The CYBER GANG Cookbook

Volume 1

Introduction

I am sitting here, and I need another cup of tea, but I thought I’d start to have a think about what common “CYBER GANGS” look like. This isn’t criminal or non-criminal. But you know there’s some commonality between both. I thought this was fun little thinking exercise to show the duality of life, what digital worlds look like but also to give a glimpse into the mysteryious (its not!) world of cyberz (including crime!)

Threat Intel

KILLNET: Area they really a threat?

This is an evolving post and will likely be updated over time. Online “community” or “criminal gangs” etc. can be fluin and dynamic, thinking of them in rigid structures and trying to compare them to “In Real Life (IRL)” organisationas directly doesn’t really work. They work generally in a collective fashion. No masters and no slaves etc.

“Hacker” Groups

I don’t really like to use the term “hacker” in this sense, perhaps hacktivist or criminal groups is the right fit, however, words aside there is the question: Who is KILLNET, are they a threat and who are they a threat to?

Who is KILLNET?

KILLNET was suposedly formed as a resonse to the IT ARMY of Ukraine (Ukraine Cybe Army) (formed late Feb) which is odd given the first post from KILLNET was on January the 23rd and IT ARMY of UKRAINE setup their telegram on Feb 26th.

Defence

The Challenges of Cyber Essentials Audit and Compliance Activities

It’s “only” essential but it can be bloody difficult!
mRr3b00t

Cyber Essentials Areas

Cyber Essentials is a minimum baseline standard for ensuring foundational cyber security considerations and controls are in place. It’s a good starting point, but by no means should it be “THE GOAL” and just because it has “Essentials” in its name, don’t think it’s easy to comply with. Whilst the standard isn’t outlandish with its requirements in the main, the reality between technical capabilities and being able to discover, audit and remediate security configurations in organisations is often nowhere near as simple as someone may tell you. The news here is that the standard has been extended to include some wider areas.

Hacking

How to Crack NTHASH (commonly referred to as NTLM)…

Ok imagine this, you have got access to a file server and behold you find an unsecured, unencrypted backup of a domain controller (this isn’t made up I find these in networks sometimes!) and you yoink the NTDS.dit (or maybe it’s just a workstation SAM/SYSTEM file), you extract the hashes but now what, you need to crack those bad boys!

Check out the MS docs on how NT or LM Hashes are computed(hashed)! – (thanks @ANeilan for spotting my mistake!)

[MS-SAMR]: Encrypting an NT or LM Hash | Microsoft Docs

Defence

The Director of GCHQ speaks at CyberUK 2022

Sir Jeremy Fleming was speaking at CyberUK, the UK’s flagship cyber security conference this week.

The full presentation is here but I’ve picked out some key highlights.

“Of course, we can count ourselves lucky compared to those caught up in wars, but we are also seeing a heightened cyber risk. Cyber criminals are consistently evolving their tactics; the lines are blurring with hostile state activity and ransomware remains a real threat.”

“Cyber clearly matters to everyone.”

“At the global level, the UK has developed as a cyber power. Alongside the more traditional forms of diplomacy and statecraft, cyber now plays a vital role in our national security and prosperity.”

Leadership

CYBER CYBER CYBER – What cyber means for the…

I’m sitting here drinking a cup of tea and thought I’d jot down some of the things I tend to think about. I figured this might help people consider aspects of “cyber” that they might not have considered before.

Leadership

Security Myths and Bad Advice

It must be good, someone posted about it on LinkedIn!

Ok this isn’t my normal jam, normally I’d just write something that’s hopefully good advice/practise and that would be that. But today let’s try something different!

This was inspired by a twitter convo which evolved into this: https://twitter.com/UK_Daniel_Card/status/1522138771789123584?s=20&t=dL9OkicTY2Orj5hfBtDvVQ

So… what are some cyber security myths that ended up being good practise or “good advice”? Well here’s what I came up with, supported by some awesome cyber community people!

Education

Real World Consumer Cyber Security

Cyber in the Consumer World

My focus normally is on business to business (B2B) environments and “Enterprise” computing and cyber security. However, I’ve been known to venture into the consumer world from time to time. I wondered whether people would be interested in exploring with me what cyber security in the consumer world look like?

Last week I set on an adventure to see what “hacking” myself might look like. I’m thinking that there might be more to this than a fleeting glance at Instagram hacking and a bit of fun on twitter with alts. Maybe we need to look at consumer security and how/if we have got a good user experience in this space?

Leadership

Cyber Events vs Incident vs Attack

Cyber Events

Yesterday I was asked about “attack volumes” I see in the PwnDefend HoneyNet and it reminded me about what people think an “ATTACK” is and therefore spring my brain into thinking about how we as an industry communicate. Far too often I see “number of ATTACKS” being used my marketing/sales etc. where the numbers are simply ridiculous and not reflective of how offensive cyber operations actually work.

Let’s look at some examples:

“Gov. Greg Abbott warns Texas agencies seeing 10,000 attempted cyber attacks per minute from Iran”
Gov. Greg Abbott – article in the Texas Tribune by CASSANDRA POLLOCK

Leadership

Tabletop: “you have 400 servers; 800 users and your…

CISO Tabletop Scenario Intro

I thought it would be fun to explore what people do with regards to Cyber Securityleadeship, budgets, contraints and realities of business change. So here’s a blog post to supliment my thread on twitter:

MrR3b00t | #StandWithUkraine #DefendAsOne on Twitter: “Tabletop: you have 400 servers, 800 users and your cyber security budget is 100K…. what do you do? https://t.co/Nw0Pd7rH8L” / Twitter

please note: the list below is based on experiance, it’s also a list I made whilst drinking about half a cup of tea so it’s not complete or “the answer” it’s just some observations about an approach I advocate.