Vulnerabilities
Ok, fun things to learn about me, I don’t like CVEs or CVSS because my brain can’t really read them! I have the same challenge with some server naming standards. I need something like SRV-UK-ADDS-01 if it’s not goy hyphens I need a tool to read them for me! (true story!). So lets look at CVSS (I know I’m full of fun topics).
Read more “CVSS Scoring is fun they said!”
Leadership
Most organizations treat email authentication as a checkbox exercise. Deploy SPF, publish DMARC in reporting mode, call it done. But the real story isn’t about maturity tiers—it’s about what you unlock at each phase of implementation. And frankly, the gap between where organizations are and where they need to be is brutal.
This post outlines an enablement journey: each phase builds on the previous one and creates new capabilities that weren’t possible before.
Read more “Email Security: An Enablement Journey, Not a Maturity Ladder”
Education
The future is here today! Ok, perhaps that’s a bit over dramatic, however there’s one thing in cyber security that is and has always been a general problem: Passwords! So enter the lord and saviour of all cyber security: Passkeys! (ok, they aren’t but they are cool and useful in a range of scenarios!) Let’s take a deeper look.
Read more “Passkeys are better than passwords!”
AI
Do you ever struggle to keep up with the cyber world? Not everyone is plugged into the internet 24/7 as some people (I swear I get offline sometimes!) so keeping up to date with the cyber world can be pretty tricky! Also who has time to read everything? no one that’s who! But what about if we used an LLM to read things for us and then give us an update? Well here’s an example of this!
Read more “Using AI in a positive (non scary) way”
Threat Intel
‘An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to execute unauthorized code or commands via crafted TCP requests.’
https://www.fortiguard.com/psirt/FG-IR-25-772
This analysis was conducted using data from Defused, enrichment from IPINFO and SHODAN and then analysis using an LLM (GROK) (so take the analysis with a pinch of salt):
Read more “FortiSIEM CVE-2025-64155 Exploitation Analysis”
Leadership
There’s lots of things in cyber security to consider when looking at how to defend a network, and whilst the world goes mad about public wifi and juice jacking, the real threats are often far simpler. Imagine having say an Active Directory domain member, or even controller exposed to the internet with Remote Desktop Protocol? Might sound insane but this is a common route for entry for ransomware actors.
Read more “The danger of internet exposed RDP”
Defense
This weekend at BSIDES London it was great to have the UK National Cyber Security Center (NCSC) (the UK’s technical authority on cyber security) give a talk about passkeys!
Threat Intel
‘CVE-2025-58034 is an OS command injection vulnerability (CWE-78) in Fortinet FortiWeb, allowing an authenticated attacker to execute unauthorized code on the system through crafted HTTP requests or CLI commands. It affects versions including FortiWeb 8.0.0-8.0.1, 7.6.0-7.6.5, 7.4.0-7.4.10, 7.2.0-7.2.11, and 7.0.0-7.0.11. The vulnerability has a CVSSv3 score of 6.7 (medium severity) and has been observed exploited in the wild, prompting its addition to CISA’s Known Exploited Vulnerabilities catalog.’
Read more “Fortiweb – CVE-2025-58034”
Vulnerabilities
Given the recent discovery of a critical vulnerability (CVE-2025-64446) in the Fortiweb appliances (exploitable via the management interfaces) I thought I would have a look at what other vulnerabilities have been discovered/published and what Proof of Concept (PoC) exploits exist in 2025.
Read more “Fortiweb Vulnerabilities 2025”
Threat Intel
A common perimeter firewall in organisations is the CISCO ASA. Back when I started in the industry we used to have CISCO PIX firewalls, the ASA was the next generation of these! Why is this important? Well its important to understand how common threat actors work, you will see from a while ago I wrote a review of the manual 2.0 by Bassterlord (a known cybercriminal), this is to help understand how attackers work, what real world cybercrime looks like so that we can enable people to help defend against these threats.
Read more “Analysing 1 Million Honeypot events with Defused Cyber Deception”