Blog – PwnDefend

Vibe Coding Tools & Educational Cyber Games

Over the last month I’ve been using GROK heavily to see if it can be used to create products and services to help people with cyber security challenges. Now you might wonder how far you can get with notepad (ok I used vscode because I’m on a Mac right now!) and GROK. Basically I’ve not written a single line of code! Not one! Do you want to see what mrr3b00t + AI has created?

Leadership

What if breach communications were honest?

Armed with my trusty sidekick, this morning I thought I would see what an LLM would make if I asked it to create public comms for common cyber incidents…. for basically every scenario… it really wanted to tell everyone no data was accessed! Which is amazing, because in almost every incident I’ve seen: Data is accessed!

In a business email compromise (BEC) scenario…. the clue is in the name, it’s already a compromise of confidentiality!

Threat Intel

The Com, 764, and Associated Groups

In evaluating capabilities for LLMs (AI) recently, I’m looking at the viability of creating more content with them. I’m explicitly calling out where I do, aside from my writing style, I’m also keen to show the pros and cons. Do LLMs replace humans? Not from my experience so far. I’ve been looking at combined physical + digital attacks recently and the associated threat classes… I’m trying to avoid the word group or gang, because collectives are slightly different and are dynamic, almost mission focused if you will.

Threat Intel

An evolution of threat actor

Motivation and a diverse network of people and capabilities can go a long way, then add in digital skills and winning steak… and you have: scattered spider!

There’s a big difference between zero day spraying the internet and planting webshells or copying someone’s open S3 bucket and say…. doxing staff, their families and attacking them and their assets in the real and digital worlds.

I think people won’t broadly grasp the effects that can be achieved (harm) when the adversary is motivated, dedicated, capable, resourced and has very little moral qualms.

There is no magic bullet to defend against an adversary like this, you need a whole of organisation defence (and to pursue even more than that!).

Fiction

Getting to the coffee shop like a SPY

Chances are, no one’s actually watching you — but in a world full of cameras, phones, and digital breadcrumbs, it’s smart to know how to move with a little more privacy. Whether you’re heading to your favorite coffee shop or just want to practice slipping through the city unnoticed, this guide will help you stay low-profile without going full secret agent. It’s about blending in, being unpredictable, and keeping your personal movements personal — all without looking over your shoulder every five seconds. Staying aware doesn’t mean being paranoid — it just means being prepared (and maybe a little cooler than the average pedestrian).

Defense

Password Reset Defence Check List

Using AI feels great sometimes and then empty others, this was created in seconds, it’s fine, it works.. but it has no soul! But who cares about soul when it’s a check list right? The more fundamental question is, do you have the policies, processes and procedures to defend against social engineering attacks against password resets? If not, perhaps this may help.

Threat Intel

Defending Against Scattered Spider

Defending against different skilled threat classes is an important thing to consider when you are planning, designing and operating a business. I’ve used GROK (AI) to create an html page which has both information on the kill chains, but also looks at countermeasures. I’m experimenting lots with VIBE coding and LLM assisted content generation so hopefully this proves useful. I do feel it needs a more human touch added as well… but let’s see! life without experimentation would be dull would it not!

Can AI replace intelligence analysts?

Ok, it’s late, and well I wanted to look into cyber attacks where social engineering is a key component combined with technical hacking skills.

There’s been a growing number of these style events, so I tasked GROK to create an assessment for me, let’s see how it did! Let’s both try and answer the questions:

Can GROK replace intelligence officers and can GROK help us defend better against social engineering + technical attacks? What do you think? (please take all of this with a pinch of salt… LLMs are known to make mistakes/hallucinate/lie in a very convincing manner)….

they look nice…. but looks can as we know, be deceiving! (is the entire blog just a social engineering experiment by me?)

News

Using AI to analyse cyber incidents

Currently there appears to be a relatively significant cyber security incident at Marks and Spencer. So I thought I would give a demo of using AI (LLM, GROK) to create a timeline:
(since this is generated by an LLM please take this with a health pinch of salt, I wanted however to show the actual content and method I’ve used so people can understand it)

Defense

Minimum Data Requirements for Investigating Email Mailbox Compromise

When a suspected email mailbox compromise is reported, initiating an investigation promptly is critical. However, to ensure the investigation is effective, certain minimum intelligence requirements must be met. This blog outlines the bare minimum data needed to start investigating a suspected email mailbox compromise, whether the intelligence comes from an internal team or a third-party source.