Threat Intel
Ransomware this, ransomware that! The problem is, you can be tired of the subject but that doesn’t mean the threat has gone away! So what are the currently active ransomware groups posting victims?
Well here’s a list of currently active group (Both Ransomware and Marketplaces) names who have ONLINE “DARK WEB” (TOR) hidden services online and who are posting victims or are markets:
Read more “Active Cybercrime Groups”
Threat Intel
https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en
Ok read all that good. What we are talking about here is signing a DNS zone to “assure” that the client is getting DNS responses from the right ZONE data. DNSSEC does not encrypt the conversation between DNS client and DNS server. It does enable the client to be able to check if the data it gets back is valid. In short what we are doing is validating that the “data” being returned is authorized and not tampered with.
Read more “DNSSEC – why not having a signed zone is almost never going to lead to you getting pwn3d”
Education
There are major questions that must be answered here!
Getting into Cyber
Quick, I’ll tell you a little secret… to get into CYBER you must first follow this guide:
Now if you are going to GET INTO CYBER you need to have a range of things:
Right ok, so let’s get some Hacking Skills!
Head over to KALI LINUX and download KALI
Read more “How to get into Cyber? It’s EASY!”
Threat Intel
Thousands of ESXi hosts around (some of the) globe have been encrypted by cyber criminals. This post is a fast publish showing some of what has occurred, it’s impact and now includes limited remedial advice.
If you have been affected by this ransomware event there is an attempted recovery script by CISA
https://github.com/cisagov/ESXiArgs-Recover/blob/main/recover.sh
Read more “ESXiARGS Ransomware – Global Incident”
Leadership
Hacking
Ok this is going to be really short post, but expect more later! Did you ever want to run CME but you were stuck on a Windows machine? Well don’t worry you can! How do we do this?
First we download CME
Extract the zip file
Make sure you have python3 installed!
Read more “CrackMapExec (CME) on Windows”
Defence
You never know what you will find when you go hunting! So here’s a quick tale of an explore I did using Advanced Hunting!
I went hunting here in Advanced Hunting:
Read more “Threat hunting with some funny results!”
Threat Intel
Did you want to check out some of your detections? This isn’t everything of course but it’s a simple batch file to simulate a range of enumeration techniques used by actors like CONTI or LOCKBIT affiliates/operators:
Read more “Simulating Human Operated Discovery”
Leadership
If you work in marketing you are probably walking around telling everyone that we all live in a ZERO trust era, that PASSWORDS are DEAD! Ransomware is DEAD and AI is the FUTURE and we should be doing that NOW!
Meanwhile back on CYBER PLANET EARTH, most organisation do NOT have or need AI, they use passwords and well they passwords they use are shockingly bad! Howe do I know this? I do password audits and security testing, but I also look at breach data! (and we have other people publish password audit reports etc.)
Read more “It’s 2023 and people’s passwords are still really really bad!”