Blog – PwnDefend

Cyber Myth: Attackers only have to be right once,…

Our cyber world is full of myths and FUD:

Attackers only have to be right once, Defenders have to be right all the time!

Firstly, let’s cut straight to the chase, I can only assume that someone who says this is ignoring or is unaware of how computer systems and intrusions work. But surely this is a true phrase, I’ve seen it repeated over and over again on LinkedIn, so it must be true right?

The AI Threat: Same Cyber Different Day!

Whilst the world is seemingly losing it’s mind from watching too many Hollywood films and thinking that LLMs are going to turn into SKYNET or the ENTITY, the majority of cyber professionals I know are like… meh, safe shizzle we have always had, but at least we don’t have to write crappy CSS and can make tools look awesome really fast these days!

The rest of this post is created by Claude Opus 4.8, prompted by my good self analysing a bunch of data I’m working on:

Threat Intel

Unifi Exploitation in the Defused Honeypots

I like to show what LLMs do and don’t do with and without human management, so here’s a near one shot of some honeypot data from Defused. We take two exploit packets and have Claude with Opus 4.8 analyze them. We did give it specific instructions to use the vendor CVE information rather than third party sources.

Threat Intel

CVE-2026-34910 Exploitation ITW – building a botnet (MIRAI)

We can see from Defused honeypots and conducting a triage that CVE-2026-34910 (updated as I had the wrong CVE number, wrong as in this packet does show a traversal but is the using command exec) is being exploited in the wild!

https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

Education

Lock Down Your Email: SPF and DMARC as the…

SPF and DMARC stop criminals from sending email as you. MTA-STS stops attackers from intercepting email sent to you. They defend different things, and you need all three. Here’s what each one actually protects against — and why MTA-STS, the one almost nobody has enabled, is the obvious next step.

Education

Who needs Mythos anyway! Vulnerability ‘fun’ with Unifi

Last night I found a disturbance in the cyber force… a premise that said 3x CVEs (which the vendor scored at 10.0) were alleged to not be 3 routes… this made no sense to me, why would a vendor release 3 CVEs with the MAXIMUM Score (see my last blog) which means: someone can remotely execute code/read data (remember if you leak key materials you can then craft a way to log in so you can get execution in more than one way). So I set off on mission to try and fix the problem; someone might have said something wrong on the internet!

Vulnerabilities

CVSS Scoring is fun they said!

Ok, fun things to learn about me, I don’t like CVEs or CVSS because my brain can’t really read them! I have the same challenge with some server naming standards. I need something like SRV-UK-ADDS-01 if it’s not goy hyphens I need a tool to read them for me! (true story!). So lets look at CVSS (I know I’m full of fun topics).

Leadership

Email Security: An Enablement Journey, Not a Maturity Ladder

Most organizations treat email authentication as a checkbox exercise. Deploy SPF, publish DMARC in reporting mode, call it done. But the real story isn’t about maturity tiers—it’s about what you unlock at each phase of implementation. And frankly, the gap between where organizations are and where they need to be is brutal.

This post outlines an enablement journey: each phase builds on the previous one and creates new capabilities that weren’t possible before.

Research

The State of DNS Security — Where the Top…

A position snapshot of the full Majestic Million across three layers — DNSSEC signing, email authentication (SPF / DMARC / MTA-STS), and DANE. This is the scorecard: what is deployed, on how many domains, and how it’s distributed by rank and TLD. Remember Majestic Million is a bit old so a chunk of the domains no longer resolve, but the data gives a good thematic view.

Research

Email and Domain Security

Ok, this is a topic I’ve looked at for years, my views have been built up based on a range of things from the theory, the reality of what I find/see and the incidents I respond to and hear about.

I’ve used Claude largely for this because it’s meant as a quick snapshot in time and a high level thematic view. SPF, DMARC, MTA-STS and DNSSEC (and DNS/Domain management in general) are complex topics and there’s lots of nuance in things.

That said, who wants to see what ‘scanning’ 1 million domains looks like? Let’s take a look at what Claude has come up with: