Defense
This is not meant to be an essay, but simply a rapid-fire view of things that I see that are major challenges with digital security in today’s age. So, without any further delay let us hit it:
Read more “5 Major Challenges with Business Digital Security”
Defense
This is an area that I think some might be interested in. I have worked with orgs of all shapes and sizes and one central area I find people struggle with is change management. I am not talking about organisational change management (that is another) but I am talking about the change of information systems or security controls.
Now you might be familiar with ITILv3/2011 and the PROCESS of change management or you might be in the new practise world of ITIL4 where it is called change enablement, or you might have no idea what I am rabbiting on about. That is ok that is why we are here!
The purpose of change management is (according to ITIL) to help minimise the risk of change for IT services.
Read more “Change Management 101”
Defense
I have been thinking about how organisations manage (or do not manage) their security postures from both a governance and management point of view. To help organisations that are just starting on their security improvement journey I thought I have put together a list of activities they may want to have in a forward schedule document (you could even call it a roadmap). It is not going to be all things to all people and different organisations and markets will have different requirements.
Read more “Routine Security Governance and Management Activities you should plan for”
Defense
By default, a ‘domain user’ can read mostly everything in active directory. I’m not sure every sysadmin knows this as I often find passwords stored in the description filed (see the example screenshot, this was from a domain user with no third-party tools leveraged). Read more “New Year , New You! Securing Active Directory”
Defense
I chose these words on purpose, I don’t think keeping environments secure and working is easy. I don’t think anyone has all the answers, even with massive budgets large organisations fail to keep their data and systems secure. But I do know that by doing these activities we can massively change the game when compared to the security posture of an organisation compared to organisations that don’t do this! So, I thought I’d share some of the things I do to try and keep on top of environments cyber heigine. But to start let’s think about the kind of questions are we looking to answer:
Read more “Things to try & keep an environment safe”
Defense
Ok so i’ve been showing how alot of things do NOT get audited in Windows out of the box (on Twitter obviously) so I thought I’d export the CSV which you can import to enable some of the advanced logging features into a GPO without so many clicks (RSA sucks!)
So here is a CSV file that you can use to import! this isn’t everything you need to do, but it’s a start!
Read more “Make Logging Great Again (MLGA)”
Defense
CVSS 9.1 – CWE-35
“A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information.
The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device.”
On the 16/11/2020 a POC for a range of CISCO device vulnerabilities was released on GitHub by https://twitter.com/frycos.
Read more “CVE-2020-27130 – Path Traversal on CISCO Security Manager”
Defense
If your VPN can be brute forced, I hate to break it to you, but it’s got a bit of a design/implementation problem! Now I’m not going to go into VPN RCE’s (we’ve seen a lot of them in recent times) but let’s look at what we can do to protect our remote access services! Read more “Secure Remote Access VPN”
Defense
Imagine the scenario… your environment is fully cloud based. there are no domain controllers, you have no “corporate” network and every device is an island. Here we are going to explore what that world might look like from a security pov. This is the modern Windows environment.
As a security professional on either the offensive of defensive side you have a new landscape to deal with. No longer are you running responder and moving latterly via WMI/RPC, PowerShell or RDP, because well there isn’t a ‘network’ per say. Read more “Modern Windows Device Security Assurance”
Defense
When you get online/into the virtual office at 0900 on a Monday morning the last thing you want to be greeted with is something like this:
Ransomware and various other major cyber incidents are not fun to deal with, they hard everyone, from the end customer, your staff and ultimately your bottom line. We hate ransomware so we’ve put together a quick list of things to think about to help you prepare not only to prevent but also to respond so that hopefully your security posture holds strong but also if it does falter you can recover in a timely manner without any bitcoin payments being made! Read more “Things you wish you had done!”