AI
Do you ever struggle to keep up with the cyber world? Not everyone is plugged into the internet 24/7 as some people (I swear I get offline sometimes!) so keeping up to date with the cyber world can be pretty tricky! Also who has time to read everything? no one that’s who! But what about if we used an LLM to read things for us and then give us an update? Well here’s an example of this!
Read more “Using AI in a positive (non scary) way”
AI
Yesterday I ran a pentest against an RDP server, the process was ok but not amazing, I had to provide more help than I would have liked, resource consumption and the idea it should keep going…. wasn’t great. The process and output wasn’t terrible at all but it didn’t blow me away.
So today I wanted to see if Claude could take on as simple active directory lab! Now let’s be clear, there were I think one or two updates to the Claude client in that time! The Claude UI even changed look and feel! So I span up an AD lab I had made a while ago and got to work!
AI
AI hype is everywhere, and don’t get me wrong, I’m a heavy AI user, I’m creating tools, conducting analysis and using AI constantly these days in my work a research. But I wanted to see, how well does an agent work if we try and give it the whole task to conduct with as minimal help as possible.
Read more “AI as the penetration tester”
Threat Intel
Whilst some people go on about DNSSEC, PUBLIC WIFI and JUICE JACKING they seem to be missing out on a threat that is real, active and has seen increased adoption by threat actors. SMS BLASTING!
Sounds cool, but basically it’s an ISMSI Catcher/Fake CELL network that is broadcasted between 500m and 2Km that lets an attacker send SPOOFED SMS messages to any cell that connects. This can be used for scams, phishing etc.
Read more “SMSBlasters Historic Incidents”
Leadership
There’s lots of things in cyber security to consider when looking at how to defend a network, and whilst the world goes mad about public wifi and juice jacking, the real threats are often far simpler. Imagine having say an Active Directory domain member, or even controller exposed to the internet with Remote Desktop Protocol? Might sound insane but this is a common route for entry for ransomware actors.
Read more “The danger of internet exposed RDP”
Defense
This weekend at BSIDES London it was great to have the UK National Cyber Security Center (NCSC) (the UK’s technical authority on cyber security) give a talk about passkeys!
Leadership
If someone asked you how much the cost of a task is, I bet you would struggle to given them an accurate response, the default position of most people is to underestimate a cost of doing something (but estimation science show’s us that it tends to vary based on role e.g. project managers are risk averse, engineers think they can solve things faster than they can and executives often just want it to be cheaper for the sake of it being cheaper – Parkinsons Squeeze I think that is called)
Years ago I stared looking at total cost of ownership (TCO) and Return on Investment modelling (I mean a lot of years ago….) and I’ve created a range of models for organisations for:
Threat Intel
‘CVE-2025-58034 is an OS command injection vulnerability (CWE-78) in Fortinet FortiWeb, allowing an authenticated attacker to execute unauthorized code on the system through crafted HTTP requests or CLI commands. It affects versions including FortiWeb 8.0.0-8.0.1, 7.6.0-7.6.5, 7.4.0-7.4.10, 7.2.0-7.2.11, and 7.0.0-7.0.11. The vulnerability has a CVSSv3 score of 6.7 (medium severity) and has been observed exploited in the wild, prompting its addition to CISA’s Known Exploited Vulnerabilities catalog.’
Read more “Fortiweb – CVE-2025-58034”
Threat Intel
Another day another exploit in the wild it seems! (ok I’m a bit slow to this one). Using Defused Cyber’s Honeypots we have another packet to analyse:
Read more “Fortiweb – CVE-2025-64446”
Threat Intel
A common perimeter firewall in organisations is the CISCO ASA. Back when I started in the industry we used to have CISCO PIX firewalls, the ASA was the next generation of these! Why is this important? Well its important to understand how common threat actors work, you will see from a while ago I wrote a review of the manual 2.0 by Bassterlord (a known cybercriminal), this is to help understand how attackers work, what real world cybercrime looks like so that we can enable people to help defend against these threats.
Read more “Analysing 1 Million Honeypot events with Defused Cyber Deception”