Enable Number Matching in Azure MFA

Introduction

MFA was the “silver bullet” but friction and security kind of go hand in hand, the idea of a push notification and simple “authorise” is great in theory, but in practise it is vulnerable to brute force and human error. In this post we are going to check out enabling number matching authentication in Azure.

This is just one configuration option, as you can see there are loads of options for methods and specific configurations. Bear in mind the pros and cons for each one, for example SMS based 2FA can be vulnerability to SIM swapping attacks. I’m going to focus on Number Matching in Authenticator for this post: Read more “Enable Number Matching in Azure MFA” →

Education

When running Nessus is a good thing!

Oh that’s “just a Nessus scan” or that’s not a real pen test etc. is something that if you are in the infosec/cyber world for a few minutes you will probably hear.

It’s honestly a bit odd, some sort of way of diminishing something because a tool was used, which doesn’t really make a whole lot of sense given most activity involves using something that already exists (sure there are fields and scenarios where this isn’t true but I’m generalising).

So why are we as an industry obsessed with tools and obsessed with berating people for using them? It’s all rather odd.

It perhaps ties in with this Cyber Myth about penetration testing being the tool that’s good and useful in every scenario… I hate to break it to people, but it’s not the principles of security and it certainly isn’t the best/most appropriate “tool” in every scenario. Read more “When running Nessus is a good thing!” →

Education

Cyber Security Testing Myths vs Realities

Everything is 1337! Everyone hacks everything with no sweat, all networks are taken down by cyber magic… or maybe not….

Let’s look at some business realities, shall we? Read more “Cyber Security Testing Myths vs Realities” →

Education

Infrastructure Penetration Testing Realities

Penetration testing is just like being a cybercriminal, right?

Honestly, it feels weird writing this, however I feel there’s a real issue with penetration testing and some myths that (for understandable and obvious reasons) exist in some people’s minds. So I’ve taken to trying to explain to people what an external penetration test actually entails in the real world of business. So here goes!

Education

Nmap & CrackMapExec (CME)

The swiss army knife of the cyber world, it can port scan, fingerprint, produce reports and run scripts using the nmap scripting engine (NSE).

Why do we care about NMAP, surely everyone knows how to NMAP?

Well, that’s simply not true, it’s always important to tech new people, to revise and hone existing skills and the world of nmap scripting is constantly evolving.

Port scanning and fingerprinting let alone leaking sensitive data and conducting “attacks” is all possible. You can do a basic vulnerability scan with nmap alone!

Hacking

Linux Privilege Escalation

When you gain access to a target node you will want to explore, the exact method you use to do this will depend upon operational security considerations, time constraints and style. You will be looking for a range of elements to support progressing an objective.

It should be noted that the objective may NOT require elevation. You may be trying to obtain data and access might already be possible using the context you have assumed.

You also may need to move from a www-data user to a named user account or get to root level of access. If so there’s a range of questions we should be asking ourselves:

Threat Intel

Learn to SOC: Java Webshell via confluence

When running honeypots you never have to wait too long for something to drop!

This moring we had a new hit in the pot, so I decided to invesigate but also to blog and show how we could go about investigating the logs and paylods etc.

Education

Passive Port Scanners & Internet Asset Discovery Platforms

Useful for a range of defensive and offensive purposes, internet asset search platforms enable a range of activities from:

Research & Trend Analysis
Vulnerability Hunting
Attack Surface Mapping
OSINT

Each has its own interfaces, features, dataset sand styles.

I’ve put together a list of the most popular, there may be more that I haven’t listed.

Hacking

How to Crack NTHASH (commonly referred to as NTLM)…

Ok imagine this, you have got access to a file server and behold you find an unsecured, unencrypted backup of a domain controller (this isn’t made up I find these in networks sometimes!) and you yoink the NTDS.dit (or maybe it’s just a workstation SAM/SYSTEM file), you extract the hashes but now what, you need to crack those bad boys!

Check out the MS docs on how NT or LM Hashes are computed(hashed)! – (thanks @ANeilan for spotting my mistake!)

[MS-SAMR]: Encrypting an NT or LM Hash | Microsoft Docs

Guides

If I was looking for entry level jobs in…

Sales darling, it’s all about sales. It’s a harsh but true part of the world where you need to be able to sell. I’m not talking about business to business or hunters, farmers etc. I’m talking about being able to sell to someone that you are the right person to help them and their organisation.

Now this isn’t easy in the middle or tail end of a career let alone when you are starting off. But let’s for a minute role play and look at what I would do if I was new to the cyber world and was looking for a role?

This isn’t meant as a guide, it’s off the back of a convo I’ve just had with someone struggling in the job-hunting space. So, it’s a rough brain dump from me. The key thing I would say is: Read more “If I was looking for entry level jobs in cyber security – what would I do?” →