MrR3b00t | Defender of the cyber realm Profile picture
Cyber Jedi @pwnDefend, wielder of someone else's scripts, can typo at over 140 words a minute! I'm deffo a SPY! Pro Story Teller - co-founder @cv19cyber!
30 May
You know alot of these (not all) these leadership blogs and posts? Like I read a lot of them and I think…This person hasn’t actually secured their org more they have mainly had tea and coffee and made some PowerPoints….. I’m gonna see if I can find some stuff that looks real…
I’ve worked in hundreds of orgs….. almost 99 percent of them have had major issues, almost every active directory has been fucked….. what does this tell us?
I’m gonna go maybe go find some think leader blogs and see…. Ciso first 100 days…. Let’s see wha the world of marketing themselves *cough* I mean industry leading thunk leaders looks like….
Read 37 tweets
29 May
i wonder how that works the other way round....
the reality is there are too many holes.. too much neglect.. we need to come out of the 90s level of shit configurations. we have deployed technology in a fucking shocking way. #DefendHarder
"fast profit, maximise margins, get the deal done so by the time its underway I'm off to another land and someone else has to clean up the mess" - the western businessman 1990-2021
Read 4 tweets
29 May
ok new thread.... my brain is still ticking... and i've got nowhere to go.

So how safe are we? are there 6 MILLION vulnerable routers in peoples homes? are 1337 hax0rs pwning wifi and uploading CP in clear text? what does the UK consumer surface look like? let's go exploring!
in the UK BT are the biggest ISP. See i did some work when covid hit arround this space but bear with me coz my memory is a bit crap and no idea where last years research got to. so let's start again.
so we are gonna focus on consumer space! a novelty for me! let's go find out what the normal home looks like...
Read 24 tweets
29 May
Ok since I can’t do what I planned to do I’m gonna sit in the lab and drink tea and tinker 😈 let’s see how valid the attack route is with this.
Ok so first thing this wants a Vodafone dsl connection…. This may mean we can’t complete this….
Luckily hacker mindset is to try lots of fun things!
Read 38 tweets
29 May
Here goes nothing! Hahah let’s see!
We have no LeD interface on the unit…. But we have link lights!
We have icmp!
Read 4 tweets
29 May
watching for bad pews ;)
bad pew detected 212.83.134.143
this pew is hitting a high numbered RDP port on the vulnerable lab, it's attempting to brute force/dictionary attack
Read 7 tweets
28 May
my friends and I offered FREE cyber security expertise from industry pros (shit loads of them!) to the @NHSuk and tumbleweed yet some wanker writes themselves a cheque for 800k...

what a wanker... i mean I can't even begin...
for 800K we could have run pingcastle and audited EVER SINGLE FUCKING NHS TRUST active directory! every fucking one!
we could have probably fixed a shit TON of lateral movement issues, we could have done so much fucking stuff.... what a CUNT!
Read 4 tweets
4 May
Nibbles is learning about how to be opsec safe…. Like knowing what keyboard to use… which hostnames are safe… how to spoof things… how to make it look like Russia when it’s actually frogs 🐸
Clever boy!
K hax taking the reins and now has local admin on a domain joined machine! Pew pew
Read 23 tweets
4 May
K hax u r weapons free ! In ur own time fire 🔥 (requesting fire support from @Shadow0pz and cookie 🍪 monster) (ppl I’m being ironic this isn’t a fucking weapon it’s a laptop)
Pew pew!
Hydra goes brrrrr rdp pew pew!
Read 6 tweets
4 May
yay i have 0 more meeting this week. the rest of the week I'm just working on community stuff! WOOHOOOOOOOOOOOO honestly the best thing about leaving a 'job' is now I get to invest shit tons more back into the community :)
5.5 odd years ago I left a well paid job with friends that I loved working with. I racked up enuff debt to scare myself shitless, luckily I found some friends along the way to help me. Having my business is NOT easy, but it does let me choose what I do.
and that makes me happy. I'm not the easiest person to manage, I like to create things, I like to explore, I approach things in a way that is not typical, i blend "I'm not a techie" with pews and use data and work to try and help ppl. might sounds normal but from my experiance..
Read 6 tweets
4 May
who would like a workbook to support the "Cyber Assessment for normies" document I made?

#cyber #assurance #assessments
just working on how to do this.. one sheet or multiple.. also it needs a dashboard and some metadata.
ok some metadata added
Read 8 tweets
4 May
no mathew i am not on the same side as snake oil wankers..... LULZ some people are on another planet.
also lulz at lockdown fever... i love people commenting on shit they have no insight into.
i am not on the same side as everyone else.. let's generate a list of enemies...

ransomware gangs
child abusers
crime wankers
snake oil pricks
FUD pitchers
Read 4 tweets
4 May
had awesome feedback so far on the v1 of the "#Cyber Assessment for normal people" - thanks fot all the feedback people! linkedin.com/posts/dancard_…
I wrote this at the end of last year to try and help bridge the gap between the high level assessments and the awesome work people have done on the NIST, CMMS and @NCSC CAF: pwndefend.com/2021/05/01/cyb…
NIST CSF, CMMC etc (sorry previous tweet was before tea)
Read 6 tweets
3 May
Just seen loads of voicemail type phishing using a legit marketing service to reflect users to a owned Wordpress site where cred harvest is waiting! Will drop intel tmrw when I’m not feeling like I’m gonna be sick :(
http[s]://na.eventscloud.com/emarketing/go.php?i=776370&e=cmljaGFyZC5sYW5kdGlzZXJAbWVsaW9yaW5ub3ZhdGlvbnMuY29t&l=http[s]://chayilglory.org/wp/shsh/#test@test.com

Can someone get this burnt please? #phishing #cti #scammers #fuckthem
@olihough86 @BushidoToken might be goodies on the Wordpress site but me haz to sleep
Read 4 tweets
3 May
31337 operators.... OMEERRGGEERDD WINDOWS SUCKS I never use windows i use linux for everthing .... walks into target environment... realises every fucking node on the network is windows....
Learn lots of operating systems, realise your preference is mainly important only to you and that other people might. It give a shit what is you like more than another 😂 or don’t it’s just my opinion 😂 seriously don’t listen to me I’m just a nerd with a computer 😂
I google everything I do or read notes etc. I have a strange memory - I literally have to read my own notebooks and blogs sometimes. But it’s probably a good idea to know about ITIL and enterprise computing if u ask me. The world of business is not Linux on the desktop.
Read 5 tweets
2 May
the name of the company u work for means very little to me most of the time, I've been inside a lot of massive named brands.... they are just the same as any other company when u get inside them,.. they are filled with people and bad decisions.
i don't really advertise the names of places i've done work for but it's alot of orgs... u gotta remember i've been doing this shit for 20 years now, and I've been badged as most of the major brands,
its also why i think its funny some ppl think i do small biz stuff... the only small biz i work with is my own and some partners ... you think a small biz pays for a 20 year consultant.... LOL get real.
Read 6 tweets
2 May
Image
ok so we've raised the forest and domain levels, we've preped the schema and the domain. now we install the roles server. Gonng do a single box Image
old school we used to have powershell scripts etc. coz dependancies was such a pain, i've been deploying exchange since 5.5. days :S Image
Read 5 tweets
2 May
#Ransomware Defence Problems Stage 1: We are under a dictionary attack! This server is exposed on a high number port (sysadmin thought that was a good idea.. it's not!) bad pews raining inbound! ImageImage
so this round they failed but major problem number 1 is that we've got a weakly defender service exposed. Problem number 2 is no is actually monitoring this! Image
The threat actor is changing tactic, they seem to have been able to enumerate a valid account.
Read 27 tweets
12 Mar
some key things I've seen in the last week. You probably won't ever know where stage 1 (recon/enum) came from.
Stage 2. you will see in the logs but with fairly hgh levels of logging enabled on the exchange server, there is no security failure event logged. #ProxyLogon #Hafnium
so maybe it will show on a Domain controller (out of the box logging enabled - so shit logging) - NOPE can't see shit!
ok so now let's go and look at the IIS logs..
please ignore the B one (that's us :P ) so by default IIS and exchange mbx/cas role has two sites! a front end (tcp 443) and then backend (tcp 444) :)
Read 9 tweets
11 Mar
Let’s hope the crims forget how to count it might buy us a few more hours 😭😭😭😭😭 #ProxyLogon
Now I can’t sleep 😴 see I have the joy of having reviewed that POC and now I can’t sleep 😂😂😂😂 fuck! Patch your exchange servers!! Or put mitigation’s in place - the ransomware gangs will be on their way 😭😭😭😭
Read 4 tweets
10 Mar
I think my defend and share info about exchange is now enough. i hope what we've managed to put out although very rough has helped people. I will probably tidy some stuff up later but there's a truck ton of stuff from many parties to help people. #Hafnium #Exchange #ProxyLogon
I will try and do a video or stream that’s opsec safe to show the logs 🪵 but I need sleeps first 😂
findstr /snip /c:"ResetOABVirtualDirectory" C:\inetpub\logs\LogFiles\*.log Image
Read 4 tweets