Kerberoasting, a technique for offline cracking of Kerberos service account passwords in Active Directory environments, was publicly introduced and detailed by Tim Medin in his research paper and Black Hat USA 2014 presentation titled “Attacking Microsoft Kerberos: Kicking the Guard Dog of Hades.”
Read more “Kerberoasting History”
“Juice jacking” has become a modern cybersecurity myth — a catchy scare story built on a long-patched Android debugging issue and fueled by viral fear rather than facts. Despite years of warnings, there are no confirmed cases of real-world juice jacking attacks; the cost, effort, and low reward make it an impractical method for criminals. Yet the myth persists because it’s vivid, simple, and scary — everything our brains latch onto. The real danger is not the USB port at the airport, but the distraction such myths create. When people focus on imaginary threats, they waste precious attention that should go toward genuine risks like weak passwords, missing MFA, unpatched systems, and poor backups. So let’s take a bit of a deeper dive into this subject, because by it’s important to understand what to, and what not to focus on in my experience!
Read more “A threat to sanity – Cyber Myth: Juice Jacking”
Your version of Adobe Reader is outdated. To ensure the best experience and security, please update to the latest version.
Update Adobe Reader Now
Recently the Online Safety Act (OSA) has come into force, now regardless of your opinion on this, I wanted to look at some things that exist today when considering children’s mobile phone access.
When you setup an iPhone or Android phone for use by a child, you have to complete KYC with Apple and Google using an adult account which is verified by credit card/debit card.
So to get an account as a child you need the parent to set this up, link the account to the parents account and pass an element of KYC/verification including a 0 fee payment check.
What we found during recent testing is that Safe Search is enforced by default on children’s <13yo accounts. However we found that a some things that were a bit surprising.
Read more “Won’t someone think of the children!”
In the world of cybersecurity, the term Security Operations Center (SOC) carries significant weight. It evokes images of highly skilled analysts working around the clock to detect, respond to, and mitigate cyber threats. However, not all SOCs live up to this expectation. If a SOC lacks core functions like triage, analysis, assessment, and remedial action, it’s not truly a SOC—it’s merely a contact center masquerading as one. Let’s explore why these functions are non-negotiable for a SOC and why their absence undermines the entire purpose of cybersecurity operations.
Read more “Why a SOC Without Triage, Analysis, and Remediation Is Just a Contact Center”
As part of my Cyber SOC GitHub repo I’ve put together lots of resources to try and help people with some common cyber security tasks, applicable to CISOs through to SOC analysts.
I also want to highlight one of the most common incident types if you are an Office 365 customer is a business email compromise scenario, so I’ve put together a high level view of the steps you might want to take after a BEC event is discovered:
Read more “Business Email Compromise Check List”
Earlier this year I had the honour of supporting the Cyber Leadership Challenge as a judge at the BT Tower! I’ve been a judge at Cyber 912 previously but I’ve always been doing that virtually, so it was great to be able to goto the event not via a webcam! The Cyber Leadership challenge is a national cyber emergency competition for UK university students. The students work in teams through an evolving national major cyber incident, so they will likely be thinking through areas many don’t give two seconds thought to, such as:
Read more “Supporting the Cyber Leadership Challenge”
[This is why we need humans and not AI to write things!]
This is what an LLM said about my Cyber Noir game…. I think this is going to need me to write something! But that will come another day, today you can enjoy how humans are, not entirely replaced yet!
Enjoy! (perhaps just play the game!)
https://mr-r3b00t.github.io/cyber-detective
In the neon-drenched streets of Neon City, where high-tech crime and shadowy conspiracies collide, a new kind of detective story awaits. Cyber Noir Detective, an innovative choose-your-own-adventure game, invites players to step into the shoes of Riley Voss, a seasoned investigator tasked with thwarting a catastrophic cyber breach at NexCorp. This browser-based experience, crafted by cybersecurity experts at PwnDefend, blends immersive storytelling with subtle educational insights, making it a must-play for fans of interactive fiction, cyberpunk aesthetics, and digital security.
Read more “Unravel the Mystery of Cyber Noir Detective: A Thrilling Interactive Adventure”
Recently vibe coding has been the name of the game! So whilst dealing with an incident I was thinking about some of the common challenges organisations face when it comes to incident response, which led onto the broader topics of why do so many orgs either have no policies or defined processes but even when they do, people don’t follow them.
So much focus is given to cyber awareness training for ‘end users’ but not so much about training IT and business teams in how to manage incidents.
Enter: Gamified training + comic books + detectives!
Read more “A Cyber Noir Detective Game”
Incidents are a part of life, but so is understanding the scope and bounds of an incident. One subject that comes up form time to time is how to define what is and is not ‘part of the incident’. Not everyone uses the same terms, language or definitions (which is true of many things in life). But when it comes to cyber incidents on the ground, details matter, but so do decisions!
Is the role of incident response to solve all security challenges and gaps in an enterprise? Should the recovery phase mitigate all threats? should the entire business be changed due to an incident and is that the role of the response team? When do you define what is and what is not part of the response vs what is a business change project?
Read more “Avoiding an infinite incident response cycle!”