Can AI replace intelligence analysts?

Ok, it’s late, and well I wanted to look into cyber attacks where social engineering is a key component combined with technical hacking skills.

There’s been a growing number of these style events, so I tasked GROK to create an assessment for me, let’s see how it did! Let’s both try and answer the questions:

Can GROK replace intelligence officers and can GROK help us defend better against social engineering + technical attacks? What do you think? (please take all of this with a pinch of salt… LLMs are known to make mistakes/hallucinate/lie in a very convincing manner)….

they look nice…. but looks can as we know, be deceiving! (is the entire blog just a social engineering experiment by me?)

News

Using AI to analyse cyber incidents

Currently there appears to be a relatively significant cyber security incident at Marks and Spencer. So I thought I would give a demo of using AI (LLM, GROK) to create a timeline:
(since this is generated by an LLM please take this with a health pinch of salt, I wanted however to show the actual content and method I’ve used so people can understand it)

Education

Unravel the Mystery of Cyber Noir Detective: A Thrilling…

[This is why we need humans and not AI to write things!]

This is what an LLM said about my Cyber Noir game…. I think this is going to need me to write something! But that will come another day, today you can enjoy how humans are, not entirely replaced yet!

Enjoy! (perhaps just play the game!)

https://mr-r3b00t.github.io/cyber-detective

In the neon-drenched streets of Neon City, where high-tech crime and shadowy conspiracies collide, a new kind of detective story awaits. Cyber Noir Detective, an innovative choose-your-own-adventure game, invites players to step into the shoes of Riley Voss, a seasoned investigator tasked with thwarting a catastrophic cyber breach at NexCorp. This browser-based experience, crafted by cybersecurity experts at PwnDefend, blends immersive storytelling with subtle educational insights, making it a must-play for fans of interactive fiction, cyberpunk aesthetics, and digital security.

Education

A Cyber Noir Detective Game

Recently vibe coding has been the name of the game! So whilst dealing with an incident I was thinking about some of the common challenges organisations face when it comes to incident response, which led onto the broader topics of why do so many orgs either have no policies or defined processes but even when they do, people don’t follow them.

So much focus is given to cyber awareness training for ‘end users’ but not so much about training IT and business teams in how to manage incidents.

Enter: Gamified training + comic books + detectives!

Leadership

Using cyber security investments as a business enabler

Making security both an organisational support capability but also enabling business is not easy. Lots of the security activity is for obvious reasons not totally transparent. However one thing I want to show people is how you might want to tell existing and prospective customers about the way you approach security within your organisation. One way to do this is to show people how you align to the NCSC 14 Cloud Security Provider Principles.

Education

Making cyber security relatable to people

If we look at the reality of cyber security on a personal level, it’s insanely complex. There are hundreds if not thousands of details that matter, under the microscope security is incredibly complex and contextual. Which makes it a nightmare outside of simple abstractions, because things get complex fast.

Leadership

Cyber Leadership – Real Life Incidents over the years!

Introduction

I’ve been around a bit now, I started ‘playing’ with technology very young as a kid! Wolf 3D/Doom era etc (ok even before that but whatever) …

In my professional career I’ve worked with literally hundreds of companies, from mega to small, from household names that sell games consoles through to orgs that sell you yummy food! I’ve worked across loads of industries from government through to manufacturing. I’ve dealt with major incidents for the finance sector, healthcare but also, I’ve been inside a range of networks for some time.

Leadership

The business ‘value’ of Cyber Investments

A massively common analogy I see in security is the idea that security is like paying for insurance incase something goes wrong. I think this is great if you have 3 seconds only to describe security, but that’s not really how I have conversations with people. A sound bite isn’t reality, and to be honest I personally find that rather meaningless. I also know that many people don’t like or even pay for a range of insurance so when we look at how we try and improve digital security from a whole of society perspective, I think this phrase doesn’t work, it’s too narrow…

Defence

A threat actor is inside your perimeter… what routes…

Ok that subject is massive…so this is a bit more of a targeted thought process to consider.

Each network is unique and technology deployments vary. One time I was in a network that was almost entirely Apple MacBooks and a door control panel…. which was ‘fun’.

So this is a general list of some things to consider if you have tech deployed such as:

Active Directory
Printers
SCCM
MSSQL

Defence

What are the top Active Directory Security vulnerabilities I…

Ok so here’s the thing, I do NOT like getting pwn3d! I think you probably would rather your organisation does not too!

What I really don’t want to occur is a ransomware event! They suck, they are like a digital bomb going off.

So I’ve knocked up a quick list to get people thinking (these are NOT all the vulnerabilities I networks you should care about.. but they are some that could lead to a ransomware event!)