Guides
If you are having fun today with Defender ASR deleting lnk files then you will see the MS Script has a v1.1 which looks to VSS to see if it can restore shortcuts from shadow copies, so whilst here I thought I’d note down a few different ways to list the Volume Shadow Copies.
You will need admin rights for these to work:
Read more “Volume Shadow Copy”
Uncategorized
Password audits, if you ask some security pros you will hear a million reasons why you would be insane to do them… ask me however and the answer is more nuanced. They are activities that must be handled with the upmost care, however…. they (in my experience) have been incredibly useful to help improve security postures and to enable organisations to understand risk! You are of course free to ignore what I think and live like an ostrich (or it really might not be suitable for your environment). I’m not going to talk about how to do a password audit today, I’m also not going to advise in this post on sourcing strategy (you may want to do in house or you might want to outsource, after all, you normally put all your hashes in someone else’s computer when you use cloud right!?), anyway enough rambling, year ago the NCSC UK did some password auditing research (it was good work – Spray you, spray me: defending against password spraying… – NCSC.GOV.UK) and now the DOI have also done similar, check out the report In the link below:
Read more “Living with your password strength head in the sand”
Strategy
When forming a strategy you must realise for starts that people view the word strategy differently. However, the general view is STRATEGY AS A PLAN. Without a PLAN a strategy is a DREAM.
The plan must be supported by a rang of factors, it must also be managed. It should be something which helps you go from where you are (CURRENT STATE) to where you want to be (FUTURE STATE) and should have a roadmap (TRANSITION PLAN/ROADMP) of how you will get there.
When we talk about can I see your strategy, you will need to have it documented, a strategy without a document isn’t a strategy that can be shared and communicated. As to what “THE STRATEGY” document must be… well there is no such thing as a MUST, but there’s some component that are largely and widely recognised to be useful.
Read more “Strategy”
Leadership
Anyone that knows me, knows I love maturity assessments and tools (I’ve built a few, and run LOADS more) so this morning when I saw this on LinkedIn I had to start to get some understanding! I’ve not even had a cup of tea, but let’s see what this looks like!
Read more “Cloud Adoption Security Review”
Leadership
Currently I’d list some of the major challenges we face as a civilisation as the following (clearly not exhaustive etc.)
News
Another day in the life o’cyber! There’s probably new exploits, new vulnerabilities, new updates and industry changes galore but here’s some highlights from the day!
Read more “Cyber News Today”
Hacking
I’m not going to talk about these… yet… and there’s duplicates because I think it’s useful to see where they can be used in different scenarios. Expect this list to grow!
Read more “Office 365/Azure Pentest Tools”
Defense
Whilst conducting security testing and assurance activities, I went looking to show logon events in Office 365. My first query was on IdentityEvents, this led to a view of a multi month attack by a threat actor/s against a tenent, followed by exploring the rabbit hole of logs and computer systems. This blog summarises some of the methods and findings when considering threat hunting and authentication defences for Office 365. (bear with me I am tired so this might need a bit of a tune up later!)
Read more “Defending Against Direct Authentication Attacks in Microsoft Office 365”
Guides
I thought about doing a step by step bash script or CLI walkthrough but decided to go with the high levels steps. If we wanted to ensure our Linux servers are configured in alignment with Cyber Essentials what are the main areas we need to consider? For this I’m using Ubuntu Server as a base, I’ve not gone through every line in the standard but these should be in line with the 5 areas and fit within the Cyber Essentials theme. As always there are many ways to skin a cat! (don’t skin cats they are frens!). Anyway hope this is useful.
Read more “Cyber Essentials for Ubuntu Servers”
Leadership
A winning cyber security strategy should have several key components.
First, it should involve a thorough assessment of your organization’s current security posture, including identifying any potential vulnerabilities or weaknesses. This assessment should be ongoing, with regular updates to ensure that your security measures are keeping pace with the evolving threat landscape.
Read more “What is a “Winning Cyber Security Strategy”?”