So, you have a driver to achieve cyber essentials, great stuff. Now if you are a business of reasonable size and scale this activity requires a bit of planning, context and lots of access and data. This could be via a distributed team or via a dedicated project team. In this post I’m going to look at what you may need to conduct the planning, discovery, assessment, and certification for Cyber Essentials and/or CE+.
Read more “Cyber Essentials Readiness”
Ok, another post on cyber essentials! I talk about this quite a lot (mainly driven by procurement requirements rather than orgs expressing a deep desire to “have better security” (which is a shame)) however, I want to show people what the real world is like and that meeting cyber essentials is a good thing, but also to look at real world challenges of meeting the standards. In this post we look at some thought provoking questions, then we look at an out of the box Windows and MAC device to see if they meet the standard!
Read more “Cyber Essentials – Out of the Box”
A quick post becuase this is useful for security control testing:
If you want to enable MOTW (mark of the web) on a file you can run the following PowerShell cmdlet:
Set-Content -Path '.\safe3.rtf' -Stream Zone.Identifier -Value '[ZoneTransfer]','ZoneId=3'This will set the alterate data stream (ADS) Zone.Identifier value to ZoneID=3 (Internet Zone)
You can unblock this with
Read more “Adding a removing the mark of the web via PowerShell”
So as always there are a million things in tech and well it’s rare that someone knows EVERYTHING. I must connect to a Wireguard VPN from a KALI VM. Should be simple, well actually it was a bit more complicated as I had two errors along the way!
If you are just starting out in powershell then you are going to need to know how to do some basics right.
Firstly launch an Integrated Development Environment. Built into Windows is Powershell ISE (integrated script environment) but you can also use Visual Studio of Visual Studio code (or go crazy and write it in Notepad or Notepad++/Sublime/Your editor of choice).
So once we have our editor open we need to create a variable:
Variables in PowerShell use the dollar symbol: “$” e.g.
Read more “How to create a variable in PowerShell?”
Everyone these days seems to rush towards “the solution”, well as someone who now has few years under their belt, I’d advise people slow down a little and think about their business requirements, outcomes, current state, and constraints. Significantly as well think about how a service will run over a period, not just how to buy it and “fling it into production”.
Read more “Stop rushing for “the solution”!”
Ok so this isn’t just for CISO’s but it’s a tool to help organisations think more holistically about cyber security and some of the foundational elements required to align cyber security capabilities with the business.
Read more “CISO – Getting Started Tool”
Ok this is not a small subject areas and it’s not a HOW TO guide but it should at least give you some ideas for tools to deploy and areas to check that are abused by Ransomware gangs and ATPs etc. Thanks to people who contributed!
This is not everything but it’s some common low hanging weaknesses:
Read more “Rapid Active Directory Hardening Checklist”
I’ve travelled all over the internet, I’ve worked with logs of organisations from banks through to small ISVs and one thing I would say is fairly universally true. What can be isn’t what is.
There’s a lot of different operating models and technologies in the world. There’s logs of differen’t specifics. This diagram here is not mean’t as a refrence architecture but more as an indicator.
There is also a massive reality people must understand, cyber good most definatley costs more at the point of deployment than cyber bad. Cyber bad’s ROI is truly variable and in mind mind is too hard to measure. For one org with cyber bad can experiance a significant breach (and cost) and another may have lady luck on their side.
Read more “The difference between what can be vs what often is – Cyber Architecture”
Go and run this on the connection servers:
https://github.com/mr-r3b00t/CVE-2021-44228
It’s crude so also look for the modified timestamps, recent unexpected blast service restarts and if you have process logging go and check for suspicious child processes over the period. Once you have checked, run a backup, then if they aren’t patched, patch the servers! (i know patching isn’t as simple as just patch!)
Read more “Log4Shell exploitation and hunting on VMware Horizon (CVE-2021-44228)”