Skip to content
PwnDefend
  • Base
  • Comms Room
    • Customer Feedback
    • Company Information
    • Security Management
  • Services
    • Consulting Services
      • Enterprise Security Posture Assessment
      • Cyber Security Assurance & Security Testing Services
      • IT Security Healthchecks
      • Active Directory Assessment Services
      • Managed Remediation Services
    • Emergency Cyber Incident Response Support
    • Our Success Stories
    • Partner Services
  • Blog
  • Privacy
Leadership

Cloud Adoption Security Review

Anyone that knows me, knows I love maturity assessments and tools (I’ve built a few, and run LOADS more) so this morning when I saw this on LinkedIn I had to start to get some understanding! I’ve not even had a cup of tea, but let’s see what this looks like!

Read more “Cloud Adoption Security Review” →
Leadership

Current State Cyber Challenges and why communication is important

Currently I’d list some of the major challenges we face as a civilisation as the following (clearly not exhaustive etc.)

  • The general population largely don’t understand cyber
  • Lots of people think there is nothing they can really do
  • People have shockingly bad personal cyber security
  • A large number of organisations have shockingly poor cyber security postures
  • People’s passwords are often ridiculously weak
  • People re-use passwords all the time
  • People seem to believe we have “magic nation state cyber shields”
  • Organisation’s largely do not invest adequately in cyber security
Read more “Current State Cyber Challenges and why communication is important” →
News

Cyber News Today

Another day in the life o’cyber! There’s probably new exploits, new vulnerabilities, new updates and industry changes galore but here’s some highlights from the day!

Read more “Cyber News Today” →
Education

Password Spraying Office 365

Clearly this is for penetration testing, not for evil! So if you have to pentest Office 365 you might want to be attacking the authentication services. This will be aligned to the tenant you are testing, as always make sure you have authorisation.

Deploy to your favourite LINUX instance or WSL etc.

Read more “Password Spraying Office 365” →
Hacking

Office 365/Azure Pentest Tools

I’m not going to talk about these… yet… and there’s duplicates because I think it’s useful to see where they can be used in different scenarios. Expect this list to grow!

Read more “Office 365/Azure Pentest Tools” →
Leadership

The Cyber Acid Test

I’ve been working with all kinds of different organisations over the years, and I keep running into similar scenarios.  The current state of the majority of organisations security postures are simply (as a broad-brush statement) far riskier than they need to be.

Conversely there are a range of common challenges I find in almost every org:

Read more “The Cyber Acid Test” →
Threat Intel

LastPass Breach – The danger of metadata

When an organisation suffers a data breach it’s usually bad. When an organisation that stores 25 million people’s passwords that’s really bad.

There are multiple risks here at play.

Firstly, when we give people our data, it’s our risk and our choice. I’m ok with that, I chose to give lastPass my data.

My vault data might be gone, but I have a strong master password, how we interpreted the theft of the basically cryptographic materials is a bit like when we full disk encrypt a drive.

If you lose a laptop that’s got FDE do you report this as a data loss to the ICO? Or do you say, it’s encrypted so actually I haven’t lost the data per say, I’ve just lost a random (ish) bunch of 0s an 1s so I don’t count that as an incident? I’m not here to be judge or jury.

Read more “LastPass Breach – The danger of metadata” →
Leadership

What is a “Winning Cyber Security Strategy”?

A winning cyber security strategy should have several key components.

First, it should involve a thorough assessment of your organization’s current security posture, including identifying any potential vulnerabilities or weaknesses. This assessment should be ongoing, with regular updates to ensure that your security measures are keeping pace with the evolving threat landscape.

Read more “What is a “Winning Cyber Security Strategy”?” →
Education

Vulnerability Prioritisation

I’ve got 99 vulnerabilities but log4j ain’t one!

Most organisations have hundreds to thousands of vulnerabilities. They range across the spectrum from:

  1. CRITICAL
  2. HIGH
  3. MEDIUM
  4. LOW
  5. INFORMATIONAL

The challenge comes in trying to determine how to prioritise. Which ways could we go?

Where do we start?

Read more “Vulnerability Prioritisation” →
Leadership

How to not lose your job as a CISO

A mRr3b00t Adventure

Join me on an adventure of rambling and exploring the idea that you can in fact not lose the security leadership game! This blog is WIP, it’s just my brain wondering around the question of: can we win the in the face of a seemingly insurmountable force? What do we do as a security leader to protect ourselves and the organisation? How do we start?

Read more “How to not lose your job as a CISO” →

Posts navigation

1 2 3 4 5 … 14

Recent Posts

  • Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2023-23397)
  • The Long Game: Persistent Hash Theft
  • The Hacker on a Train
  • Adopting an Attacker Mindset to Defend Healthcare
  • Caught: A Hacker Adventure

Recent Comments

No comments to show.

Archives

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • March 2020
  • February 2020
  • January 2020
  • October 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018

Categories

  • Architecture
  • Breach
  • Company News
  • CTF
  • Defence
  • Defense
  • Education
  • Fiction
  • Getting into Cyber
  • Guides
  • Hacking
  • IOT
  • Leadership
  • News
  • OSINT
  • Reviews
  • Strategy
  • Threat Intel
  • Uncategorized
  • Vulnerabilities
Copyright (c) Xservus Limited