AI

Can AI replace intelligence analysts?

Ok, it’s late, and well I wanted to look into cyber attacks where social engineering is a key component combined with technical hacking skills.

There’s been a growing number of these style events, so I tasked GROK to create an assessment for me, let’s see how it did! Let’s both try and answer the questions:

Can GROK replace intelligence officers and can GROK help us defend better against social engineering + technical attacks? What do you think? (please take all of this with a pinch of salt… LLMs are known to make mistakes/hallucinate/lie in a very convincing manner)….

they look nice…. but looks can as we know, be deceiving! (is the entire blog just a social engineering experiment by me?)

Read more “Can AI replace intelligence analysts?”
Defence

No one is responsible for your OWN Cyber Defences…

Introduction 

I talk to hundreds or maybe even thousands of people online. I work in the Cyber security industry, I worked previously with central government, local authorities, finance, third sector, healthcare, defence and well most verticals of business. I often see people comment online about how “GCHQ has failed” or some other silly nonsense when it comes to an organisation (not GCHQ) being victim to a cyber incident. 

I fear the world has watched a few too many Bond and Bourne films and let’s their imaginations run wild! The true reality of defending cyberspace is frankly vastly different to what I think people believe it is.

Read more “No one is responsible for your OWN Cyber Defences other than you! “
Education

Cyber Security for PC Gamers

Introduction

The other day there was a lot of focus on “ATLASOS” a rather oddly branded project, just to be clear:

ATLASOS is NOT AN Operating System (OS) (despite it’s name!)

ATLASOS (at the time of writing) disables basically the majority of Windows Security features including:

  • Defender
  • Smart Screen
  • Windows Update
  • Spectre/Meltdown Mitigations

Basically, if you can think of “nightmare” in the cyber world, ATLASOS’s security posture is basically that (in my opinion)! That said, it’s cool from a nerd Windows customization/build pov, however based on my initial investigations I would strong recommend NOT using it on a “PRODUCTION” system (or anything that’s connected to the internet!).

Read more “Cyber Security for PC Gamers”
Fiction

The Hacker on a Train

It was a crowded train ride during rush hour, and everyone was packed in like sardines. The train was slowly making its way through the city, and people were trying to kill time with their phones or laptops.

At one end of the train, there was a young man, who appeared to be in his mid-20s, typing away furiously on his laptop. He had a serious look on his face, and his eyes were focused on the screen.

Read more “The Hacker on a Train”
Defense

Broadband Routers

When it comes to digital technology, we have to consider many things.

Availability, Confidentiality, and Integrity are good building blocks for considerations. We can probably split this into two major views to start with:

  • What does a typical consumer care about?
  • What security and privacy considerations could be made?

A typical consumer may be about:

  • Availability
  • Cost
  • WIFI Coverage
  • Performance
  • Ease of Use
  • Ease of Support/Troubleshooting
  • Style/Looks
  • What happens if it breaks?
  • Can I stop my kids messing with it? (Probably not so why bother)
Read more “Broadband Routers”
Guides

Enable Number Matching in Azure MFA

Introduction

MFA was the “silver bullet” but friction and security kind of go hand in hand, the idea of a push notification and simple “authorise” is great in theory, but in practise it is vulnerable to brute force and human error. In this post we are going to check out enabling number matching authentication in Azure.

This is just one configuration option, as you can see there are loads of options for methods and specific configurations. Bear in mind the pros and cons for each one, for example SMS based 2FA can be vulnerability to SIM swapping attacks. I’m going to focus on Number Matching in Authenticator for this post: Read more “Enable Number Matching in Azure MFA”

Copyright (c) Xservus Limited