Skip to content
PwnDefend
  • Base
  • Comms Room
    • Customer Feedback
    • Company Information
    • Security Management
  • Services
    • Consulting Services
      • Enterprise Security Posture Assessment
      • Cyber Security Assurance & Security Testing Services
      • IT Security Healthchecks
      • Active Directory Assessment Services
      • Managed Remediation Services
    • Emergency Cyber Incident Response Support
    • Our Success Stories
    • Partner Services
  • Blog
  • Privacy
Education

Cyber Security for PC Gamers

Introduction

The other day there was a lot of focus on “ATLASOS” a rather oddly branded project, just to be clear:

ATLASOS is NOT AN Operating System (OS) (despite it’s name!)

ATLASOS (at the time of writing) disables basically the majority of Windows Security features including:

  • Defender
  • Smart Screen
  • Windows Update
  • Spectre/Meltdown Mitigations

Basically, if you can think of “nightmare” in the cyber world, ATLASOS’s security posture is basically that (in my opinion)! That said, it’s cool from a nerd Windows customization/build pov, however based on my initial investigations I would strong recommend NOT using it on a “PRODUCTION” system (or anything that’s connected to the internet!).

Read more “Cyber Security for PC Gamers” →
Fiction

The Hacker on a Train

It was a crowded train ride during rush hour, and everyone was packed in like sardines. The train was slowly making its way through the city, and people were trying to kill time with their phones or laptops.

At one end of the train, there was a young man, who appeared to be in his mid-20s, typing away furiously on his laptop. He had a serious look on his face, and his eyes were focused on the screen.

Read more “The Hacker on a Train” →
Education

Vulnerability Prioritisation

I’ve got 99 vulnerabilities but log4j ain’t one!

Most organisations have hundreds to thousands of vulnerabilities. They range across the spectrum from:

  1. CRITICAL
  2. HIGH
  3. MEDIUM
  4. LOW
  5. INFORMATIONAL

The challenge comes in trying to determine how to prioritise. Which ways could we go?

Where do we start?

Read more “Vulnerability Prioritisation” →
Defense

Broadband Routers

When it comes to digital technology, we have to consider many things.

Availability, Confidentiality, and Integrity are good building blocks for considerations. We can probably split this into two major views to start with:

  • What does a typical consumer care about?
  • What security and privacy considerations could be made?

A typical consumer may be about:

  • Availability
  • Cost
  • WIFI Coverage
  • Performance
  • Ease of Use
  • Ease of Support/Troubleshooting
  • Style/Looks
  • What happens if it breaks?
  • Can I stop my kids messing with it? (Probably not so why bother)
Read more “Broadband Routers” →
Guides

Enable Number Matching in Azure MFA

Introduction

MFA was the “silver bullet” but friction and security kind of go hand in hand, the idea of a push notification and simple “authorise” is great in theory, but in practise it is vulnerable to brute force and human error. In this post we are going to check out enabling number matching authentication in Azure.

This is just one configuration option, as you can see there are loads of options for methods and specific configurations. Bear in mind the pros and cons for each one, for example SMS based 2FA can be vulnerability to SIM swapping attacks. I’m going to focus on Number Matching in Authenticator for this post: Read more “Enable Number Matching in Azure MFA” →

Education

PWNDEFND: Known Exploitable Vulnerabilities (KEV) – AKA: Offensive KEV

There’s thousand of vulnerabilities, but do you ever struggle work out what ones might actually be useful to you if you are defending or attacking?

Well don’t worry I’ve started to document some things that might help you both attack and defend in CYBERSPACE!

Read more “PWNDEFND: Known Exploitable Vulnerabilities (KEV) – AKA: Offensive KEV” →

Recent Posts

  • The Manual Version 2.0
  • Cyber Security for PC Gamers
  • Active Directory Attacks – “It’s cold out here”
  • Mobile Device Malware Analysis
  • Port Forwarding with WSL2

Recent Comments

No comments to show.

Archives

  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • March 2020
  • February 2020
  • January 2020
  • October 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018

Categories

  • Architecture
  • Breach
  • Company News
  • CTF
  • Defence
  • Defense
  • Education
  • Fiction
  • Getting into Cyber
  • Guides
  • Hacking
  • IOT
  • Leadership
  • News
  • OSINT
  • Reviews
  • Strategy
  • Threat Intel
  • Uncategorized
  • Vulnerabilities
Copyright (c) Xservus Limited