Snake Oil Defence: Defending against lies and false claims

Defenders of the Realm

We often talk about not selling using fear, uncertainty, and doubt (FUD). It is quite a big thing in the cyber security industry where the entire purpose of existence is to help people and organisations manage risk to prevent, detect and respond to impact to confidentiality, integrity, and availability. A key foundational component is that we operate using science, trust, and integrity.

This does however become quite interesting when you look at some rather dubious sales and marketing techniques employed by a few.

What I have noticed are there are a range of patterns that are similar (it is like they all went on the same con artist course!) so I thought I would look at some of the indicators I see which bring up flags to me. Read more “Snake Oil Defence: Defending against lies and false claims” →

The case for hacking back

Weapons Free

Cyber warfare, it may sound like something out of a fictional book or science fiction film but in the modern digital age it is a reality. 24 hours a day around the world there are information wars occurring ranging from civilian domestic style events through to military operated campaigns. Read more “The case for hacking back” →

Incident Response – Web Logs

Knowing where to look is a real important piece of the incident response puzzle. With a large number of incidents involving web servers, I figured it was a good idea to talk about some of the common log files, their locations and some gotchas. We are going to dive into some tech 101 then follow up with how this ties into the Incident Response process (so hopefully this helps if you re more PowerPoint than Bash).

Why do we care about where the default paths are? Well hopefully if you have planned ahead and got a security monitoring solution you won’t have to. But all things start from acorns. A good way to start to understand how logs and incident response tie together are to understand what is needed under the hood. This isn’t a deep dive but more a glimpse. When we visit a web page the webserver should be configured to capture the access logs. These logs are really helpful in an incident involving web services, so where can we find them?

Everything must be agile but is that really always…

A lot of people talk about AGILE but the normally mean ‘agile’ however when it comes to security testing and penetration testing (to me there is most certainly a difference) we need to be mindful of the different approaches, so we select the right one for the context, scenario, and objectives.

In this post we take a brief look at what we recommend for a range of scenarios and we look at the key differences and what some constraints might mean when it comes to approach selection.

5 Major Challenges with Business Digital Security

This is not meant to be an essay, but simply a rapid-fire view of things that I see that are major challenges with digital security in today’s age. So, without any further delay let us hit it:

Change Management 101

Managing Change (and releases)

This is an area that I think some might be interested in. I have worked with orgs of all shapes and sizes and one central area I find people struggle with is change management. I am not talking about organisational change management (that is another) but I am talking about the change of information systems or security controls.

Now you might be familiar with ITILv3/2011 and the PROCESS of change management or you might be in the new practise world of ITIL4 where it is called change enablement, or you might have no idea what I am rabbiting on about. That is ok that is why we are here!

The purpose of change management is (according to ITIL) to help minimise the risk of change for IT services.

Routine Security Governance and Management Activities you should plan…

Security Planning 101

I have been thinking about how organisations manage (or do not manage) their security postures from both a governance and management point of view. To help organisations that are just starting on their security improvement journey I thought I have put together a list of activities they may want to have in a forward schedule document (you could even call it a roadmap). It is not going to be all things to all people and different organisations and markets will have different requirements.

New Year , New You! Securing Active Directory

By default, a ‘domain user’ can read mostly everything in active directory. I’m not sure every sysadmin knows this as I often find passwords stored in the description filed (see the example screenshot, this was from a domain user with no third-party tools leveraged). Read more “New Year , New You! Securing Active Directory” →

Things to try & keep an environment safe

I chose these words on purpose, I don’t think keeping environments secure and working is easy. I don’t think anyone has all the answers, even with massive budgets large organisations fail to keep their data and systems secure. But I do know that by doing these activities we can massively change the game when compared to the security posture of an organisation compared to organisations that don’t do this! So, I thought I’d share some of the things I do to try and keep on top of environments cyber heigine. But to start let’s think about the kind of questions are we looking to answer:

Make Logging Great Again (MLGA)

Ok so i’ve been showing how alot of things do NOT get audited in Windows out of the box (on Twitter obviously) so I thought I’d export the CSV which you can import to enable some of the advanced logging features into a GPO without so many clicks (RSA sucks!)

So here is a CSV file that you can use to import! this isn’t everything you need to do, but it’s a start!