Education

A Cyber Noir Detective Game

Recently vibe coding has been the name of the game! So whilst dealing with an incident I was thinking about some of the common challenges organisations face when it comes to incident response, which led onto the broader topics of why do so many orgs either have no policies or defined processes but even when they do, people don’t follow them.

So much focus is given to cyber awareness training for ‘end users’ but not so much about training IT and business teams in how to manage incidents.

Enter: Gamified training + comic books + detectives!

Read more “A Cyber Noir Detective Game”
Leadership

Using cyber security investments as a business enabler

Making security both an organisational support capability but also enabling business is not easy. Lots of the security activity is for obvious reasons not totally transparent. However one thing I want to show people is how you might want to tell existing and prospective customers about the way you approach security within your organisation. One way to do this is to show people how you align to the NCSC 14 Cloud Security Provider Principles.

Read more “Using cyber security investments as a business enabler”
Defence

Hunting for common Active Directory Domain Services Exploitations

Ok this morning I woke up really really early! I then went on a bit of a KQL thread on twitter, and then IRL work destroyed my plans to play in the lab. However I’m publishing this in its current state [use at own risk etc.] because I think it might help people! So let’s get to it:

These queries can help you identify 3 common active directory attack techniques from logs on a domain controller (this does not rely on ADCS logs etc.)

Read more “Hunting for common Active Directory Domain Services Exploitations”
Leadership

OMG The Cyber SKY is falling down!

Ok a bit dramatic, but that’s often what you might feel if you spend lots of time in the vulnerability space (which if you work in cyber security.. you probably do!). We often hear about the NEXT: STUXNET, HEARTBLEED, WANNACRY/ETERNAL BLUE, LOG4J etc. but actually when it comes to it… the number of times we have word endangering unauthenticated remote code execution that is a danger to global society is far less than when we have other vulnerabilities. It’s the exception not the rule.

Read more “OMG The Cyber SKY is falling down!”
Leadership

The business ‘value’ of Cyber Investments

A massively common analogy I see in security is the idea that security is like paying for insurance incase something goes wrong. I think this is great if you have 3 seconds only to describe security, but that’s not really how I have conversations with people. A sound bite isn’t reality, and to be honest I personally find that rather meaningless. I also know that many people don’t like or even pay for a range of insurance so when we look at how we try and improve digital security from a whole of society perspective, I think this phrase doesn’t work, it’s too narrow…

Read more “The business ‘value’ of Cyber Investments”
Defence

A threat actor is inside your perimeter… what routes…

Ok that subject is massive…so this is a bit more of a targeted thought process to consider.

Each network is unique and technology deployments vary. One time I was in a network that was almost entirely Apple MacBooks and a door control panel…. which was ‘fun’.

So this is a general list of some things to consider if you have tech deployed such as:

  • Active Directory
  • Printers
  • SCCM
  • MSSQL
Read more “A threat actor is inside your perimeter… what routes are there for attacks?”
Defence

What are the top Active Directory Security vulnerabilities I…

Ok so here’s the thing, I do NOT like getting pwn3d! I think you probably would rather your organisation does not too!

What I really don’t want to occur is a ransomware event! They suck, they are like a digital bomb going off.

So I’ve knocked up a quick list to get people thinking (these are NOT all the vulnerabilities I networks you should care about.. but they are some that could lead to a ransomware event!)

Read more “What are the top Active Directory Security vulnerabilities I care about?”
CTI Investigation Demo Threat Intel

Threat Analysis Tools

I’ve not blogged in a while, but I wanted to put down a note of some useful tools people can use to help them combat cyber crime.

This isn’t going to be an in depth look at each tool, however I do want to, in the near future, try and do some demos/videos etc. of how to investigate potential/suspected or identified threats. I’ll drop a list of some of the useful tools below and also do a quick demo of investigating an event (from this blog)

Read more “Threat Analysis Tools”