Using AI feels great sometimes and then empty others, this was created in seconds, it’s fine, it works.. but it has no soul! But who cares about soul when it’s a check list right? The more fundamental question is, do you have the policies, processes and procedures to defend against social engineering attacks against password resets? If not, perhaps this may help.
Read more “Password Reset Defence Check List”
When a suspected email mailbox compromise is reported, initiating an investigation promptly is critical. However, to ensure the investigation is effective, certain minimum intelligence requirements must be met. This blog outlines the bare minimum data needed to start investigating a suspected email mailbox compromise, whether the intelligence comes from an internal team or a third-party source.
Read more “Minimum Data Requirements for Investigating Email Mailbox Compromise”
Whilst conducting security testing and assurance activities, I went looking to show logon events in Office 365. My first query was on IdentityEvents, this led to a view of a multi month attack by a threat actor/s against a tenent, followed by exploring the rabbit hole of logs and computer systems. This blog summarises some of the methods and findings when considering threat hunting and authentication defences for Office 365. (bear with me I am tired so this might need a bit of a tune up later!)
Read more “Defending Against Direct Authentication Attacks in Microsoft Office 365”
Availability, Confidentiality, and Integrity are good building blocks for considerations. We can probably split this into two major views to start with:
A typical consumer may be about:
| Rating | Critical |
| CVE | cve-2022-26809 |
| MITRE | CVE – CVE-2022-26809 (mitre.org) |
| CVSS | CVSS:3.1 9.8 |
| Impact | Remote Code Execution (RCE) |
| Exploit in the wild | Currently not observed |
| Difficulty to Exploit (if PoC available) | Very Low |
| Network Position | TCP/IP Routable or Network Adjacent |
| Authentication Required to Exploit | No |
| Affected | Windows Client/Server OS |
| Typical Service Ports | TCP 135,139,445 |
| Vendor Patch Available | Yes |
| Exploitable in Default OOB (out of the box) configuration | Unknown |
| Exploitable Client/Server | Believed to be client and server side exploitable |
Ok this is not a small subject areas and it’s not a HOW TO guide but it should at least give you some ideas for tools to deploy and areas to check that are abused by Ransomware gangs and ATPs etc. Thanks to people who contributed!
This is not everything but it’s some common low hanging weaknesses:
Read more “Rapid Active Directory Hardening Checklist”
Go and run this on the connection servers:
https://github.com/mr-r3b00t/CVE-2021-44228
It’s crude so also look for the modified timestamps, recent unexpected blast service restarts and if you have process logging go and check for suspicious child processes over the period. Once you have checked, run a backup, then if they aren’t patched, patch the servers! (i know patching isn’t as simple as just patch!)
Read more “Log4Shell exploitation and hunting on VMware Horizon (CVE-2021-44228)”
If you have a business email compromise incident and you haven’t deteced it in a timely manner your fist notification might be a bad experiance, the threat actors may have commited fraud, attemped fraud or simply launched a phishing If you have a business email compromise incident and you haven’t detected it in a timely manner your fist notification might be a bad experience, the threat actors may have committed fraud, attempted fraud, or simply launched a phishing campaign from your environment. If you are in this position, there are some steps you can take from a technical point of view to limit impact and reduce risk of a re-occurrence. This blog is a high-level view at some of the tactical and longer-term activities you can conduct.
Read more “Post Business Email Compromise actions for Office 365 Users”
This is part of a series I’m writing which is focusing on some of the core fundamentals of why cyber security is a business issue, why business leadership should care and invest in a good security posture and I’m looking at common security threats and ways you can combat these. Read more “I’m the CEO why do I care about phishing threats?”
First and foremost, I’m going to start by saying if I include any cliché quotes it’s probably in an ironic context or used to show how they aren’t practically useful. Why are we here? Well, based on the title, it’s because you are either a CEO/MD or you are in a leadership position and want to learn a little more about cyber security.
I’m sure you have read the news, I’m sure you have seen vendor adverts explaining something like:
And I’m sure someone on your LinkedIn feed you have seen people exclaim all kinds of crazy things like:
Read more “I’m the CEO, why should I care about Cyber Security?”