Threat Analysis Tools

I’ve not blogged in a while, but I wanted to put down a note of some useful tools people can use to help them combat cyber crime.

This isn’t going to be an in depth look at each tool, however I do want to, in the near future, try and do some demos/videos etc. of how to investigate potential/suspected or identified threats. I’ll drop a list of some of the useful tools below and also do a quick demo of investigating an event (from this blog)

Education

Cyber Tips for Normies (without the FUD)

The Cyber Threat landscape in 2023

The digital world is complex and cyber threats appear to be around every corner. What we need to do however is look at how we can enable people and keep them safe from common (realistic) threats that they will almost certainly face (rather than saying everything is a risk!), The intent of this post is to tackle key common threats, risks and vulnerabilities (and countermeasures). It is high level, it is a generic and general, it is not a bespoke tailored guide for each person. It does not cover every single risk scenario someone may face, it simply looks at what I think people may want to focus on (given what I see). (I’m having to caveat this loads to try and stop the tin foil hat loonies making a scene about edge cases I haven’t covered)

Education

Protective DNS (PDNS) by NCSC UK adds UK schools

This week NCSC have begun accepting UK schools for access to the PDNS.

https://www.ncsc.gov.uk/blog-post/introducing-pdns-for-schools

to register (if you are eligible) use this URL: https://www.protectivedns.service.ncsc.gov.uk/pdns

you can view the terms and conditions here: https://www.signin.service.ncsc.gov.uk/terms-and-conditions

PDNS is a protective DNS service which helps protect public sector organisations (and private sector services who deliver government services)

Government
Healthcare
Local Authorities
MOD

https://www.ncsc.gov.uk/information/pdns

PDNS is delivered by Nominet. Read more “Protective DNS (PDNS) by NCSC UK adds UK schools” →

Defence

No one is responsible for your OWN Cyber Defences…

Introduction

I talk to hundreds or maybe even thousands of people online. I work in the Cyber security industry, I worked previously with central government, local authorities, finance, third sector, healthcare, defence and well most verticals of business. I often see people comment online about how “GCHQ has failed” or some other silly nonsense when it comes to an organisation (not GCHQ) being victim to a cyber incident.

I fear the world has watched a few too many Bond and Bourne films and let’s their imaginations run wild! The true reality of defending cyberspace is frankly vastly different to what I think people believe it is.

Hacking

The Manual Version 2.0

Working in Cyber security can expose you to all kinds of information. I’m an offensive and defensive security architect and occasional (haha that’s daily right!) pew pew slinger (pentester) and I am also a threat intelligence practioner (CTI) (we need The Many Hats Club back!). Which is why sometimes when things appear on the internet I think I decide to take a look.

Education

Cyber Security for PC Gamers

Introduction

The other day there was a lot of focus on “ATLASOS” a rather oddly branded project, just to be clear:

ATLASOS is NOT AN Operating System (OS) (despite it’s name!)

ATLASOS (at the time of writing) disables basically the majority of Windows Security features including:

Defender
Smart Screen
Windows Update
Spectre/Meltdown Mitigations

Basically, if you can think of “nightmare” in the cyber world, ATLASOS’s security posture is basically that (in my opinion)! That said, it’s cool from a nerd Windows customization/build pov, however based on my initial investigations I would strong recommend NOT using it on a “PRODUCTION” system (or anything that’s connected to the internet!).

Education

Active Directory Attacks – “It’s cold out here”

Scenario

In this scenario it is assumed you do not have credentials, but you do have either adjacent or routable access to an Active Directory Domain Controller and can access common ports/services such as: LDAP, LDAPS, SMB, NETBIOS, KERBEROS, DNS

Education

Port Forwarding with WSL2

have you ever wanted to port forward from a Windows Host to a WSl2 KALI VM when you are using a NAT’d virtual switch configuraiton with WSL2?

Vulnerabilities

Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2023-23397)

Regarding: CVE-2023-23397

This is a fast publish, use at own risk.

See guidance from Microsoft: CVE-2023-23397 – Security Update Guide – Microsoft – Microsoft Outlook Elevation of Privilege Vulnerability

If you need to mitigate the latest Outlook vulnerability which abuses an SMB/WebDav call using the Calendar invite feature you can consider the following:

Leadership

Adopting an Attacker Mindset to Defend Healthcare

This post started as a reply to a great topic on LinkedIn, but I hit the character limit so now it’s a blog post!

Years ago I simulated attacks (authorized obviously for the people that have wild imaginations) on a customer which included a physical attack where I walked into a healthcare organization, armed with a suit a smile (and a USB key) I needed to gain access and attempt to move laterally and escalate privileges.