Leadership

UK NCSC Active Cyber Defence (ACD)

Defending a single server is often far more complex than people apreciate, defending a single organisation is significantly harder than a single server, defending a country… a much more complex challenge than I think people actually realise.

What is ACD?

According to the NCSC:

The aim of ACD is to “Protect the majority of people in the UK from the majority of the harm caused by the majority of the cyber attacks the majority of the time.” We do this through a wide range of mechanisms, which at their core have the ability to provide protection at scale. 

ACD is intended to tackle the high-volume commodity attacks that affect people’s everyday lives, rather than the highly sophisticated and targeted attacks, which NCSC deal with in other ways.

UK NCSC
NCSC Active Cyber Defence

What is included?

The UK NCSC offer and run a range of Active Cyber Defence capabilities which include the following:

Read more “UK NCSC Active Cyber Defence (ACD)”
Education

Common Windows Services

Exploitation of common windows services is an important area of knowledge for both offense and defence.

  • Server Message Block (SMB)
  • Remote Desktop Protocol (RDP)
  • Windows Management Instrumentation (WMI)
  • Windows Remote Management (WinRM)
  • File Transfer Protocol (FTP)

Other common technology platforms in the Windows Stack Include

  • Active Directory Domain Services (ADDS)
  • Active Directory Certificate Services (ADCS)
  • Internet Information Services (IIS)
  • Microsoft SQL Server (MSSQL)

For now I’m just going to look at a few of the common protocols and vectors.

Read more “Common Windows Services”
Education

Nmap & CrackMapExec (CME)

The swiss army knife of the cyber world, it can port scan, fingerprint, produce reports and run scripts using the nmap scripting engine (NSE).

Why do we care about NMAP, surely everyone knows how to NMAP?

Well, that’s simply not true, it’s always important to tech new people, to revise and hone existing skills and the world of nmap scripting is constantly evolving.

Port scanning and fingerprinting let alone leaking sensitive data and conducting “attacks” is all possible. You can do a basic vulnerability scan with nmap alone!

Read more “Nmap & CrackMapExec (CME)”
Guides

I AM BRUTE

How long should you test brute force password attempts for?

Well, a recent Microsoft report showed the average RDP brute force attack over the internet lasted about 3 days. Now let’s take a look at what a single attacker machine (IP) can send to a single target server over a well-connected network (1GBE low latency):

Read more “I AM BRUTE”
Defence

Offensive KEV Updates! CISA releases 38 more CVEs to…

Life in the vulnerability and exploit space is never dull

Spotted on twitter (thanks Danny!):

https://www.zdnet.com/article/cisa-warning-hackers-are-exploiting-these-36-significant-cybersecurity-vulnerabilities-so-patch-now/

CISA updates the known exploited vulnerabilities list (KEV) yesterday with another 38 updates!

That means an update is required for OFFESNIVE KEV!

Read more “Offensive KEV Updates! CISA releases 38 more CVEs to KEV”
Guides

Testing Risky Egress Ports

Have you ever wanted to run a quick test of egress ports from userland from a windows machine?

Well worry not, I didn’t even have to write anything, the nice people at Black Hills security have done it for us. However I did decide that there’s a few other things we might want to do, so I made a quick modification, now we have colours, randomisation and some sleeps.

Read more “Testing Risky Egress Ports”
Copyright (c) Xservus Limited