Today I was browsing twitter and I saw a falcon feed post about NoName claiming to have DoS’d some UK government sites, and well it got me thinking (and talking to some friends) about why in 2026 we haven’t solved this problem. (DoS = Denial of Service, DDoS = Distributed Denial of Service)
Read more “2026: Why have we not solved DDoS Yet?”
This weekend at BSIDES London it was great to have the UK National Cyber Security Center (NCSC) (the UK’s technical authority on cyber security) give a talk about passkeys!
There’s lots of talk from some people about how AI is going to destroy the world and needs to be regulated, like some kind of SkyNet has been created… Well I thought, aside from this being largely not reality, I would look into a history of ‘AI’ being used in cyber defence.
Read more “A brief history of AI being used for Defensive Cyber”
This weeks been an interesting one, I’ve been doing quite a bit of research recently with my friend Simo from Defused defusedcyber.com. Simo has built a new emulated honeypot platform, and anyone that know’s me knows I love honeypots, deception and intel sharing to help defenders and to impose cost on the baddies! (technical terms here ok!)
Read more “Suspected Fortinet Zero Day Exploited in the Wild”
Using AI feels great sometimes and then empty others, this was created in seconds, it’s fine, it works.. but it has no soul! But who cares about soul when it’s a check list right? The more fundamental question is, do you have the policies, processes and procedures to defend against social engineering attacks against password resets? If not, perhaps this may help.
Read more “Password Reset Defence Check List”
When a suspected email mailbox compromise is reported, initiating an investigation promptly is critical. However, to ensure the investigation is effective, certain minimum intelligence requirements must be met. This blog outlines the bare minimum data needed to start investigating a suspected email mailbox compromise, whether the intelligence comes from an internal team or a third-party source.
Read more “Minimum Data Requirements for Investigating Email Mailbox Compromise”
Whilst conducting security testing and assurance activities, I went looking to show logon events in Office 365. My first query was on IdentityEvents, this led to a view of a multi month attack by a threat actor/s against a tenent, followed by exploring the rabbit hole of logs and computer systems. This blog summarises some of the methods and findings when considering threat hunting and authentication defences for Office 365. (bear with me I am tired so this might need a bit of a tune up later!)
Read more “Defending Against Direct Authentication Attacks in Microsoft Office 365”
Availability, Confidentiality, and Integrity are good building blocks for considerations. We can probably split this into two major views to start with:
A typical consumer may be about:
| Rating | Critical |
| CVE | cve-2022-26809 |
| MITRE | CVE – CVE-2022-26809 (mitre.org) |
| CVSS | CVSS:3.1 9.8 |
| Impact | Remote Code Execution (RCE) |
| Exploit in the wild | Currently not observed |
| Difficulty to Exploit (if PoC available) | Very Low |
| Network Position | TCP/IP Routable or Network Adjacent |
| Authentication Required to Exploit | No |
| Affected | Windows Client/Server OS |
| Typical Service Ports | TCP 135,139,445 |
| Vendor Patch Available | Yes |
| Exploitable in Default OOB (out of the box) configuration | Unknown |
| Exploitable Client/Server | Believed to be client and server side exploitable |
Ok this is not a small subject areas and it’s not a HOW TO guide but it should at least give you some ideas for tools to deploy and areas to check that are abused by Ransomware gangs and ATPs etc. Thanks to people who contributed!
This is not everything but it’s some common low hanging weaknesses:
Read more “Rapid Active Directory Hardening Checklist”