education – Page 5

Technology in the Wild

Whilst every marketing person will talk about the latest and greatest tech innovation and product, how much does that reflect the reality of technology deployed in the world? Everyone is running Windows 11 and Windows Server 2022 right?! They also don’t use computers, because everything is cloud and mobile first right! and security, well everyone has that down as well! Great… let’s just go and check those statements out… oh wait…. no maybe err.. let’s take a look with our friends at shodan.io

Hacking

CrackMapExec (CME) on Windows

Ok this is going to be really short post, but expect more later! Did you ever want to run CME but you were stuck on a Windows machine? Well don’t worry you can! How do we do this?

First we download CME

https://github.com/Porchetta-Industries/CrackMapExec/releases/download/v5.4.0/cme-windows-latest-3.10.1.zip

Extract the zip file

Make sure you have python3 installed!

Guides

Ransomware + Mega = Mega Cyber Pain

Did you ever read about ransomware actors? They often use mega upload to exfiltrate data! So I figured, why would we not detect this with MDE?

I mean sure we should probably block this with a custom indicator using Web Content Filtering and sure it would probably get blocked by Protective DNS but let’s say for whatever reason you don’t have those in place, let’s look at a really simple query to find mega connections in MDE:

Defence

Threat hunting with some funny results!

You never know what you will find when you go hunting! So here’s a quick tale of an explore I did using Advanced Hunting!

I went hunting here in Advanced Hunting:

Threat Intel

Simulating Human Operated Discovery

Did you want to check out some of your detections? This isn’t everything of course but it’s a simple batch file to simulate a range of enumeration techniques used by actors like CONTI or LOCKBIT affiliates/operators:

Leadership

It’s 2023 and people’s passwords are still really really…

If you work in marketing you are probably walking around telling everyone that we all live in a ZERO trust era, that PASSWORDS are DEAD! Ransomware is DEAD and AI is the FUTURE and we should be doing that NOW!

Meanwhile back on CYBER PLANET EARTH, most organisation do NOT have or need AI, they use passwords and well they passwords they use are shockingly bad! Howe do I know this? I do password audits and security testing, but I also look at breach data! (and we have other people publish password audit reports etc.)

Strategy

When forming a strategy you must realise for starts that people view the word strategy differently. However, the general view is STRATEGY AS A PLAN. Without a PLAN a strategy is a DREAM.

The plan must be supported by a rang of factors, it must also be managed. It should be something which helps you go from where you are (CURRENT STATE) to where you want to be (FUTURE STATE) and should have a roadmap (TRANSITION PLAN/ROADMP) of how you will get there.

When we talk about can I see your strategy, you will need to have it documented, a strategy without a document isn’t a strategy that can be shared and communicated. As to what “THE STRATEGY” document must be… well there is no such thing as a MUST, but there’s some component that are largely and widely recognised to be useful.

Leadership

Cloud Adoption Security Review

Anyone that knows me, knows I love maturity assessments and tools (I’ve built a few, and run LOADS more) so this morning when I saw this on LinkedIn I had to start to get some understanding! I’ve not even had a cup of tea, but let’s see what this looks like!

Leadership

Current State Cyber Challenges and why communication is important

Currently I’d list some of the major challenges we face as a civilisation as the following (clearly not exhaustive etc.)

The general population largely don’t understand cyber
Lots of people think there is nothing they can really do
People have shockingly bad personal cyber security
A large number of organisations have shockingly poor cyber security postures
People’s passwords are often ridiculously weak
People re-use passwords all the time
People seem to believe we have “magic nation state cyber shields”
Organisation’s largely do not invest adequately in cyber security

News

Royal Mail Cyber Incident

According to the Belfast Telegraph:

Royal Mail operations hub in Mallusk hit by ‘cyber attack’ as printer spurts out ransom demands – BelfastTelegraph.co.uk

The Incident is reported by them as “RANSOMWARE” and features Lockbit (Lockbit is RaaS, they recently (end of 2022 lost their ransomware payload builder) so the use of Lockbit software and the fact Lockbit is RaaS means this doesn’t prove attribution). (Attribution is hard, for most people what matters is their own network security posture, rather than who pwn3d royal mail)