classic detective aesthetic. Coupled with atmospheric soundscapes, including background rain and a thematic soundtrack, the game creates a deeply immersive environment that pulls players into its world.
Cyber Noir Detective offers a rich set of features designed to captivate players:
Accessible directly in web browsers, the game requires no downloads, making it easy for anyone to jump in. A fullscreen mode further enhances immersion, allowing players to lose themselves in Neon City’s mysteries.
Created by PwnDefend, a cybersecurity company dedicated to educating and protecting against digital threats (PwnDefend Website), Cyber Noir Detective goes beyond entertainment. PwnDefend’s mission to foster a new generation of cyber defenders through innovative methods suggests that the game subtly incorporates educational elements. While the exact content of the story remains unseen, the narrative’s focus on a cyber breach implies that players may encounter scenarios that highlight cybersecurity practices, such as identifying threats or making strategic decisions to protect digital assets. This blend of fun and learning makes the game appealing to both casual players and those interested in digital security.
The cyber-noir genre, as noted in cultural analyses, thrives on blending detective tropes with high-tech settings, exploring themes of humanity, morality, and technology (Tech Noir – Wikipedia). Cyber Noir Detective taps into this rich tradition, offering a modern, interactive take that resonates with contemporary audiences. Its educational angle aligns with PwnDefend’s broader goal of raising awareness about cybersecurity in an engaging way, potentially teaching players about real-world threats in a fictional context.
This game is likely ideal for:
Ready to unravel the mysteries of Neon City? Cyber Noir Detective invites you to test your detective skills, make tough choices, and discover whether you can outsmart the hackers threatening NexCorp. Accessible, immersive, and thought-provoking, this game is a unique blend of entertainment and education. Visit PwnDefend’s website (PwnDefend Website) to explore their cybersecurity resources, and dive into the shadows of Neon City to crack the case!
For those curious about the game’s construction, Cyber Noir Detective is built using HTML, CSS, and JavaScript, ensuring broad compatibility across web browsers. The game loads its story from a JSON file, which defines narrative states, choices, and outcomes. Key technical features include:
| Feature | Description |
|---|---|
| Story Structure | Story data is fetched from a JSON file, allowing dynamic narrative branching. |
| Visual Effects | CSS animations and a noir filter create a visually striking experience. |
| Audio Integration | HTML5 audio elements provide background rain and a theme tune for immersion. |
| Interactivity | JavaScript handles player choices, state management, and social sharing. |
| Accessibility | Browser-based with responsive design for various devices, including mobile. |
These elements combine to deliver a seamless, engaging experience that balances technical sophistication with user-friendly design.
In a world where cyber threats are increasingly prevalent, Cyber Noir Detective serves as both a creative outlet and a subtle call to action. By placing players in the role of a detective combating digital crime, PwnDefend leverages storytelling to highlight the importance of cybersecurity. As the cyber-noir genre continues to captivate audiences with its blend of technology and human drama, this game stands as a testament to the power of interactive media to entertain, educate, and inspire.
Education
Recently vibe coding has been the name of the game! So whilst dealing with an incident I was thinking about some of the common challenges organisations face when it comes to incident response, which led onto the broader topics of why do so many orgs either have no policies or defined processes but even when they do, people don’t follow them.
So much focus is given to cyber awareness training for ‘end users’ but not so much about training IT and business teams in how to manage incidents.
Enter: Gamified training + comic books + detectives!
Read more “A Cyber Noir Detective Game”
Leadership
Making security both an organisational support capability but also enabling business is not easy. Lots of the security activity is for obvious reasons not totally transparent. However one thing I want to show people is how you might want to tell existing and prospective customers about the way you approach security within your organisation. One way to do this is to show people how you align to the NCSC 14 Cloud Security Provider Principles.
Read more “Using cyber security investments as a business enabler”
Education
Incidents are a part of life, but so is understanding the scope and bounds of an incident. One subject that comes up form time to time is how to define what is and is not ‘part of the incident’. Not everyone uses the same terms, language or definitions (which is true of many things in life). But when it comes to cyber incidents on the ground, details matter, but so do decisions!
Is the role of incident response to solve all security challenges and gaps in an enterprise? Should the recovery phase mitigate all threats? should the entire business be changed due to an incident and is that the role of the response team? When do you define what is and what is not part of the response vs what is a business change project?
Read more “Avoiding an infinite incident response cycle!”
Defence
Recently this subject has come up again, so thought I would create a post.
By default Windows comes with Quick assist, an RDP based service with is encapsulated in HTTPS, it allows users to both offer and request assistance between two Windows machines (remote control). You can read more here:
https://learn.microsoft.com/en-us/windows/client-management/client-tools/quick-assist
Read more “Disable and Remove Windows Quick Assist”
Education
If we look at the reality of cyber security on a personal level, it’s insanely complex. There are hundreds if not thousands of details that matter, under the microscope security is incredibly complex and contextual. Which makes it a nightmare outside of simple abstractions, because things get complex fast.
Read more “Making cyber security relatable to people”
Leadership
I’ve been around a bit now, I started ‘playing’ with technology very young as a kid! Wolf 3D/Doom era etc (ok even before that but whatever) …
In my professional career I’ve worked with literally hundreds of companies, from mega to small, from household names that sell games consoles through to orgs that sell you yummy food! I’ve worked across loads of industries from government through to manufacturing. I’ve dealt with major incidents for the finance sector, healthcare but also, I’ve been inside a range of networks for some time.
Read more “Cyber Leadership – Real Life Incidents over the years!”
Defence
Ok this morning I woke up really really early! I then went on a bit of a KQL thread on twitter, and then IRL work destroyed my plans to play in the lab. However I’m publishing this in its current state [use at own risk etc.] because I think it might help people! So let’s get to it:
These queries can help you identify 3 common active directory attack techniques from logs on a domain controller (this does not rely on ADCS logs etc.)
Read more “Hunting for common Active Directory Domain Services Exploitations”