Vulnerabilities
ESXIArgs Vulnerable ESXi Spreadsheet
I knocked this up quickly but I “think” it’s accurate. Use at own risk etc.
Let me know if you find any errors/changes required etc.
Vulnerabilities
Vulnerabilities
Education
How to get some OPSEC with Kali?
There are major questions that must be answered here!
- How do we change the hostname in KALI Linux?
- How do we change the default TTL to look like a Windows Machine?
- How do we pretend to be a SAMSUNG device/How do we change our MAC address?
Getting into Cyber
How to get into Cyber? It’s EASY!
Quick, I’ll tell you a little secret… to get into CYBER you must first follow this guide:
Now if you are going to GET INTO CYBER you need to have a range of things:
- Computer Hacking Skills
- Num-chuk Skills
Right ok, so let’s get some Hacking Skills!
Head over to KALI LINUX and download KALI
Read more “How to get into Cyber? It’s EASY!”
Threat Intel
ESXiARGS Ransomware – Global Incident
Thousands of ESXi hosts around (some of the) globe have been encrypted by cyber criminals. This post is a fast publish showing some of what has occurred, it’s impact and now includes limited remedial advice.
If you have been affected by this ransomware event there is an attempted recovery script by CISA
https://github.com/cisagov/ESXiArgs-Recover/blob/main/recover.sh
Read more “ESXiARGS Ransomware – Global Incident”
Leadership
Why is security so hard?
- It requires being thorough.
- It required documenting things.
- It requires conducting training and drills.
- It adds what can be viewed as additional effort/cost to the primary goals (sell widgets/services/time)
- It involves weird and wonderful ways of abusing functionality that is not always apparent or expected, thus to the typical consumers/user of a service, the idea that it might be abused actually seems very unlikely (to a criminal or security pro, the idea it will be abused seems far more likely based on threat intelligence etc.)
Leadership
Technology in the Wild
Whilst every marketing person will talk about the latest and greatest tech innovation and product, how much does that reflect the reality of technology deployed in the world? Everyone is running Windows 11 and Windows Server 2022 right?! They also don’t use computers, because everything is cloud and mobile first right! and security, well everyone has that down as well! Great… let’s just go and check those statements out… oh wait…. no maybe err.. let’s take a look with our friends at shodan.io
Read more “Technology in the Wild”
Defence
Threat hunting with some funny results!
You never know what you will find when you go hunting! So here’s a quick tale of an explore I did using Advanced Hunting!
I went hunting here in Advanced Hunting:
Read more “Threat hunting with some funny results!”
Threat Intel
Simulating Human Operated Discovery
Did you want to check out some of your detections? This isn’t everything of course but it’s a simple batch file to simulate a range of enumeration techniques used by actors like CONTI or LOCKBIT affiliates/operators:
Read more “Simulating Human Operated Discovery”
Uncategorized
Hunting for New Group Policies Where Scheduled Tasks are…
A common way to deploy an encryption routine used in Ransomware scenarios is to create a scheduled task to launch a cyptor exe. This is commonly deployed via a Group Policy Object (GPO).
So I wanted to look at how with Microsoft Defender for Endpoint (MDE) we could detect this both on domain controllers but also on CLIENT devices (MEMBER SERVERS/PCs)
Read more “Hunting for New Group Policies Where Scheduled Tasks are used”
Guides
Volume Shadow Copy
If you are having fun today with Defender ASR deleting lnk files then you will see the MS Script has a v1.1 which looks to VSS to see if it can restore shortcuts from shadow copies, so whilst here I thought I’d note down a few different ways to list the Volume Shadow Copies.
You will need admin rights for these to work:
Read more “Volume Shadow Copy”