News
According to the Belfast Telegraph:
The Incident is reported by them as “RANSOMWARE” and features Lockbit (Lockbit is RaaS, they recently (end of 2022 lost their ransomware payload builder) so the use of Lockbit software and the fact Lockbit is RaaS means this doesn’t prove attribution). (Attribution is hard, for most people what matters is their own network security posture, rather than who pwn3d royal mail)
Read more “Royal Mail Cyber Incident”
News
Another day in the life o’cyber! There’s probably new exploits, new vulnerabilities, new updates and industry changes galore but here’s some highlights from the day!
Read more “Cyber News Today”
Education
Clearly this is for penetration testing, not for evil! So if you have to pentest Office 365 you might want to be attacking the authentication services. This will be aligned to the tenant you are testing, as always make sure you have authorisation.
Deploy to your favourite LINUX instance or WSL etc.
Read more “Password Spraying Office 365”
Hacking
I’m not going to talk about these… yet… and there’s duplicates because I think it’s useful to see where they can be used in different scenarios. Expect this list to grow!
Read more “Office 365/Azure Pentest Tools”
Guides
Penetration testing, adversary simulation, red teaming, purple teaming, rainbow teaming, call if what you like, the security outcome we are working towards is:
This is to support the organisations mission, vision, goals, and objectives. Cyber security is to support and enable the organisation’s capability to execute digital services in a safe manner.
Read more “Practical Security Assurance”
Education
Most organisations have hundreds to thousands of vulnerabilities. They range across the spectrum from:
The challenge comes in trying to determine how to prioritise. Which ways could we go?
Where do we start?
Read more “Vulnerability Prioritisation”
Guides
Have you every tried to understand the risk level of a service? Ever wanted to provide assurance to someone that “it’s been well designed, is secure from common threats, likely risk scenarios and is securely operated” etc.? have you ever tried to conduct testing against a service that is relatively unknown? Ever needed to actually do more than throw some packets at the front door? Guess what, I have. Most orgs don’t have a decent level of documentation on service architecture and security controls. And as the NSA nicely put, the way they get into networks is to know them better than you do! So in my travels I see lots of different orgs and largely there’s one common similarity, most of them aren’t well documented (docs are boring right!) and if we then make another huge sweeping generalisation, about 90% of orgs have security postures you wouldn’t want to have to defend as a blue teamer, but you might fancy if you were a nation state actor or cyber criminal!
Read more “Service Security Architecture and Assurance”
Education
I’ve waked around one of two organisations, across a load of verticals and well I see people post things online about common technology generalisations and frankly it sometimes leaves me wondering what networks they have been in, but also am I just on another planet? So, I thought I would jot down some notes on common tech I see in orgs during my business travels but also on in the ciberz! It’s not a list of everything I see, it’s just what appears in my head as quite bloody common.
Read more “Enterprise Technology Generalisations”
Leadership
A mRr3b00t Adventure
Join me on an adventure of rambling and exploring the idea that you can in fact not lose the security leadership game! This blog is WIP, it’s just my brain wondering around the question of: can we win the in the face of a seemingly insurmountable force? What do we do as a security leader to protect ourselves and the organisation? How do we start?
Read more “How to not lose your job as a CISO”
Leadership
I am seeing lots of “debate” about the value in red teaming, so I thought I would put together my thought process of how I look at as a broad stroke when I consider a generic starting position in an organisation. When I’m defending a business, I tend to ask myself (and the team/customers etc.) these kind of questions (they are not exhaustive):
Read more “Red Team Readiness Assessment”