If you have a business email compromise incident and you haven’t deteced it in a timely manner your fist notification might be a bad experiance, the threat actors may have commited fraud, attemped fraud or simply launched a phishing If you have a business email compromise incident and you haven’t detected it in a timely manner your fist notification might be a bad experience, the threat actors may have committed fraud, attempted fraud, or simply launched a phishing campaign from your environment. If you are in this position, there are some steps you can take from a technical point of view to limit impact and reduce risk of a re-occurrence. This blog is a high-level view at some of the tactical and longer-term activities you can conduct.Read more “Post Business Email Compromise actions for Office 365 Users”
First and foremost, I’m going to start by saying if I include any cliché quotes it’s probably in an ironic context or used to show how they aren’t practically useful. Why are we here? Well, based on the title, it’s because you are either a CEO/MD or you are in a leadership position and want to learn a little more about cyber security.
I’m sure you have read the news, I’m sure you have seen vendor adverts explaining something like:
- Zero Trust
- The Security Skills Gap
- How phishing can be solved through security awareness training (pro tip: it can’t)
And I’m sure someone on your LinkedIn feed you have seen people exclaim all kinds of crazy things like:
- TLS Weaknesses Lead to Ransomware
- Security is Simple (it, I’m afraid, is not)
- Managed Security Service Providers ensure security
The gaps between strategic security improvement and keeping the wolves out, today!
The Cyber Realities in 2021
Most organisations today honestly don’t have great cyber security postures. Cyber security has improved since the 80’s and 90s’s but still common gaps can be found in the same old areas.
So, whilst security possibilities and technical capabilities for defence have greatly improved, this hasn’t really translated into the level of change we would like to see on the ground inside organisations.
I’m writing this post after giving a talk today about the challenges I see in cyber security across different organisations but also after watching a talk by Dave Kennedy which from my perspective emulates my experiences and largely my views. Read more “The Security Challenges of 2021”
“Security education and awareness darling, it’s all the rage! It’s simply to hot right now.” Ok stop, let’s take a minute to get some context. It’s the year 2021, organisations are taking a battering round the globe from cyber criminals who are deploying ransomware, extortion, and fraud via a range of methods but one you can’t not have heard of is phishing.
In this post today, I’m going to look at realities of initial access, phishing and some questions I think people should be asking themselves about the idea of phishing their own userbase. I try and look at this from multiple perspectives because I think it’s a complex subject. Let’s start with initial access methods!
Common Patterns of Access
If we look at the world of technology and cyber security, you will see logs of references to frameworks and language that is enough to send even the committed to sleep! However, let’s abstract from our TTPs, our MITRE ATT&CK frameworks and our “threat actors” and let’s talk in normal English. Read more “Phishing your own people – path to eroding trust or a useful tool?”
Sales darling, it’s all about sales. It’s a harsh but true part of the world where you need to be able to sell. I’m not talking about business to business or hunters, farmers etc. I’m talking about being able to sell to someone that you are the right person to help them and their organisation.
Now this isn’t easy in the middle or tail end of a career let alone when you are starting off. But let’s for a minute role play and look at what I would do if I was new to the cyber world and was looking for a role?
This isn’t meant as a guide, it’s off the back of a convo I’ve just had with someone struggling in the job-hunting space. So, it’s a rough brain dump from me. The key thing I would say is: Read more “If I was looking for entry level jobs in cyber security – what would I do?”
Imagine the scenario where you have an endpoint or server running and you don’t have centralised logging or visualisation of log data and you need to perform some rapid analysis without wanting to stand up a new set of VMs or services, well this is where cloud really can come into it’s own.
Very rapidly we can setup a Datadog account. (this blog will be updated as I deploy and configure) Read more “Fast Monitoring Deployment with Datadog”
Human Interface Devices is the science way of saying (in this case) keyboard! Now that doesn’t sound amazing but then we look at the details. What we are talking about here is a wireless remote controlled programable keyboard emulator disguised as a USB cable or a cable between a real USB keyboard (must be detachable). This provides attack opportunities to both key log and hijack inputs to PC devices covertly and remotely (within WIFI range). Just imagine what you could do with one of these.
If you know me that one of the first things, I recommend organisations do is conduct password audits against active directory on a regular basis. There are a ton of ways to do this and depending upon size of directory and budget you will likely want to do this with more than a CPU however the process remains the same. So, with the news that a new release of L0phtcrack (open source) is online let’s take a look at how we can deploy and start cracking those hashes! This isn’t an end to end guide to cracking with l0phtcrack – but it does show the install process and provide considerations for your cracking adventures. Remember, only do this where you have authorisation. Read more “Password Auditing with L0phtcrack 7 – A quick intro”
I come from a heavy Windows background, in fact I started my computer experience on an Amstrad however not long after I was using DOS and then Windows 3.11 for Workgroups. So, I’m a heavy Windows head, I’ve deployed all kinds of services and applications within business environments using common technologies such as:
- CISCO/DELL/HP Networking switches and routers
- ISA/TMG/UAG/Checkpoint firewalls
- Palo Alto Firewalls
- Microsoft Windows Client (Windows 3.11-Windows 11)
- Microsoft Windows Server (NT4 – Windows Server 2022)
- Vmware vSphere/ESXi
- Random Linux Security appliances and VPN devices
One thing that I’ve noticed in my travels so far is that Linux deployments in enterprise environments in the back office/corp nets are often appliance based or “black boxes”. This creates a bit of a fun scenario whereby some system administrators and operations teams aren’t particularly comfortable with using UNIX/Linus systems. So, I thought I’d try and write some content to show how to do common tasks using the command line interface (CLI). This isn’t designed as an indepth guide, this is really just to try and give people a view of some of the things that you will need to be aware of. This isn’t mean’t to be “academic” or replace manuals and technical docs so it’s brief and to the point (as far as that is possible). Read more “Linux 101 for Windows People”
A path traversal vulnerability and exploit just dropped in the wild for a specific version of Apache (Apache/2.4.49). This vulnerability allows an unauthenticated attacker to execute a path traversal attack (and now shown RCE if MOD_CGI is enabled) to read files outside of the virtual directory path bounds. This only affects a single version of Apache, there’s a fair few of these online, however it’s very unlikely all are vulnerable. The vulnerability requires specific permissions to be configured.