education – PwnDefend

Cybercrime and data theft

During an incident it’s one of the first questions people ask, what did the attacker do? Did they steal any data? How did they do it?

All of which are typically rather difficult to answer in the first, probably week of an incident (incidents vary, sometimes it’s very obvious, other times you can’t be 100% sure on some details!)

But recently I’ve been talking lots about the way organisations communicate during incidents to their customers and the public etc. I’ve been explaining that the day 0 comms of ‘no data was stolen’ followed by a ‘lots of data was stolen’ in say day zero plus five… well it doesn’t help with my my trust in the victim organisation. Which to me, seems like an odd strategy for organisations to take. They have options:

Threat Intel

The Com, 764, and Associated Groups

In evaluating capabilities for LLMs (AI) recently, I’m looking at the viability of creating more content with them. I’m explicitly calling out where I do, aside from my writing style, I’m also keen to show the pros and cons. Do LLMs replace humans? Not from my experience so far. I’ve been looking at combined physical + digital attacks recently and the associated threat classes… I’m trying to avoid the word group or gang, because collectives are slightly different and are dynamic, almost mission focused if you will.

Fiction

Getting to the coffee shop like a SPY

Chances are, no one’s actually watching you — but in a world full of cameras, phones, and digital breadcrumbs, it’s smart to know how to move with a little more privacy. Whether you’re heading to your favorite coffee shop or just want to practice slipping through the city unnoticed, this guide will help you stay low-profile without going full secret agent. It’s about blending in, being unpredictable, and keeping your personal movements personal — all without looking over your shoulder every five seconds. Staying aware doesn’t mean being paranoid — it just means being prepared (and maybe a little cooler than the average pedestrian).

Threat Intel

Defending Against Scattered Spider

Defending against different skilled threat classes is an important thing to consider when you are planning, designing and operating a business. I’ve used GROK (AI) to create an html page which has both information on the kill chains, but also looks at countermeasures. I’m experimenting lots with VIBE coding and LLM assisted content generation so hopefully this proves useful. I do feel it needs a more human touch added as well… but let’s see! life without experimentation would be dull would it not!

Defense

Minimum Data Requirements for Investigating Email Mailbox Compromise

When a suspected email mailbox compromise is reported, initiating an investigation promptly is critical. However, to ensure the investigation is effective, certain minimum intelligence requirements must be met. This blog outlines the bare minimum data needed to start investigating a suspected email mailbox compromise, whether the intelligence comes from an internal team or a third-party source.

Education

Unravel the Mystery of Cyber Noir Detective: A Thrilling…

[This is why we need humans and not AI to write things!]

This is what an LLM said about my Cyber Noir game…. I think this is going to need me to write something! But that will come another day, today you can enjoy how humans are, not entirely replaced yet!

Enjoy! (perhaps just play the game!)

https://mr-r3b00t.github.io/cyber-detective

In the neon-drenched streets of Neon City, where high-tech crime and shadowy conspiracies collide, a new kind of detective story awaits. Cyber Noir Detective, an innovative choose-your-own-adventure game, invites players to step into the shoes of Riley Voss, a seasoned investigator tasked with thwarting a catastrophic cyber breach at NexCorp. This browser-based experience, crafted by cybersecurity experts at PwnDefend, blends immersive storytelling with subtle educational insights, making it a must-play for fans of interactive fiction, cyberpunk aesthetics, and digital security.

Education

A Cyber Noir Detective Game

Recently vibe coding has been the name of the game! So whilst dealing with an incident I was thinking about some of the common challenges organisations face when it comes to incident response, which led onto the broader topics of why do so many orgs either have no policies or defined processes but even when they do, people don’t follow them.

So much focus is given to cyber awareness training for ‘end users’ but not so much about training IT and business teams in how to manage incidents.

Enter: Gamified training + comic books + detectives!

Leadership

Using cyber security investments as a business enabler

Making security both an organisational support capability but also enabling business is not easy. Lots of the security activity is for obvious reasons not totally transparent. However one thing I want to show people is how you might want to tell existing and prospective customers about the way you approach security within your organisation. One way to do this is to show people how you align to the NCSC 14 Cloud Security Provider Principles.

Defence

Disable and Remove Windows Quick Assist

Recently this subject has come up again, so thought I would create a post.

By default Windows comes with Quick assist, an RDP based service with is encapsulated in HTTPS, it allows users to both offer and request assistance between two Windows machines (remote control). You can read more here:

https://learn.microsoft.com/en-us/windows/client-management/client-tools/quick-assist

Education

Making cyber security relatable to people

If we look at the reality of cyber security on a personal level, it’s insanely complex. There are hundreds if not thousands of details that matter, under the microscope security is incredibly complex and contextual. Which makes it a nightmare outside of simple abstractions, because things get complex fast.