Cyber Essentials Readiness

So, you have a driver to achieve cyber essentials, great stuff. Now if you are a business of reasonable size and scale this activity requires a bit of planning, context and lots of access and data. This could be via a distributed team or via a dedicated project team. In this post I’m going to look at what you may need to conduct the planning, discovery, assessment, and certification for Cyber Essentials and/or CE+.

Guides

Cyber Essentials – Out of the Box

New machines means it’s easy right?

Ok, another post on cyber essentials! I talk about this quite a lot (mainly driven by procurement requirements rather than orgs expressing a deep desire to “have better security” (which is a shame)) however, I want to show people what the real world is like and that meeting cyber essentials is a good thing, but also to look at real world challenges of meeting the standards. In this post we look at some thought provoking questions, then we look at an out of the box Windows and MAC device to see if they meet the standard!

Guides

Adding a removing the mark of the web via…

A quick post becuase this is useful for security control testing:

If you want to enable MOTW (mark of the web) on a file you can run the following PowerShell cmdlet:

Set-Content -Path '.\safe3.rtf' -Stream Zone.Identifier -Value '[ZoneTransfer]','ZoneId=3'

This will set the alterate data stream (ADS) Zone.Identifier value to ZoneID=3 (Internet Zone)

You can unblock this with

Defence

Office Microsoft Support Diagnostic Tool (MSDT) Vulnerability “Follina”

This is a fast publish!

Confirmed all Office (ISO Install/PRO and 365) when using the Rich Text Format (RTF) method.

Office 365 has some sort of patch against the .DOCX format.

oh dear….
Windows 11 (not 100% up to date from APRIL)
Office 365 (should be fully patched)

.RTF

MSDT Exploit! pic.twitter.com/M2Xn1TxANX
— MrR3b00t | #StandWithUkraine #DefendAsOne (@UK_Daniel_Card) May 31, 2022

WGET Execution

Guides

Wireguard Client for Linux on KALI

So as always there are a million things in tech and well it’s rare that someone knows EVERYTHING. I must connect to a Wireguard VPN from a KALI VM. Should be simple, well actually it was a bit more complicated as I had two errors along the way!

Leadership

Cyber Leadership

Myth: you must be a “techie” to lead in the CYBERS

Ok so you might be sitting here going… but Dan you send pews and do “techy” stuff… do you not lead? Well, I mean I do all kinds of things, I write business cases, I play with spreadsheets (fun right!), I integrate systems and look at data and sometimes write really bad code! (hey, the pews aren’t going to send themselves!) but… I want to talk about some realities here.

Defence

CVE-2022-22972 & CVE-2022-22973

More VMware Workspace One Vulns

This is a fast publish

Vmware just released patches for two new vulnerabilities in Workspace One, followed by guidance from CISA to patch by May 23^rd or remove the devices from the network/internet!

“All Federal Civilian Executive Branch agencies must complete the following actions:

By 5:00 PM EDT on Monday, May 23, 2022:

Enumerate all instances of impacted VMware products [VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager] on agency networks.

Education

The CYBER GANG Cookbook

Volume 1

Introduction

I am sitting here, and I need another cup of tea, but I thought I’d start to have a think about what common “CYBER GANGS” look like. This isn’t criminal or non-criminal. But you know there’s some commonality between both. I thought this was fun little thinking exercise to show the duality of life, what digital worlds look like but also to give a glimpse into the mysteryious (its not!) world of cyberz (including crime!)

Threat Intel

KILLNET: Area they really a threat?

This is an evolving post and will likely be updated over time. Online “community” or “criminal gangs” etc. can be fluin and dynamic, thinking of them in rigid structures and trying to compare them to “In Real Life (IRL)” organisationas directly doesn’t really work. They work generally in a collective fashion. No masters and no slaves etc.

“Hacker” Groups

I don’t really like to use the term “hacker” in this sense, perhaps hacktivist or criminal groups is the right fit, however, words aside there is the question: Who is KILLNET, are they a threat and who are they a threat to?

Who is KILLNET?

KILLNET was suposedly formed as a resonse to the IT ARMY of Ukraine (Ukraine Cybe Army) (formed late Feb) which is odd given the first post from KILLNET was on January the 23rd and IT ARMY of UKRAINE setup their telegram on Feb 26th.

Defence

The Challenges of Cyber Essentials Audit and Compliance Activities

It’s “only” essential but it can be bloody difficult!
mRr3b00t

Cyber Essentials Areas

Cyber Essentials is a minimum baseline standard for ensuring foundational cyber security considerations and controls are in place. It’s a good starting point, but by no means should it be “THE GOAL” and just because it has “Essentials” in its name, don’t think it’s easy to comply with. Whilst the standard isn’t outlandish with its requirements in the main, the reality between technical capabilities and being able to discover, audit and remediate security configurations in organisations is often nowhere near as simple as someone may tell you. The news here is that the standard has been extended to include some wider areas.