cyber – Page 2 – PwnDefend

Ransomware kill chains are boring.. will we ever learn?

Are we stuck in a cyber world that never learns? are we doomed to suffer the same fate over and over again? Well, not if you take action, you can totally prevent events like this!

This is a fast post using an LLM to analyse the Capita redacted ICO report. Hopefully it will help people think about things and take the lessons and apply them in their own organisations.

Threat Intel

Shiny Hunters / Scattered Spider Alleged Victims

Shiny Hunters/Scattered spider have published a leaked download site (DLS)/extortion site etc.
This is a fast publish with content mainly generated using an LLM (GROK). This appears to relate to victims who have been victims of social engineering, it does not appear to be related to the Salesforce, SalesLoft Drift breach: https://help.salesforce.com/s/articleView?id=005134951&type=1

Education

Why a SOC Without Triage, Analysis, and Remediation Is…

In the world of cybersecurity, the term Security Operations Center (SOC) carries significant weight. It evokes images of highly skilled analysts working around the clock to detect, respond to, and mitigate cyber threats. However, not all SOCs live up to this expectation. If a SOC lacks core functions like triage, analysis, assessment, and remedial action, it’s not truly a SOC—it’s merely a contact center masquerading as one. Let’s explore why these functions are non-negotiable for a SOC and why their absence undermines the entire purpose of cybersecurity operations.

News

Japan goes on the Cyber Offensive

Ok with my AI companion GROK I’ve gone exploring on the differences between Japan’s new cyber laws and the UK! This is more GROK than me, but I thought people might find this interesting!

Education

Supporting the Cyber Leadership Challenge

Earlier this year I had the honour of supporting the Cyber Leadership Challenge as a judge at the BT Tower! I’ve been a judge at Cyber 912 previously but I’ve always been doing that virtually, so it was great to be able to goto the event not via a webcam! The Cyber Leadership challenge is a national cyber emergency competition for UK university students. The students work in teams through an evolving national major cyber incident, so they will likely be thinking through areas many don’t give two seconds thought to, such as:

Leadership

What if breach communications were honest?

Armed with my trusty sidekick, this morning I thought I would see what an LLM would make if I asked it to create public comms for common cyber incidents…. for basically every scenario… it really wanted to tell everyone no data was accessed! Which is amazing, because in almost every incident I’ve seen: Data is accessed!

In a business email compromise (BEC) scenario…. the clue is in the name, it’s already a compromise of confidentiality!

Can AI replace intelligence analysts?

Ok, it’s late, and well I wanted to look into cyber attacks where social engineering is a key component combined with technical hacking skills.

There’s been a growing number of these style events, so I tasked GROK to create an assessment for me, let’s see how it did! Let’s both try and answer the questions:

Can GROK replace intelligence officers and can GROK help us defend better against social engineering + technical attacks? What do you think? (please take all of this with a pinch of salt… LLMs are known to make mistakes/hallucinate/lie in a very convincing manner)….

they look nice…. but looks can as we know, be deceiving! (is the entire blog just a social engineering experiment by me?)

Defense

Minimum Data Requirements for Investigating Email Mailbox Compromise

When a suspected email mailbox compromise is reported, initiating an investigation promptly is critical. However, to ensure the investigation is effective, certain minimum intelligence requirements must be met. This blog outlines the bare minimum data needed to start investigating a suspected email mailbox compromise, whether the intelligence comes from an internal team or a third-party source.

Education

Unravel the Mystery of Cyber Noir Detective: A Thrilling…

[This is why we need humans and not AI to write things!]

This is what an LLM said about my Cyber Noir game…. I think this is going to need me to write something! But that will come another day, today you can enjoy how humans are, not entirely replaced yet!

Enjoy! (perhaps just play the game!)

https://mr-r3b00t.github.io/cyber-detective

In the neon-drenched streets of Neon City, where high-tech crime and shadowy conspiracies collide, a new kind of detective story awaits. Cyber Noir Detective, an innovative choose-your-own-adventure game, invites players to step into the shoes of Riley Voss, a seasoned investigator tasked with thwarting a catastrophic cyber breach at NexCorp. This browser-based experience, crafted by cybersecurity experts at PwnDefend, blends immersive storytelling with subtle educational insights, making it a must-play for fans of interactive fiction, cyberpunk aesthetics, and digital security.

Education

Avoiding an infinite incident response cycle!

Incidents are a part of life, but so is understanding the scope and bounds of an incident. One subject that comes up form time to time is how to define what is and is not ‘part of the incident’. Not everyone uses the same terms, language or definitions (which is true of many things in life). But when it comes to cyber incidents on the ground, details matter, but so do decisions!

Is the role of incident response to solve all security challenges and gaps in an enterprise? Should the recovery phase mitigate all threats? should the entire business be changed due to an incident and is that the role of the response team? When do you define what is and what is not part of the response vs what is a business change project?