Education
Kerberoasting, a technique for offline cracking of Kerberos service account passwords in Active Directory environments, was publicly introduced and detailed by Tim Medin in his research paper and Black Hat USA 2014 presentation titled “Attacking Microsoft Kerberos: Kicking the Guard Dog of Hades.”
Read more “Kerberoasting History”
Breach
Are we stuck in a cyber world that never learns? are we doomed to suffer the same fate over and over again? Well, not if you take action, you can totally prevent events like this!
This is a fast post using an LLM to analyse the Capita redacted ICO report. Hopefully it will help people think about things and take the lessons and apply them in their own organisations.
Read more “Ransomware kill chains are boring.. will we ever learn?”
Education
“Juice jacking” has become a modern cybersecurity myth — a catchy scare story built on a long-patched Android debugging issue and fueled by viral fear rather than facts. Despite years of warnings, there are no confirmed cases of real-world juice jacking attacks; the cost, effort, and low reward make it an impractical method for criminals. Yet the myth persists because it’s vivid, simple, and scary — everything our brains latch onto. The real danger is not the USB port at the airport, but the distraction such myths create. When people focus on imaginary threats, they waste precious attention that should go toward genuine risks like weak passwords, missing MFA, unpatched systems, and poor backups. So let’s take a bit of a deeper dive into this subject, because by it’s important to understand what to, and what not to focus on in my experience!
Read more “A threat to sanity – Cyber Myth: Juice Jacking”
News
Firewalls are often both a defended gate but also the front door to access corporate network. That is all lovely until it’s not! You see so many corporate network intrusion incidents occur from threat actors simply logging into the VPN (due to lack of VPN), and then we have the software vulnerabilities where they shell their way in, but did you think that another way could be from stealing all the backups from a ‘security’ provider? Well now you might! There’s been bit of an incident (one that started as it’s only 5% of customers but actually it was 100% of customers who used the backup feature! YIKES), but before that let’s look at the typical landscape!
Read more “‘Secure’ Firewall backups, until they are not!”
Threat Intel
Shiny Hunters/Scattered spider have published a leaked download site (DLS)/extortion site etc.
This is a fast publish with content mainly generated using an LLM (GROK). This appears to relate to victims who have been victims of social engineering, it does not appear to be related to the Salesforce, SalesLoft Drift breach: https://help.salesforce.com/s/articleView?id=005134951&type=1
Education
Your version of Adobe Reader is outdated. To ensure the best experience and security, please update to the latest version.
Update Adobe Reader Now
Guides
This weekend I was running a workshop with my awesome friend James, where we were discussing the realities of wireless network security, man in the middle attacks and what we have found in the field, both from an offensive perspective and as corporate network defenders. As with all things in life, sometime reality doesn’t work quite as well as a demo! So I’ve done a quick thread on twitter showing the kill chain an adversary can deploy when attacking WPA2 PSK (without PMF enforced) networks. This is written as a twitter thread so bear with the style!
Read more “Breaching WPA2 PSK Wireless Networks”
Education
Recently the Online Safety Act (OSA) has come into force, now regardless of your opinion on this, I wanted to look at some things that exist today when considering children’s mobile phone access.
When you setup an iPhone or Android phone for use by a child, you have to complete KYC with Apple and Google using an adult account which is verified by credit card/debit card.
So to get an account as a child you need the parent to set this up, link the account to the parents account and pass an element of KYC/verification including a 0 fee payment check.
What we found during recent testing is that Safe Search is enforced by default on children’s <13yo accounts. However we found that a some things that were a bit surprising.
Read more “Won’t someone think of the children!”
Defence
The U.S. bombing of Iranian nuclear facilities on June 22, 2025, alongside Israel’s ongoing military campaign, marks a significant escalation in the Middle East conflict. While these airstrikes target Iran’s nuclear capabilities, they are unlikely to alter the broader cyber threat landscape, which remains dominated by cybercriminals exploiting systemic weaknesses in global digital security. This blog explores why these high-profile military actions, though geopolitically significant, won’t address the entrenched issues fueling cyber threats.
Read more “Why U.S. and Israeli Airstrikes on Iran Won’t Shift the Cyber Threat Landscape”
Guides
In my travels I have found it matters more how you do IT securely than how you ‘do security’. What I mean by this is, the prevailing themes of orgs recently is to bolt on SOCs/MDR and other services to a low maturity/low capability IT organisations with the hope that its magic’s all the security problems away. This sounds lovely, the salespeople will almost certainly productise your security improvement journey and make it sound like a dream.
Read more “Bolting on security does not work”