Tag: cio

Image Defense

Infection Monkey Overview

Have you ever wanted to see what would occur in an environment if a worm was a make its way in? I often work with customers to show them about lateral movement from a human operated perspective however sometimes it’s useful for people to visualise this better and to demonstrate what could occur if a worm was set loose. A great tool to help with this is Infection Monkey from Guardicore (https://www.guardicore.com/

High Level View

The process steps are as follows:

  • Scope Exercise
  • Prepare Environment
  • Deploy Infection Monkey Server (Monkey Island)
    • Configure Server Credentials
  • Monkey Configuration
  • Release Monkey/s
  • Review
  • Report

Read more “Infection Monkey Overview”

Guides

What do you need to be Cyber Leader?

Introduction

What does it take to be a cyber leader? How do we address a broad challenge we have in today’s business world?

There are a huge number of organisations whereby the leadership do not have domain expertise in cyber and related disciplines. There are decision makers who are having to best guess. On the other end of the spectrum, we have thousands and thousands of people trying to “break into cyber” yet they face largely insane entry requirements with the forementioned adding things to junior and entry level role which include:

  • Must have a CISSP (CISSP requires 5 years’ experience and is an Information Security certificate that is very broad and not very deep, it also covers a range of areas that in my opinion aren’t even required for many cyber security capabilities inside organisations)
  • Must have a Certified Ethical Hacker (this exam includes remember historic malware dates, is that really what we need from our leaders?)
  • Must have a very large level of experience of be from an existing cyber role

Read more “What do you need to be Cyber Leader?”

Defense

Changing a security posture requires changing your own behaviours

I’m sure you will have had a marketing firm or some random sales person on Linkedin tell you that security should be simple and that their product will save you from all the ATPs and nation state hax0rs under the sun. However let’s get real, thats almost certainly not true and also security isnt simple or we’d all be out of jobs and everyon woulndn’t be getting owned all the time.

Getting real

Read more “Changing a security posture requires changing your own behaviours”
Defense

Ransomware Defence Checklist – Part 1 : Initial Access

Defending the Realm

We keep seeing organization get hit, in some kind of a sick way I think me and some of my friends in the industry are bored with the over dramatic responses of “sophisticated” “advanced” and “unpreventable” because most times the kill chains simply are not like this. But still the onslaught keeps coming. Well I know this much, whilst I would love to deploy with the team and harden everyone’s networks that simply isn’t possible. So what we thought we would do is write something to try and spread the knowledge a bit further and hopefully have some positive impact.

Ransomware 101

It’s not just that your data will be encrypted, it will likely be exfiltrated and sold. You will likely have access sold, data sold and be extorted. The Ransomware business model is adapting to defender responses. Even if you can restore from backup they will likely try and attempt to extort. This brings a key point in this equation, the best position is to NOT get pwn3d to start with. Ok that might sound silly to say but when we look at these kill chains you might start to see the world from my perspective a little. Read more “Ransomware Defence Checklist – Part 1 : Initial Access”

Defense

The grass is always greener, until it is not

A PwnDefend Story – Day 7

It is a blur so far, I figured after the last place the grass would be greener, surely no one else has that many security challenges. I did some due diligence during the interview process, they seemed very confident about having certifications and that they took security seriously. hell, that should have set some red flags off but even the cynical sometimes hope that it is as someone says.

I have started to work myself around the board and I am making friends with people, my diary is filled with zoom calls and my notebook is already many pages deep.

You cannot make this stuff up though, day two and I’ve dealing with a business email compromise incident, the phishing page was not even in good English but then it only takes a second or so whilst in a meeting to not quite realise your running on autopilot so you cannot blame people. Hell, the branding was copied so we know it was a targeted phish. It would have been nice to at least had centralised logs for the team to analyse though. Read more “The grass is always greener, until it is not”