Ok so you might think I’m mad with the title but bear with me!
So, the world is in an interesting place, we’ve got a pandemic, we’ve got prolific cyber crime and we have all kinds of different views on how we should tackle this problem.
Now I love a framework and there’s ton’s of them. But the truth is they are complex, detailed, nuanced and generally require a level of nerd that a lot of organistaions do not have.
In 2020 during the pandemic I decided to try and write something to simplify this position, whilst I didn’t want to be too narrow, I wanted to try and capture the breadth of cyber security that is relevent to the general purpose organistaion. I came up with a set of 140 questions which I believe are a good take on things to consider and ask when conducting a security review at a high level. (yes 140 questions is a high level view, this stuff is complex as hell at the detailed end of things, and the devil is in the detail).Read more “Cyber Security Assesments for Normal People”
If you read a book about management theory or specifically cyber security management you will find lots of frameworks, methods, formulas, models etc. None of them really let you know how insanely hard it can be to defend a moving target where regardless of how many controls you have, all it takes it someone doing something which may seem bonkers to you but perfectly reasonable for them. Their objective is to do business in an efficient manner, your objective is to protect the business in an efficient manner. Fundamentally these two things are not at odds, but there are a lot of human factors that come into play on top of some serious technical challenges. Read more “Cyber Defence is Hard”
On March 2nd, 2021 at ~6pm GMT Microsoft released an out of band update to all version of exchange from 2010 through to 2019. This was in response to a range of vulnerabilities which had been abused (a 0-day) by a threat actor (coined by MS as HAFNIUM).
For more info from MS please see the following:
Key CVES include:
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. Read more “Checking for Hafnium or other groups impact from Exchange Abuse”
A PwnDefend Story – Day 7
It is a blur so far, I figured after the last place the grass would be greener, surely no one else has that many security challenges. I did some due diligence during the interview process, they seemed very confident about having certifications and that they took security seriously. hell, that should have set some red flags off but even the cynical sometimes hope that it is as someone says.
I have started to work myself around the board and I am making friends with people, my diary is filled with zoom calls and my notebook is already many pages deep.
You cannot make this stuff up though, day two and I’ve dealing with a business email compromise incident, the phishing page was not even in good English but then it only takes a second or so whilst in a meeting to not quite realise your running on autopilot so you cannot blame people. Hell, the branding was copied so we know it was a targeted phish. It would have been nice to at least had centralised logs for the team to analyse though. Read more “The grass is always greener, until it is not”
History of NULL bind
Back in the early Active Directory days NULL bind was actually enabled by default, these days you can get a rootDSE NULL bind out of the box but on Windows Server 2019 you can even disable this!
So why would I want to enable NULL bind? Well, some legacy apps may need it but generally speaking you don’t want NULL bind enabled.
The lesson here is DO NOT copy what I am doing here! Simples! Read more “How to enable NULL Bind on LDAP with Windows Server 2019”
What is a threat?
According to those clever people at NIST it is:
“Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.” Read more “Threat Modelling 101”