A Cyber Noir Detective Game

Recently vibe coding has been the name of the game! So whilst dealing with an incident I was thinking about some of the common challenges organisations face when it comes to incident response, which led onto the broader topics of why do so many orgs either have no policies or defined processes but even when they do, people don’t follow them.

So much focus is given to cyber awareness training for ‘end users’ but not so much about training IT and business teams in how to manage incidents.

Enter: Gamified training + comic books + detectives!

Defence

Disable and Remove Windows Quick Assist

Recently this subject has come up again, so thought I would create a post.

By default Windows comes with Quick assist, an RDP based service with is encapsulated in HTTPS, it allows users to both offer and request assistance between two Windows machines (remote control). You can read more here:

https://learn.microsoft.com/en-us/windows/client-management/client-tools/quick-assist

Leadership

OMG The Cyber SKY is falling down!

Ok a bit dramatic, but that’s often what you might feel if you spend lots of time in the vulnerability space (which if you work in cyber security.. you probably do!). We often hear about the NEXT: STUXNET, HEARTBLEED, WANNACRY/ETERNAL BLUE, LOG4J etc. but actually when it comes to it… the number of times we have word endangering unauthenticated remote code execution that is a danger to global society is far less than when we have other vulnerabilities. It’s the exception not the rule.

Leadership

The business ‘value’ of Cyber Investments

A massively common analogy I see in security is the idea that security is like paying for insurance incase something goes wrong. I think this is great if you have 3 seconds only to describe security, but that’s not really how I have conversations with people. A sound bite isn’t reality, and to be honest I personally find that rather meaningless. I also know that many people don’t like or even pay for a range of insurance so when we look at how we try and improve digital security from a whole of society perspective, I think this phrase doesn’t work, it’s too narrow…

Defence

A threat actor is inside your perimeter… what routes…

Ok that subject is massive…so this is a bit more of a targeted thought process to consider.

Each network is unique and technology deployments vary. One time I was in a network that was almost entirely Apple MacBooks and a door control panel…. which was ‘fun’.

So this is a general list of some things to consider if you have tech deployed such as:

Active Directory
Printers
SCCM
MSSQL

Defence

What are the top Active Directory Security vulnerabilities I…

Ok so here’s the thing, I do NOT like getting pwn3d! I think you probably would rather your organisation does not too!

What I really don’t want to occur is a ransomware event! They suck, they are like a digital bomb going off.

So I’ve knocked up a quick list to get people thinking (these are NOT all the vulnerabilities I networks you should care about.. but they are some that could lead to a ransomware event!)

Education

Cyber Tips for Normies (without the FUD)

The Cyber Threat landscape in 2023

The digital world is complex and cyber threats appear to be around every corner. What we need to do however is look at how we can enable people and keep them safe from common (realistic) threats that they will almost certainly face (rather than saying everything is a risk!), The intent of this post is to tackle key common threats, risks and vulnerabilities (and countermeasures). It is high level, it is a generic and general, it is not a bespoke tailored guide for each person. It does not cover every single risk scenario someone may face, it simply looks at what I think people may want to focus on (given what I see). (I’m having to caveat this loads to try and stop the tin foil hat loonies making a scene about edge cases I haven’t covered)

Hacking

The Manual Version 2.0

Working in Cyber security can expose you to all kinds of information. I’m an offensive and defensive security architect and occasional (haha that’s daily right!) pew pew slinger (pentester) and I am also a threat intelligence practioner (CTI) (we need The Many Hats Club back!). Which is why sometimes when things appear on the internet I think I decide to take a look.

Education

Active Directory Attacks – “It’s cold out here”

Scenario

In this scenario it is assumed you do not have credentials, but you do have either adjacent or routable access to an Active Directory Domain Controller and can access common ports/services such as: LDAP, LDAPS, SMB, NETBIOS, KERBEROS, DNS

Vulnerabilities

Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2023-23397)

Regarding: CVE-2023-23397

This is a fast publish, use at own risk.

See guidance from Microsoft: CVE-2023-23397 – Security Update Guide – Microsoft – Microsoft Outlook Elevation of Privilege Vulnerability

If you need to mitigate the latest Outlook vulnerability which abuses an SMB/WebDav call using the Calendar invite feature you can consider the following: