Whilst the common person will largely link the words “hacker/hackers” to criminal the reality is hackers are scientists/artists/creators/ComputerOperators and the choice of being a criminal or not is down to actions and consequences. So the debate about if you identify as “hacker” does that make you a criminal, well it’s nonsense isn’t it. I could call myself a pony but it won’t make me one, much like I could call myself a criminal and I could be entirely law abiding.Read more “Am I a criminal or am I a cybersecurity crime fighter?”
Do you ever get the feeing you are being watched? What about listening to it? Do you ever talk about a subject and then see it appear in adverts despite never using a computer to search for it?
Well don’t worry there’s lots of reasons as to why this can occur, and whilst you might want to think someone is spying on you, the truth is they probably aren’t looking for you, but they might be harvesting your data.Read more “Is my house spying on me?”
The digital explosion, the consumerization of technology and the world of internet connected fridges leads to a range of security and privacy risks.
There’s lots of work that’s occurred in this space, for example there is the : Code of Practice for Consumer IoT SecurityRead more “IoT Security”
Ransomware this, ransomware that! The problem is, you can be tired of the subject but that doesn’t mean the threat has gone away! So what are the currently active ransomware groups posting victims?
Well here’s a list of currently active group (Both Ransomware and Marketplaces) names who have ONLINE “DARK WEB” (TOR) hidden services online and who are posting victims or are markets:Read more “Active Cybercrime Groups”
I was pottering about (not like a wizard, more like a cold infected zombie!) and an email hit my mailbox with the “Head of Cyber Architecture” at BA. I have no intention of applying but I thought.. I wonder if this is a good exercise to show people how I would go about the exercise? Well to even begin this I need to write down some notes. So I guess here we go… how far I get into this “fantast football” style scenario who knows, but hopefully it will show some people how I might do things! First up let’s look at the raw requirement:Read more “How would I apply to the role of “Head of Cyber Architecture””
Firstly, what is DNSSEC?
Ok read all that good. What we are talking about here is signing a DNS zone to “assure” that the client is getting DNS responses from the right ZONE data. DNSSEC does not encrypt the conversation between DNS client and DNS server. It does enable the client to be able to check if the data it gets back is valid. In short what we are doing is validating that the “data” being returned is authorized and not tampered with.Read more “DNSSEC – why not having a signed zone is almost never going to lead to you getting pwn3d”
There are major questions that must be answered here!
- How do we change the hostname in KALI Linux?
- How do we change the default TTL to look like a Windows Machine?
- How do we pretend to be a SAMSUNG device/How do we change our MAC address?
Quick, I’ll tell you a little secret… to get into CYBER you must first follow this guide:
Now if you are going to GET INTO CYBER you need to have a range of things:
- Computer Hacking Skills
- Num-chuk Skills
Right ok, so let’s get some Hacking Skills!
Head over to KALI LINUX and download KALIRead more “How to get into Cyber? It’s EASY!”
Thousands of ESXi hosts around (some of the) globe have been encrypted by cyber criminals. This post is a fast publish showing some of what has occurred, it’s impact and now includes limited remedial advice.
If you have been affected by this ransomware event there is an attempted recovery script by CISARead more “ESXiARGS Ransomware – Global Incident”
- It requires being thorough.
- It required documenting things.
- It requires conducting training and drills.
- It adds what can be viewed as additional effort/cost to the primary goals (sell widgets/services/time)
- It involves weird and wonderful ways of abusing functionality that is not always apparent or expected, thus to the typical consumers/user of a service, the idea that it might be abused actually seems very unlikely (to a criminal or security pro, the idea it will be abused seems far more likely based on threat intelligence etc.)