Education
If we look at the reality of cyber security on a personal level, it’s insanely complex. There are hundreds if not thousands of details that matter, under the microscope security is incredibly complex and contextual. Which makes it a nightmare outside of simple abstractions, because things get complex fast.
Read more “Making cyber security relatable to people”
Leadership
I’ve been around a bit now, I started ‘playing’ with technology very young as a kid! Wolf 3D/Doom era etc (ok even before that but whatever) …
In my professional career I’ve worked with literally hundreds of companies, from mega to small, from household names that sell games consoles through to orgs that sell you yummy food! I’ve worked across loads of industries from government through to manufacturing. I’ve dealt with major incidents for the finance sector, healthcare but also, I’ve been inside a range of networks for some time.
Read more “Cyber Leadership – Real Life Incidents over the years!”
Defence
Ok this morning I woke up really really early! I then went on a bit of a KQL thread on twitter, and then IRL work destroyed my plans to play in the lab. However I’m publishing this in its current state [use at own risk etc.] because I think it might help people! So let’s get to it:
These queries can help you identify 3 common active directory attack techniques from logs on a domain controller (this does not rely on ADCS logs etc.)
Read more “Hunting for common Active Directory Domain Services Exploitations”
Leadership
A massively common analogy I see in security is the idea that security is like paying for insurance incase something goes wrong. I think this is great if you have 3 seconds only to describe security, but that’s not really how I have conversations with people. A sound bite isn’t reality, and to be honest I personally find that rather meaningless. I also know that many people don’t like or even pay for a range of insurance so when we look at how we try and improve digital security from a whole of society perspective, I think this phrase doesn’t work, it’s too narrow…
Read more “The business ‘value’ of Cyber Investments”
Defence
Ok so here’s the thing, I do NOT like getting pwn3d! I think you probably would rather your organisation does not too!
What I really don’t want to occur is a ransomware event! They suck, they are like a digital bomb going off.
So I’ve knocked up a quick list to get people thinking (these are NOT all the vulnerabilities I networks you should care about.. but they are some that could lead to a ransomware event!)
Read more “What are the top Active Directory Security vulnerabilities I care about?”
Threat Intel
I’ve not blogged in a while, but I wanted to put down a note of some useful tools people can use to help them combat cyber crime.
This isn’t going to be an in depth look at each tool, however I do want to, in the near future, try and do some demos/videos etc. of how to investigate potential/suspected or identified threats. I’ll drop a list of some of the useful tools below and also do a quick demo of investigating an event (from this blog)
Read more “Threat Analysis Tools”
Education
have you ever wanted to port forward from a Windows Host to a WSl2 KALI VM when you are using a NAT’d virtual switch configuraiton with WSL2?
Read more “Port Forwarding with WSL2”
Hacking
My friend Lars and I were just talking about some of the research areas we are working on and randomly the conversation turned into “what shall we call it?” and then LDAPNomNom came up! So I whilst laughing (coz the name is lulz) with my buddy I downloaded and ran LDAPNomNom against a lab vm quickly! (Lars also fixed an error with readme.md that I pointed out coz my debug skillz ROCK! 😛 )
So here we have me doing username enumeration via LDAP Ping using LDAPNOMNOM!
Read more “Stealthy Active Directory Username Enumeration with LDAPNomNom”
Fiction
It was a dark and stormy night, and a lone figure sat hunched over their computer screen, typing away at lightning speed. This was no ordinary person – this was a hacker, one of the most skilled and dangerous in the world.
Read more “Caught: A Hacker Adventure”
Education
Whilst the common person will largely link the words “hacker/hackers” to criminal the reality is hackers are scientists/artists/creators/ComputerOperators and the choice of being a criminal or not is down to actions and consequences. So the debate about if you identify as “hacker” does that make you a criminal, well it’s nonsense isn’t it. I could call myself a pony but it won’t make me one, much like I could call myself a criminal and I could be entirely law abiding.
Read more “Am I a criminal or am I a cybersecurity crime fighter?”