Blog – PwnDefend

All your DNSSEC base are belong to us

DNSSEC (Domain Name System Security Extensions) has been around since the mid-2000s and technically works well: it cryptographically signs DNS records so resolvers can verify that the answer they got really came from the authoritative server and wasn’t tampered with. Despite that, adoption and real-world deployment remain surprisingly low outside a few countries (notably .se, .nl, .cz and some others). Here’s why it never took off broadly, and why the rise of DNS over HTTPS (DoH) has made many people conclude that pushing DNSSEC further isn’t worth the effort anymore.

Leadership

The cost of resetting a password

If someone asked you how much the cost of a task is, I bet you would struggle to given them an accurate response, the default position of most people is to underestimate a cost of doing something (but estimation science show’s us that it tends to vary based on role e.g. project managers are risk averse, engineers think they can solve things faster than they can and executives often just want it to be cheaper for the sake of it being cheaper – Parkinsons Squeeze I think that is called)

Years ago I stared looking at total cost of ownership (TCO) and Return on Investment modelling (I mean a lot of years ago….) and I’ve created a range of models for organisations for:

Sales Estimation
Business Cases
Budget Planning
Project Planning
System Optimisation Analysis

Threat Intel

Fortiweb – CVE-2025-58034

‘CVE-2025-58034 is an OS command injection vulnerability (CWE-78) in Fortinet FortiWeb, allowing an authenticated attacker to execute unauthorized code on the system through crafted HTTP requests or CLI commands. It affects versions including FortiWeb 8.0.0-8.0.1, 7.6.0-7.6.5, 7.4.0-7.4.10, 7.2.0-7.2.11, and 7.0.0-7.0.11. The vulnerability has a CVSSv3 score of 6.7 (medium severity) and has been observed exploited in the wild, prompting its addition to CISA’s Known Exploited Vulnerabilities catalog.’

Threat Intel

Fortiweb – CVE-2025-64446

Another day another exploit in the wild it seems! (ok I’m a bit slow to this one). Using Defused Cyber’s Honeypots we have another packet to analyse:

Defense

A brief history of AI being used for Defensive…

There’s lots of talk from some people about how AI is going to destroy the world and needs to be regulated, like some kind of SkyNet has been created… Well I thought, aside from this being largely not reality, I would look into a history of ‘AI’ being used in cyber defence.

Vulnerabilities

Fortiweb Vulnerabilities 2025

Given the recent discovery of a critical vulnerability (CVE-2025-64446) in the Fortiweb appliances (exploitable via the management interfaces) I thought I would have a look at what other vulnerabilities have been discovered/published and what Proof of Concept (PoC) exploits exist in 2025.

Threat Intel

Rhadamanthys – Over 44 Million Credentials Stolen

Off the back of Operation Endgame (great work everyone involved!) we have some more data to show what many of us in the cyber industry know but isn’t so easy to show people. So I figured this might help explain part of how and why infostealers are a problem but also I look at how we might be able to use this takedown to help feed into a risk modelling process.

Threat Intel

Analysing 1 Million Honeypot events with Defused Cyber Deception

A common perimeter firewall in organisations is the CISCO ASA. Back when I started in the industry we used to have CISCO PIX firewalls, the ASA was the next generation of these! Why is this important? Well its important to understand how common threat actors work, you will see from a while ago I wrote a review of the manual 2.0 by Bassterlord (a known cybercriminal), this is to help understand how attackers work, what real world cybercrime looks like so that we can enable people to help defend against these threats.

Defense

Suspected Fortinet Zero Day Exploited in the Wild

This weeks been an interesting one, I’ve been doing quite a bit of research recently with my friend Simo from Defused defusedcyber.com. Simo has built a new emulated honeypot platform, and anyone that know’s me knows I love honeypots, deception and intel sharing to help defenders and to impose cost on the baddies! (technical terms here ok!)

Guides

Suspected Zero Day – What to do if you…

What do you do if someone says, there might be a zero day being used against your make/model of internet facing device (such as a VPN server)?

There’s always a challenge subject to the level of intelligence available about the specific scenario, the device and the way they function and the telemetry/capabilities you have.