Leadership
I’ve been conducting sales and assurance-based activities for some while (I’m not counting it will make me feel old!) and I have started looked at a range of supplier management tools which leverage tool-based OSINT, attack surface mapping and manual data inputs and I have to say this:
Leadership
Have you ever thought about what kind of data/intelligence you may need with regards to vulnerability management? It tends to vary at levels of abstraction based on the audiance, but don’t think the person doing the patching may not be considernig upwards or that someone in a C level position won’t care about the zeros and ones (life doesn’t work that way!)
Anyway I was talking to a friend and came up with these so thought I’d share them with the world. Have I done a decent job? can you think of others? How do you measure and report? What are your concerns?
Let’s take a look at what I came up with (this wasn’t a very long time in the making 😉 )
Read more “Vulnerability Management Concerns by Role Type”
Guides
Ever stuck in an environment where your internet access isn’t what you want it to be? Ever need to exfilrate data and bypass some DLP? Obviously I’m talking like a pentester (don’t use this if it beaks policies on anohers assets) so this is useful for some scenarios in testing but also in real life!
Read more “How to use Putty as a SOCKS Proxy”
Leadership
Defending a single server is often far more complex than people apreciate, defending a single organisation is significantly harder than a single server, defending a country… a much more complex challenge than I think people actually realise.
According to the NCSC:
The aim of ACD is to “Protect the majority of people in the UK from the majority of the harm caused by the majority of the cyber attacks the majority of the time.” We do this through a wide range of mechanisms, which at their core have the ability to provide protection at scale.
ACD is intended to tackle the high-volume commodity attacks that affect people’s everyday lives, rather than the highly sophisticated and targeted attacks, which NCSC deal with in other ways.
UK NCSC
The UK NCSC offer and run a range of Active Cyber Defence capabilities which include the following:
Read more “UK NCSC Active Cyber Defence (ACD)”
Education
Exploitation of common windows services is an important area of knowledge for both offense and defence.
Other common technology platforms in the Windows Stack Include
For now I’m just going to look at a few of the common protocols and vectors.
Read more “Common Windows Services”
Leadership
Everyone always asks what are the best security metrics to have? The answer is simple to me, use metrics that are valuable to your business governance and decision-making processes! Easy right.
Not so easy in real life right!
Read more “Board Level Security Metrics”
Education
The swiss army knife of the cyber world, it can port scan, fingerprint, produce reports and run scripts using the nmap scripting engine (NSE).
Why do we care about NMAP, surely everyone knows how to NMAP?
Well, that’s simply not true, it’s always important to tech new people, to revise and hone existing skills and the world of nmap scripting is constantly evolving.
Port scanning and fingerprinting let alone leaking sensitive data and conducting “attacks” is all possible. You can do a basic vulnerability scan with nmap alone!
Read more “Nmap & CrackMapExec (CME)”
Guides
How long should you test brute force password attempts for?
Well, a recent Microsoft report showed the average RDP brute force attack over the internet lasted about 3 days. Now let’s take a look at what a single attacker machine (IP) can send to a single target server over a well-connected network (1GBE low latency):
Read more “I AM BRUTE”
Hacking
I haven’t had tea but I was thinking about the MAC i was remoting into and I suddenly thought.. I wonder how to crack the hashes from a MAC. Surely it’s just cat /etc/passwd and cat /etc/shadow and then unshadow and run hashcat right?
WRONG!
The hashes for local users are stored here:
Read more “Hash Cracking for Modern OS X (10.8+)”
Defence
Spotted on twitter (thanks Danny!):
CISA updates the known exploited vulnerabilities list (KEV) yesterday with another 38 updates!
That means an update is required for OFFESNIVE KEV!
Read more “Offensive KEV Updates! CISA releases 38 more CVEs to KEV”