News
Currently there appears to be a relatively significant cyber security incident at Marks and Spencer. So I thought I would give a demo of using AI (LLM, GROK) to create a timeline:
(since this is generated by an LLM please take this with a health pinch of salt, I wanted however to show the actual content and method I’ve used so people can understand it)
Defense
When a suspected email mailbox compromise is reported, initiating an investigation promptly is critical. However, to ensure the investigation is effective, certain minimum intelligence requirements must be met. This blog outlines the bare minimum data needed to start investigating a suspected email mailbox compromise, whether the intelligence comes from an internal team or a third-party source.
Read more “Minimum Data Requirements for Investigating Email Mailbox Compromise”
Education
[This is why we need humans and not AI to write things!]
This is what an LLM said about my Cyber Noir game…. I think this is going to need me to write something! But that will come another day, today you can enjoy how humans are, not entirely replaced yet!
Enjoy! (perhaps just play the game!)
https://mr-r3b00t.github.io/cyber-detective
In the neon-drenched streets of Neon City, where high-tech crime and shadowy conspiracies collide, a new kind of detective story awaits. Cyber Noir Detective, an innovative choose-your-own-adventure game, invites players to step into the shoes of Riley Voss, a seasoned investigator tasked with thwarting a catastrophic cyber breach at NexCorp. This browser-based experience, crafted by cybersecurity experts at PwnDefend, blends immersive storytelling with subtle educational insights, making it a must-play for fans of interactive fiction, cyberpunk aesthetics, and digital security.
Read more “Unravel the Mystery of Cyber Noir Detective: A Thrilling Interactive Adventure”
Education
Recently vibe coding has been the name of the game! So whilst dealing with an incident I was thinking about some of the common challenges organisations face when it comes to incident response, which led onto the broader topics of why do so many orgs either have no policies or defined processes but even when they do, people don’t follow them.
So much focus is given to cyber awareness training for ‘end users’ but not so much about training IT and business teams in how to manage incidents.
Enter: Gamified training + comic books + detectives!
Read more “A Cyber Noir Detective Game”
Leadership
Making security both an organisational support capability but also enabling business is not easy. Lots of the security activity is for obvious reasons not totally transparent. However one thing I want to show people is how you might want to tell existing and prospective customers about the way you approach security within your organisation. One way to do this is to show people how you align to the NCSC 14 Cloud Security Provider Principles.
Read more “Using cyber security investments as a business enabler”
Defence
Recently this subject has come up again, so thought I would create a post.
By default Windows comes with Quick assist, an RDP based service with is encapsulated in HTTPS, it allows users to both offer and request assistance between two Windows machines (remote control). You can read more here:
https://learn.microsoft.com/en-us/windows/client-management/client-tools/quick-assist
Read more “Disable and Remove Windows Quick Assist”
Education
If we look at the reality of cyber security on a personal level, it’s insanely complex. There are hundreds if not thousands of details that matter, under the microscope security is incredibly complex and contextual. Which makes it a nightmare outside of simple abstractions, because things get complex fast.
Read more “Making cyber security relatable to people”
Defence
Ok this morning I woke up really really early! I then went on a bit of a KQL thread on twitter, and then IRL work destroyed my plans to play in the lab. However I’m publishing this in its current state [use at own risk etc.] because I think it might help people! So let’s get to it:
These queries can help you identify 3 common active directory attack techniques from logs on a domain controller (this does not rely on ADCS logs etc.)
Read more “Hunting for common Active Directory Domain Services Exploitations”
Leadership
Ok a bit dramatic, but that’s often what you might feel if you spend lots of time in the vulnerability space (which if you work in cyber security.. you probably do!). We often hear about the NEXT: STUXNET, HEARTBLEED, WANNACRY/ETERNAL BLUE, LOG4J etc. but actually when it comes to it… the number of times we have word endangering unauthenticated remote code execution that is a danger to global society is far less than when we have other vulnerabilities. It’s the exception not the rule.
Read more “OMG The Cyber SKY is falling down!”
Leadership
A massively common analogy I see in security is the idea that security is like paying for insurance incase something goes wrong. I think this is great if you have 3 seconds only to describe security, but that’s not really how I have conversations with people. A sound bite isn’t reality, and to be honest I personally find that rather meaningless. I also know that many people don’t like or even pay for a range of insurance so when we look at how we try and improve digital security from a whole of society perspective, I think this phrase doesn’t work, it’s too narrow…
Read more “The business ‘value’ of Cyber Investments”