Defense

Threat Modelling 101

What is a threat?

https://csrc.nist.gov/glossary/term/threat

According to those clever people at NIST it is:

“Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.” Read more “Threat Modelling 101”

Defense

CyberChef Taster

A quick snack

Everyone knows about cyber chef, right? Well, I can tell you now that my misses knows so if you don’t now’s a great time to get to know! Cyber Chef is a tool created by GCHQ distrubted via an apache license that’s hosted on GitHub or you can download and run locally. Read more “CyberChef Taster”

Digital Butterfly Defense

Change Management 101

Managing Change (and releases)

This is an area that I think some might be interested in. I have worked with orgs of all shapes and sizes and one central area I find people struggle with is change management. I am not talking about organisational change management (that is another) but I am talking about the change of information systems or security controls.

Now you might be familiar with ITILv3/2011 and the PROCESS of change management or you might be in the new practise world of ITIL4 where it is called change enablement, or you might have no idea what I am rabbiting on about. That is ok that is why we are here!

The purpose of change management is (according to ITIL) to help minimise the risk of change for IT services.

Read more “Change Management 101”
Hand pointing towards cybery things Defense

Routine Security Governance and Management Activities you should plan…

Security Planning 101

I have been thinking about how organisations manage (or do not manage) their security postures from both a governance and management point of view. To help organisations that are just starting on their security improvement journey I thought I have put together a list of activities they may want to have in a forward schedule document (you could even call it a roadmap). It is not going to be all things to all people and different organisations and markets will have different requirements.

Read more “Routine Security Governance and Management Activities you should plan for”
Defense

Hunting a breach… CVE-2020-5902

I’ve spent the last 24 hours (including a sleeps) gathering intel, testing in the lab and looking at what the path traversal and RCE for the F5 BIG-IP as outlined in CVE-2020-5902 looks like.
Well I’ll be honest.. the whole scenario is a bit of a bloody mess! We’ve got people leaving management interfaces exposed to the internet, we’ve got a vulnerability that’s incredibly old in a security appliance (it’s not exactly uber 1337 either) and we’ve had the release scenario that’s probably ruined peoples weekends and weeks (I’m not going into an Offensive Securitry Tools debate/argument, if you want that go talk to a brick wall or someone else!)

Read more “Hunting a breach… CVE-2020-5902”
CTF

Try Hack Me: Part 5 – Game Zone

Getting my agent on!

Today we look at a vulnerable web application room based upon the Hitman series!

https://tryhackme.com/room/gamezone

This is a fun room where we see an old but common vulnerability in untrusted user input lead to sensitive information disclosure (hashed credentials) which results in a threat actor gaining initial access. From here we then discover there is a weak security configuration (in effective network segmentation) and a vulnerable unpatched service. This chain leads to total system compromise. Read more “Try Hack Me: Part 5 – Game Zone”

Guides

Owning the Covenant like a Chief! – C2 Framework…

Covenant is a .NET c2 (Command & Control) Framework that aims to highlight the attack surface of .NET and aid red teamers! Today I’m going to jump into slip space with a Halo themed blog on my first use of Covenant in the lab. Let’s hope I don’t need Cortana to get this deployed (yes I’m a massive Halo nerd!)

Installation

First thing let’s head over to GitHub and check out the install notes:

The architecture seems to look like this:

Read more “Owning the Covenant like a Chief! – C2 Framework Review”

Defense

Upgrading our file integrity monitoring solution using open source…

Protecting more than one server

Yesterday I published a quick blog which looked at what we could do an out of the box Windows server to monitor file integrity and audit/alert upon actions such as modify or deletes. This is however rather clunks and not really for business use, so next stop the open source world! Today we are going to look at OSSEC! Now before some people go mad about security and open source…. OSSEC is used in Alien Vault’s solution, is compliant with PCI and is used worldwide by loads of organisations and universities etc. Open source tools and security go hand in hand, stop with your crazy talk! Now we’ve got that rant over with let’s get onto the fun business!

OSSEC is an open source host intrusion detection solution which we can use to upgrade our auditing and alerting solution to be more feature rich and provide a centralised solution, for more info on OSSEC please visit their website – https://www.ossec.net/ Read more “Upgrading our file integrity monitoring solution using open source technologies – Part 1”

Breach

British Airways breach

Not what you want to see when you’ve just paid for a holiday!

As reported across major news networks over the world, British Airways has suffered a data breach that not only includes customer data but also includes payment details. Details from 380,000 customers have been accessed by an unauthorised third party. More details can be found on news sites such as:

https://www.theregister.co.uk/2018/09/06/british_airways_hacked/

https://www.bbc.com/news/uk-england-london-45440850

It’s likely that attackers have compromised a web service which is linked to payment services, however no specific details have been released yet so until then we can only speculate.

In this post we look at the information reported by British Airways, guidance for customers from BA, ourselves and NCSC but also we discuss the steps business’s should be taking to ensure they have a strong security posture, especially where customer data is concerned. Read more “British Airways breach”