You know alot of these (not all) these leadership blogs and posts? Like I read a lot of them and I think…This person hasn’t actually secured their org more they have mainly had tea and coffee and made some PowerPoints….. I’m gonna see if I can find some stuff that looks real…
I’ve worked in hundreds of orgs….. almost 99 percent of them have had major issues, almost every active directory has been fucked….. what does this tell us?
I’m gonna go maybe go find some think leader blogs and see…. Ciso first 100 days…. Let’s see wha the world of marketing themselves *cough* I mean industry leading thunk leaders looks like….
ok new thread.... my brain is still ticking... and i've got nowhere to go.
So how safe are we? are there 6 MILLION vulnerable routers in peoples homes? are 1337 hax0rs pwning wifi and uploading CP in clear text? what does the UK consumer surface look like? let's go exploring!
in the UK BT are the biggest ISP. See i did some work when covid hit arround this space but bear with me coz my memory is a bit crap and no idea where last years research got to. so let's start again.
so we are gonna focus on consumer space! a novelty for me! let's go find out what the normal home looks like...
yay i have 0 more meeting this week. the rest of the week I'm just working on community stuff! WOOHOOOOOOOOOOOO honestly the best thing about leaving a 'job' is now I get to invest shit tons more back into the community :)
5.5 odd years ago I left a well paid job with friends that I loved working with. I racked up enuff debt to scare myself shitless, luckily I found some friends along the way to help me. Having my business is NOT easy, but it does let me choose what I do.
and that makes me happy. I'm not the easiest person to manage, I like to create things, I like to explore, I approach things in a way that is not typical, i blend "I'm not a techie" with pews and use data and work to try and help ppl. might sounds normal but from my experiance..
I wrote this at the end of last year to try and help bridge the gap between the high level assessments and the awesome work people have done on the NIST, CMMS and @NCSC CAF: pwndefend.com/2021/05/01/cyb…
NIST CSF, CMMC etc (sorry previous tweet was before tea)
Just seen loads of voicemail type phishing using a legit marketing service to reflect users to a owned Wordpress site where cred harvest is waiting! Will drop intel tmrw when I’m not feeling like I’m gonna be sick :(
31337 operators.... OMEERRGGEERDD WINDOWS SUCKS I never use windows i use linux for everthing .... walks into target environment... realises every fucking node on the network is windows....
Learn lots of operating systems, realise your preference is mainly important only to you and that other people might. It give a shit what is you like more than another 😂 or don’t it’s just my opinion 😂 seriously don’t listen to me I’m just a nerd with a computer 😂
I google everything I do or read notes etc. I have a strange memory - I literally have to read my own notebooks and blogs sometimes. But it’s probably a good idea to know about ITIL and enterprise computing if u ask me. The world of business is not Linux on the desktop.
the name of the company u work for means very little to me most of the time, I've been inside a lot of massive named brands.... they are just the same as any other company when u get inside them,.. they are filled with people and bad decisions.
i don't really advertise the names of places i've done work for but it's alot of orgs... u gotta remember i've been doing this shit for 20 years now, and I've been badged as most of the major brands,
its also why i think its funny some ppl think i do small biz stuff... the only small biz i work with is my own and some partners ... you think a small biz pays for a 20 year consultant.... LOL get real.
some key things I've seen in the last week. You probably won't ever know where stage 1 (recon/enum) came from.
Stage 2. you will see in the logs but with fairly hgh levels of logging enabled on the exchange server, there is no security failure event logged. #ProxyLogon#Hafnium
so maybe it will show on a Domain controller (out of the box logging enabled - so shit logging) - NOPE can't see shit!
ok so now let's go and look at the IIS logs..
please ignore the B one (that's us :P ) so by default IIS and exchange mbx/cas role has two sites! a front end (tcp 443) and then backend (tcp 444) :)
Let’s hope the crims forget how to count it might buy us a few more hours 😭😭😭😭😭 #ProxyLogon
Now I can’t sleep 😴 see I have the joy of having reviewed that POC and now I can’t sleep 😂😂😂😂 fuck! Patch your exchange servers!! Or put mitigation’s in place - the ransomware gangs will be on their way 😭😭😭😭
I think my defend and share info about exchange is now enough. i hope what we've managed to put out although very rough has helped people. I will probably tidy some stuff up later but there's a truck ton of stuff from many parties to help people. #Hafnium#Exchange#ProxyLogon
I will try and do a video or stream that’s opsec safe to show the logs 🪵 but I need sleeps first 😂