DNSSEC – why not having a signed zone is…

Firstly, what is DNSSEC?

https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en

Ok read all that good. What we are talking about here is signing a DNS zone to “assure” that the client is getting DNS responses from the right ZONE data. DNSSEC does not encrypt the conversation between DNS client and DNS server. It does enable the client to be able to check if the data it gets back is valid. In short what we are doing is validating that the “data” being returned is authorized and not tampered with.

Education

How to get some OPSEC with Kali?

There are major questions that must be answered here!

How do we change the hostname in KALI Linux?
How do we change the default TTL to look like a Windows Machine?
How do we pretend to be a SAMSUNG device/How do we change our MAC address?

Getting into Cyber

How to get into Cyber? It’s EASY!

Quick, I’ll tell you a little secret… to get into CYBER you must first follow this guide:

Now if you are going to GET INTO CYBER you need to have a range of things:

Computer Hacking Skills
Num-chuk Skills

Right ok, so let’s get some Hacking Skills!

Head over to KALI LINUX and download KALI

Threat Intel

ESXiARGS Ransomware – Global Incident

Thousands of ESXi hosts around (some of the) globe have been encrypted by cyber criminals. This post is a fast publish showing some of what has occurred, it’s impact and now includes limited remedial advice.

If you have been affected by this ransomware event there is an attempted recovery script by CISA

https://github.com/cisagov/ESXiArgs-Recover/blob/main/recover.sh

Leadership

Why is security so hard?

It requires being thorough.
It required documenting things.
It requires conducting training and drills.
It adds what can be viewed as additional effort/cost to the primary goals (sell widgets/services/time)
It involves weird and wonderful ways of abusing functionality that is not always apparent or expected, thus to the typical consumers/user of a service, the idea that it might be abused actually seems very unlikely (to a criminal or security pro, the idea it will be abused seems far more likely based on threat intelligence etc.)

Hacking

CrackMapExec (CME) on Windows

Ok this is going to be really short post, but expect more later! Did you ever want to run CME but you were stuck on a Windows machine? Well don’t worry you can! How do we do this?

First we download CME

https://github.com/Porchetta-Industries/CrackMapExec/releases/download/v5.4.0/cme-windows-latest-3.10.1.zip

Extract the zip file

Make sure you have python3 installed!

Defence

Threat hunting with some funny results!

You never know what you will find when you go hunting! So here’s a quick tale of an explore I did using Advanced Hunting!

I went hunting here in Advanced Hunting:

Threat Intel

Simulating Human Operated Discovery

Did you want to check out some of your detections? This isn’t everything of course but it’s a simple batch file to simulate a range of enumeration techniques used by actors like CONTI or LOCKBIT affiliates/operators:

Leadership

It’s 2023 and people’s passwords are still really really…

If you work in marketing you are probably walking around telling everyone that we all live in a ZERO trust era, that PASSWORDS are DEAD! Ransomware is DEAD and AI is the FUTURE and we should be doing that NOW!

Meanwhile back on CYBER PLANET EARTH, most organisation do NOT have or need AI, they use passwords and well they passwords they use are shockingly bad! Howe do I know this? I do password audits and security testing, but I also look at breach data! (and we have other people publish password audit reports etc.)

Uncategorized

Living with your password strength head in the sand

Password audits, if you ask some security pros you will hear a million reasons why you would be insane to do them… ask me however and the answer is more nuanced. They are activities that must be handled with the upmost care, however…. they (in my experience) have been incredibly useful to help improve security postures and to enable organisations to understand risk! You are of course free to ignore what I think and live like an ostrich (or it really might not be suitable for your environment). I’m not going to talk about how to do a password audit today, I’m also not going to advise in this post on sourcing strategy (you may want to do in house or you might want to outsource, after all, you normally put all your hashes in someone else’s computer when you use cloud right!?), anyway enough rambling, year ago the NCSC UK did some password auditing research (it was good work – Spray you, spray me: defending against password spraying… – NCSC.GOV.UK) and now the DOI have also done similar, check out the report In the link below: