Morning world! Slept ‘ok’ (not great not terrible)
So yesterday I was doing some mitm6 over public WiFi (in the lab) and whilst I was speeding dns responses to Microsoft Google Facebook Twitter etc.
My web clients simply did not follow the responses and went to the actual sites!
Anyone know why? (It’s probably something like dnssec etc.)
Now in this instance it’s not even spoofing (you would see an event)
Let’s grab a windows laptop!
Oct 25, 2023 • 19 tweets • 6 min read
twitter have rolled out audio calls on twitter using STUN.
Be warned if you call someone the recipient (and anyone in the traffic path) can see your egress IP.
Apple private relay does not cover this.
Microsoft teams uses STUN
basically every single P2P audio probably uses this:
Whats app
Facebook Messenger
Signal
Telegram
can you do audio calls in Snapchat?
This is the common protocol....
this IP leakage is in everything (signal has a feature to mask it) and for all the others you need to either accept how it works or use a vpn etc.
You know every time you visit a webpage your IP leaks right?
Or just use LTE/xG and CGNAT....
Jul 31, 2023 • 13 tweets • 4 min read
had a request from someone.... time to deploy...
HOME EDITION! (WTF!)
ok what we need to do is odd.. we need to fuck with the OOBE experience...
The customer is stuck in a loop during the setup process
Jun 10, 2023 • 8 tweets • 4 min read
ok so true OFFLINE backups are hard. but you can look at layered approaches or there's immutable backups etc.
I'm showing this because this works for more than backups.
and YES it's complex from an identity plane point of view (that's the whole point!)
now it gets complicated in the details. If you do this with servers/storage and locations you own Plane 4 can litterally be physically isolated at it's management/access plane. Think of a hypervisor and where the networks are physically split (outside of the requirement to have… twitter.com/i/web/status/1…
Jun 10, 2023 • 4 tweets • 2 min read
Major 🇬🇧 Bad Cybers recently:
🇬🇧 Capita Breach
🇬🇧 Manchester Uni "Cyber Incident" (probably ransomware actors!)
🇬🇧 MoveIT Breaches (Boots, BA, BBC) and more!
🇺🇸🌎 Azure Portal DDoS'd (Alegedly by AS Sudan... (i think if it was them someone gave them some kit/money to use!)
Jun 9, 2023 • 4 tweets • 1 min read
Jun 9, 2023 • 5 tweets • 2 min read
ok the installer had some bugs.. there's a 2023.2a now
that has err taken out many hours of the day to get nowhere LOL
Apr 22, 2023 • 12 tweets • 5 min read
Shall we go do some cyberz? Sort of simple this one, chrome triggered an SMB connection to google on install. The binary is signed by google, the file size is not elevated. It looks legit.. but it triggered an alarm 🚨 (also bear with me I have a headache… :( )
Now I’m gonna deploy a quick vm locally. Windows 11. Then deploy MDE.
Apr 21, 2023 • 4 tweets • 4 min read
Had an awesome time this morning with @Tzardan where I learnt something about #politics and then we chatted about the #cyber security society challenges and how #communication is key to helping #solve todays and tomorrows cyber #challenges! 🫡❤️🇬🇧🤗
I also promise I did not jack into their net ;) 😈
Mar 11, 2023 • 28 tweets • 13 min read
#Veeam Community Edition Install on server 2022 for the #Ransomware Lab
Backup and Replication License Agreement goes brrr
I ACCEPT
Mar 10, 2023 • 45 tweets • 18 min read
ok let's #ransomware some servers! (in a lab of mine not for real coz it's NASTY!)
VMs go BRRRRR
But wait... we are gonna look at how we can PROTECT, RESPOND and RECOVER! I'm going to deploy @Veeam to help me (coz I like the product, it rocks!)
to start with I'm going to just do some PREP. We are going to need to think about Initial Access then Escalation to Domain Admin and then RAMPAGE!
Mar 10, 2023 • 5 tweets • 3 min read
NCSC CAF 3.1
Vulnerability management IGPs (indicators of good practise) let's take a look at some real world stuff...
"You do not understand the exposure of your essential function to publicly-known vulnerabilities."
I think 90+% of orgs will meet this criteria..
this would put most orgs at NOT ACHIEVED.
"You do not mitigate externally-exposed vulnerabilities promptly."
The idea management need to not really understand computer science and security in depth is probably partly why our world has such a shit cyber security posture! If you think management decisions should be made as n uninformed zombie please think again… same as… twitter.com/i/web/status/1…
I’m assuming the people that think this:
A) have not led and managed teams (fixed or project based) and
B) have a CISSP and not much else
😂😂😂😂😂
Mar 9, 2023 • 12 tweets • 5 min read
ok my day plan has changed! time to make a tea and then I think I'm going to do some work on SECURITY ORGANISATIONAL DESIGN for orgs that have:
> HERITAGE (people used to call this LEGACY)
and
> PRODUCT!
now remember the first rules of org design are there are NO RULES of org DESIGN! but there are good vs bad ideas! there are also a million different different ways orgs organize their businesses so this is not ever going to fit an org (if it does it's luck!) but it's some food… twitter.com/i/web/status/1…
Mar 9, 2023 • 4 tweets • 1 min read
some notes on thoughts about the STATE OF CYBER in 2023
I might write a rpeort based on attack surface mapping data and incidents to back this up so it’s more than just: oh that guy Dan doesn’t know what he’s on about
Mar 9, 2023 • 4 tweets • 1 min read
the CISSP does not teach people to manage or lead, it's a fucking memory test....
i'm not sure how the "infosec" world doesn't understand this, but then I look at what has been created with weak ass digital security everywhere and compliance obsessed orgs who have shit postures and it all kind of makes sense...
a big failure from my pov
Mar 8, 2023 • 4 tweets • 2 min read
Two pages on threat intelligence.. #CISSP fuck me I could write more with half a cup of tea stoned 🤣🤣🤣🤣
Look right I know people have had to study hard for this exam (it’s a stupid fucking exam) but honestly this certification is fucking stupid. It is wafer thin with ridiculous breadth
Omfg hahahahahhaa there’s a cyber conference in a hotel that you pay to be a speaker at 🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣 this is unreal! 💀💀💀💀💀💀💀💀
This is insane…..
I want to go to the conference… this sounds like a conference full of crown sterling’s 💀💀💀💀🤣🤣🤣🤣🤣