I have been playing with Kerberos authentication detection rules in our SIEM. I wanted an alert to be triggered in the event of brute force attacks and password sprays on our AD accounts and I wanted to be able to tune and test these alerts by simulating these types of
I was asked to look into the implications of Mythos Preview. I wrote this about 2-3 weeks ago and procrastinated publishing it. Yesterday, Fable 5 and Mythos 5 were released so it might change anything/everything I’ve written (hopefully unlikely). I’m going to publish this anyway and
When an attacker has some presence in your network, they will try to move laterally. They will look for things on the network that will give them access to other systems and data. e.g. plain text credentials stored in files. Does that actually happen? Yes. Here’s a few
We got a Critical alert that a certain port is exposed on an IP address apparently linked to our organisation. The alert reported that the service is vulnerable to high severity vulnerabilities and listed all the CVEs and techniques associated to them. My initial thought was this doesn’t look
Problem I wanted to block access to personal OneDrive or any other personal Microsoft365 portals without disrupting any access to legit company resources. i.e. only allow access to your corporate OneDrive. Why? To mitigate the risk of data exfiltration by users or attackers who have compromised a user account.
If you are not into football, you probably want to stop reading now. There is zero cyber security/IT content in this blog post. I’m in my thirties and I feel like I am playing better football than at any point in the past. I’ve always played small
What the hell is going on? What am I seeing? I don’t know how I am going about my days watching a live streamed genocide and man made famine in Gaza. Living like a zombie. Numb. Just numb. Oh poor me with food and safety everyday. It’s the
I first got exposure to Cloudflare in my current role. It’s used as a reverse proxy to websites mainly to benefit from its security…
I have two systems that report on assets within the organisation. An Endpoint Manager and a Vulnerability Manager. Ideally, both systems should report the same assets. Same number, same hosts. However, I noticed some assets reported by the Endpoint Manager were not appearing in the Vulnerability Manager. I needed to
Today I am late. Super late. I missed the first train. And then I even missed the next train half an hour later with the door closing literally just as I reached it. Proper movie scene. A second earlier and I would have been in. And my initial reaction to
Recently, I had to use Vim Editor after years. Honestly, I had to google how to use it. I used it daily for some morning manual checks when…
Something interesting I came across recently. How do we calculate a percentage change from zero to a positive number?