From Zero to DA using ‘PetitPotam’

Introduction

Whilst I was on ‘holiday’ (seriously even when on holiday I almost always must do some work!) a few Windows vulnerabilities were published. Great work by Gilles Lionel, Benjamin Delpy and many many others!

Lab Setup

A Domain Controller
A Separate ADCS Install with Web Enrolment or two DCs one with ADCS installed.
A windows Client Device (non-domain joined)
An attacker device (I used Kali)

You do not need any domain credentials to conduct this exploit chain, so from a network adjacent unauthenticated position you can get DA with the right circumstances (default configuration). Read more “From Zero to DA using ‘PetitPotam’” →

Defense

Changing a security posture requires changing your own behaviours

I’m sure you will have had a marketing firm or some random sales person on Linkedin tell you that security should be simple and that their product will save you from all the ATPs and nation state hax0rs under the sun. However let’s get real, thats almost certainly not true and also security isnt simple or we’d all be out of jobs and everyon woulndn’t be getting owned all the time.

Getting real

Defense

Ransomware Defence: Part 2a – Persistence, Privilege Escalation and…

Recap

In Part 1 (Initial Access Defence and Checklist) we looked at ways of hardening your attack surface to defend against initial access. When it comes to ransomware there is a range of elements and variables in the kill chain that need to be successful for the outcomes to be achieved by the criminals. Here we are going to move further into the kill chain to look at further defences. Remember you need to have an “Assume Breach” mindset if you are going to be able to defend against ransomware, that being said, there is a hell of a lot of things you can do for 0 to low investment costs that provide a great ROI. Now some of this is going to be repeated guidance from part 1, that’s ok repetition is good (make sure you are covered from multiple perspectives). Ok let us get to it! Read more “Ransomware Defence: Part 2a – Persistence, Privilege Escalation and Lateral Movement” →

Guides

Secure Service Design: Practical Solution Architecture

The truth shall set you free

I’ve worked in technology a long time now (relatively for me). It’s now over 20 years professionally and when I was a kid, I used to remove malware from small business’s etc. I’ve travelled to some funky places and done some cool things, but I learn new things every day. I do however come across some repeating patterns in my adventures as a consultant. There is a hidden truth that many are scared to admit…

Most organisations are not very good at service design, let alone secure service design!

Ok so there it is, I hope that this blog doesn’t age very well, but I’m 20 years in and I chat with my dad about his past life in the corporate world and we both see the same things being repeated. So, what can we do about it? Well sharing is caring, so here’s some things to think about when planning and designing a new service. I’m going to focus on the technology and security aspects, clearly, I am not saying ignore the business and value alignment but for the purposes of this post I’m assuming that the functional service capabilities and alignment are in effect. I’m also assuming that business case is solid because you know, without £ it’s a bit hard to create an operate a service (that’s a whole new post!). Read more “Secure Service Design: Practical Solution Architecture” →

Defense

Modern Workspace: PowerShell OAuth Error

Create PowerShell Session is failed using OAuth

When connecting to Exchange online (there was a reason I needed to do this) I had the following error:

I did some googling that luckily someone has already posted how to fix this:

https://www.vansurksum.com/2021/03/11/create-powershell-session-is-failed-using-oauth-when-using-the-exchange-online-v2-powershell-module/

It turns out WINRM’s ability to use BASIC client authentication is disabled as part of the standard Windows 10 hardening baseline deployed via Intune.

To fix these we need to re-enable BASIC client side WINRM authentication. Read more “Modern Workspace: PowerShell OAuth Error” →

CTF

How to enable NULL Bind on LDAP with Windows…

History of NULL bind

Back in the early Active Directory days NULL bind was actually enabled by default, these days you can get a rootDSE NULL bind out of the box but on Windows Server 2019 you can even disable this!

So why would I want to enable NULL bind? Well, some legacy apps may need it but generally speaking you don’t want NULL bind enabled.

The lesson here is DO NOT copy what I am doing here! Simples! Read more “How to enable NULL Bind on LDAP with Windows Server 2019” →

Defense

The anatomy of designing resilience, recoverability, and contingency into…

I want a simple way of restoring service in the event of a disaster

Foreward

I wrote this over 5 years ago and wanted to see if it stood the test of time – I also see too often that organisations don’t have the right capabilitites to recover so I figured this is a good post on the subject.

Defense

Endpoint Security – The Essentials

It’s called essentials it’s not called advanced!

Have you ever wondered what the absolute minimum you should do is to protect against cyber criminals? I’ll be honest I haven’t, that minimalistic approach to be seems kind of risky… BUT the world is not me and if you want to achive greatness you need a good foundation! So the essentials are good to know.

Defense

WordPress Security Considerations

WordPress is one of the most popular content management systems in the world today. I believe it is about 35% of the market share globally. That is a lot of sites.

I have been using WordPress for years myself; some people give it some stick for being vulnerable but that is usually them referring to third party plugins. I like it because you can build a site easily, without having to spend ages and you can deploy it and migrate etc. without having a huge headache. Read more “WordPress Security Considerations” →

Defense

Combating Cyber Crime: Should we really be charging to…

Sensational Press or Cyber War Mongering?

I do not know Mr Martin, but I would assume that his role at NCSC and GCHQ would have given him a good insight into the realities of cybercrime, cyber terrorism, nation state affairs and how to effectively defend against cyber criminals (and other threat actors) so please read this blog as it is intended, it’s an analysis on the quoted statements and reporting style and general view of mine about current cyber war rhetoric, not an analysis of the person. Why am I writing this? Well, I am seeing an increased level of FUD, snake oil and cyber war rhetoric and I wanted to share some of my thoughts, opinions, and ideas in this space. For it is far too easy to call for war and in cyberspace do we even know what that means? Read more “Combating Cyber Crime: Should we really be charging to cyber war?” →