Defence
This is a fast publish!
Confirmed all Office (ISO Install/PRO and 365) when using the Rich Text Format (RTF) method.
Office 365 has some sort of patch against the .DOCX format.
Defence
This is a fast publish
Vmware just released patches for two new vulnerabilities in Workspace One, followed by guidance from CISA to patch by May 23rd or remove the devices from the network/internet!
“All Federal Civilian Executive Branch agencies must complete the following actions:
By 5:00 PM EDT on Monday, May 23, 2022:
Enumerate all instances of impacted VMware products [VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager] on agency networks.
Read more “CVE-2022-22972 & CVE-2022-22973”
Education
Volume 1
I am sitting here, and I need another cup of tea, but I thought I’d start to have a think about what common “CYBER GANGS” look like. This isn’t criminal or non-criminal. But you know there’s some commonality between both. I thought this was fun little thinking exercise to show the duality of life, what digital worlds look like but also to give a glimpse into the mysteryious (its not!) world of cyberz (including crime!)
Read more “The CYBER GANG Cookbook”
Threat Intel
This is an evolving post and will likely be updated over time. Online “community” or “criminal gangs” etc. can be fluin and dynamic, thinking of them in rigid structures and trying to compare them to “In Real Life (IRL)” organisationas directly doesn’t really work. They work generally in a collective fashion. No masters and no slaves etc.
I don’t really like to use the term “hacker” in this sense, perhaps hacktivist or criminal groups is the right fit, however, words aside there is the question: Who is KILLNET, are they a threat and who are they a threat to?
KILLNET was suposedly formed as a resonse to the IT ARMY of Ukraine (Ukraine Cybe Army) (formed late Feb) which is odd given the first post from KILLNET was on January the 23rd and IT ARMY of UKRAINE setup their telegram on Feb 26th.
Read more “KILLNET: Area they really a threat?”
Defence
It’s “only” essential but it can be bloody difficult!
mRr3b00t
Cyber Essentials is a minimum baseline standard for ensuring foundational cyber security considerations and controls are in place. It’s a good starting point, but by no means should it be “THE GOAL” and just because it has “Essentials” in its name, don’t think it’s easy to comply with. Whilst the standard isn’t outlandish with its requirements in the main, the reality between technical capabilities and being able to discover, audit and remediate security configurations in organisations is often nowhere near as simple as someone may tell you. The news here is that the standard has been extended to include some wider areas.
Read more “The Challenges of Cyber Essentials Audit and Compliance Activities”
Hacking
Ok imagine this, you have got access to a file server and behold you find an unsecured, unencrypted backup of a domain controller (this isn’t made up I find these in networks sometimes!) and you yoink the NTDS.dit (or maybe it’s just a workstation SAM/SYSTEM file), you extract the hashes but now what, you need to crack those bad boys!
Check out the MS docs on how NT or LM Hashes are computed(hashed)! – (thanks @ANeilan for spotting my mistake!)
[MS-SAMR]: Encrypting an NT or LM Hash | Microsoft Docs
Read more “How to Crack NTHASH (commonly referred to as NTLM) password hashes?”
Defence
Sir Jeremy Fleming was speaking at CyberUK, the UK’s flagship cyber security conference this week.
The full presentation is here but I’ve picked out some key highlights.
“Of course, we can count ourselves lucky compared to those caught up in wars, but we are also seeing a heightened cyber risk. Cyber criminals are consistently evolving their tactics; the lines are blurring with hostile state activity and ransomware remains a real threat.”
“Cyber clearly matters to everyone.”
“At the global level, the UK has developed as a cyber power. Alongside the more traditional forms of diplomacy and statecraft, cyber now plays a vital role in our national security and prosperity.”
Read more “The Director of GCHQ speaks at CyberUK 2022”
Leadership
I’m sitting here drinking a cup of tea and thought I’d jot down some of the things I tend to think about. I figured this might help people consider aspects of “cyber” that they might not have considered before.
Read more “CYBER CYBER CYBER – What cyber means for the world in the modern age”
Leadership
Yesterday I was asked about “attack volumes” I see in the PwnDefend HoneyNet and it reminded me about what people think an “ATTACK” is and therefore spring my brain into thinking about how we as an industry communicate. Far too often I see “number of ATTACKS” being used my marketing/sales etc. where the numbers are simply ridiculous and not reflective of how offensive cyber operations actually work.
Let’s look at some examples:
Read more “Cyber Events vs Incident vs Attack”“Gov. Greg Abbott warns Texas agencies seeing 10,000 attempted cyber attacks per minute from Iran”
Gov. Greg Abbott – article in the Texas Tribune by CASSANDRA POLLOCK
Leadership
I thought it would be fun to explore what people do with regards to Cyber Securityleadeship, budgets, contraints and realities of business change. So here’s a blog post to supliment my thread on twitter:
please note: the list below is based on experiance, it’s also a list I made whilst drinking about half a cup of tea so it’s not complete or “the answer” it’s just some observations about an approach I advocate.
Read more “Tabletop: “you have 400 servers; 800 users and your cyber security budget is 100K…. what do you do?””