Clearly this is for penetration testing, not for evil! So if you have to pentest Office 365 you might want to be attacking the authentication services. This will be aligned to the tenant you are testing, as always make sure you have authorisation.
Deploy to your favourite LINUX instance or WSL etc.
Read more “Password Spraying Office 365”
Most organisations have hundreds to thousands of vulnerabilities. They range across the spectrum from:
The challenge comes in trying to determine how to prioritise. Which ways could we go?
Where do we start?
Read more “Vulnerability Prioritisation”
I’ve waked around one of two organisations, across a load of verticals and well I see people post things online about common technology generalisations and frankly it sometimes leaves me wondering what networks they have been in, but also am I just on another planet? So, I thought I would jot down some notes on common tech I see in orgs during my business travels but also on in the ciberz! It’s not a list of everything I see, it’s just what appears in my head as quite bloody common.
Read more “Enterprise Technology Generalisations”
I wrote this in 2018 and don’t believe it ever made it to the interwebs, so I’m basically posting as is with an extra section for some useful links! Hopefully it still stands the test of time!
Risk assessments are complex, they require cross domain knowledge and generally do not deal in absolutes. Threats, vulnerabilities and asset intelligence is combined, weighed and assessed, leading to the construct of a risk assessment document. It can be easy to overcomplicate this process, which in turn (in my experience) often leads to far wider reaching consequences (the business starts to bypass security management or take short cuts), so I thought I would write a short post to clarify what I’ve seen work out in the field. So, to start with let’s try and align on what exactly a risk is.
Read more “Information Security Risk Management “
Oh that’s “just a Nessus scan” or that’s not a real pen test etc. is something that if you are in the infosec/cyber world for a few minutes you will probably hear.
It’s honestly a bit odd, some sort of way of diminishing something because a tool was used, which doesn’t really make a whole lot of sense given most activity involves using something that already exists (sure there are fields and scenarios where this isn’t true but I’m generalising).
So why are we as an industry obsessed with tools and obsessed with berating people for using them? It’s all rather odd.
It perhaps ties in with this Cyber Myth about penetration testing being the tool that’s good and useful in every scenario… I hate to break it to people, but it’s not the principles of security and it certainly isn’t the best/most appropriate “tool” in every scenario. Read more “When running Nessus is a good thing!”
Everything is 1337! Everyone hacks everything with no sweat, all networks are taken down by cyber magic… or maybe not….
Let’s look at some business realities, shall we? Read more “Cyber Security Testing Myths vs Realities”
Honestly, it feels weird writing this, however I feel there’s a real issue with penetration testing and some myths that (for understandable and obvious reasons) exist in some people’s minds. So I’ve taken to trying to explain to people what an external penetration test actually entails in the real world of business. So here goes!
Read more “Infrastructure Penetration Testing Realities”
There are tons of “products” for security awarenss training, however you might find that sitting and watching canned CBT videos isn’t your organisations thing or perhaps you want to see what other options there are available. Well for starts the UK NCSC has some free online security awarenss training (see further down the post), or you may want to actually spend time with your staff to make the learning a collaboarive experiance that drives engagement and communication. If the last one if your desired approach there are lots of ways to do this. One of which can be supported by a question based assessment, other ways include tabletop scenarios and incident simulations (i honestly would go with a blended appraoch if it was me!).
So to help people get thinking about this I’ve put together some example questions to drive the message about incident reporting, collaboration and education vs blame. So here we go, here’s some ideas for communication and some questions to get staff thinking about cyber security, sure they aren’t rocket science, but then it doesn’t need to be!
Read more “Security Awareness Training Example”
Exploitation of common windows services is an important area of knowledge for both offense and defence.
Other common technology platforms in the Windows Stack Include
For now I’m just going to look at a few of the common protocols and vectors.
Read more “Common Windows Services”
The swiss army knife of the cyber world, it can port scan, fingerprint, produce reports and run scripts using the nmap scripting engine (NSE).
Why do we care about NMAP, surely everyone knows how to NMAP?
Well, that’s simply not true, it’s always important to tech new people, to revise and hone existing skills and the world of nmap scripting is constantly evolving.
Port scanning and fingerprinting let alone leaking sensitive data and conducting “attacks” is all possible. You can do a basic vulnerability scan with nmap alone!
Read more “Nmap & CrackMapExec (CME)”