A post from my “In the Darkened Room” series, a personal look at cheap penetration testing and why it might, or might not, be a good idea. As the owner of a penetration testing company I receive, almost daily, requests to “sharpen my pencil” or “give me your best price”. When I started back in […]
Very soon, sometime around mid-September 2020, we will be making the road trip of a lifetime. We are moving our lives from the UK to southern Spain. What better way to do that than in a trusty VW Caravelle? Well ok, it is a VW Multivan that I purchased from a chap in Germany. Built […]
Fun stats & facts of 6 months of security consulting in the gig economy. The most common request is to “pentest” a platform or application that does not belong to the requester. The second most common request is to write up papers for the requesters security degree or high school course. Over the six months […]
Last week saw yet another company hit by the hacking group Maze. It seems that every week the group are announcing more victims. “The Maze ransomware was discovered on May 29th 2019 by Jerome Segura. Maze is a complex piece of malware that uses some tricks to frustrate analysis right from the beginning. The malware […]
IMPORTANT This post is written for those who need or have to use Zoom. It is written to help those people use Zoom safely. If you are in the Cyber Security Industry and you wish to comment on why you should use X or why China is the enemy, this is not the place. Please make a post of your own […]
Looking back, it came as no surprise that last week took a toll on me mentally, and I had a bad day. It is now Saturday morning, its 5 am, and as I am up (babies are awake and playing), I thought I would pen this little article so that it might bring help to someone else. This is […]
Remote working considerations for the current pandemic situation. We all need to be taking remote working considerations. While adjusting the work paradigm, it is vital to keep a mind’s eye on the security and safety of the businesses information assets. 4 Remote Working Considerations There are four things to really take into account. Remote working is often perceived as a security risk but done well; […]
With the current pandemic situation, we all need to be taking remote working considerations. While adjusting the work paradigm, it is vital to keep a mind’s eye on the security and safety of the businesses information assets. What business leaders should be considering while they complete rapid deployment of remote working? There are four things […]
It has been a long two weeks and there is a lot to document but I am taking a few minutes out to have a quick word about passwords. First lets just set out the definition of a password. A password is a basic security mechanism that consists of a secret passphrase created using alphabetic, numeric, alphanumeric and symbolic characters, or a combination. […]
IT DOES NOT MATTER HOW SECURE YOU ARE, IF YOU USE SERVER 2008 Hello folks and welcome to the fourth mini paper in my series “from the darkened room”. This mini paper is looking at what actually goes into the reconnaissance part of a penetration test here at Hedgehog, and how the recon phase alone meant game over on a test. […]
The second post in my series from the darkened room; sometimes I walk away. This engagement was a pure web application penetration test. The new client was an online retailer and the story starts and ends at the pre-test phase. They contacted us to perform a web app penetration test against a single URL. They initially wanted to spend no more than two days on the […]
ADVANCED PENETRATION TESTING – WHEN THE WORLD CRASHES DOWN Can a seasoned security professional beat the world’s best security software and mitigation? This job certainly found out. It also demonstrated well the difference between a vulnerability scan and a penetration test. The client had spent three years relying on a “market leading” vulnerability scanner to identify all their security weaknesses. What it didn’t spot was, well, all their […]
A few days ago I decided to write a regular monthly piece on mental health in racing and Cyber Security. Before I do that though, I though I would give you all a bit of background on why I became a trustee. In motorsport we are blessed with a massive number of volunteers. Without them […]
I say it often, and I mean it everytime. Be careful what you click on. Ok, so how the heck did my card get details get stolen and used for online gambling? It was a Wednesday morning. Up early as ever and had a need to buy some trophies for our charity hill climb event […]
Hey, didnt I write something like this last year? Well, yes, I sure did. Originally this piece was titled “So you want to be a pentester” and was writing because I get asked a lot by people society see’s as fringe humans how to get into the coolest and best industry in the work. Please […]
The KRACK Attack Details were released publicly on the morning of Monday 16th October 2017 (see https://www.krackattacks.com/ ) of a newly-discovered and serious vulnerability in the WPA wireless network security protocol. This exploitable flaw has been dubbed the KRACK Attack (Key Reinstallation Attack). Since the vulnerability disclosure our researchers, Matthew Bowers and Peter Bassill have been researching […]
2016 was a black year in the calendar of data breaches. With countless websites and applications being breached, user’s details were made available online. Of the reported and published breaches, over 1.167 billion user’s details were leaked. Over halfway through 2017 and that figure is close once again. Each year the UK government surveys the […]
Over the past weeks there have been a number of interesting articles on cyber attacks on commercial vessels. Many contain very little detail. All of these stem from the recent cyber attacks which have, understandable, got people a little worried. These recent cyber attacks are, as I and others have been trying to tell people, […]
Acting as Chief Information Security Officer for a number of firms can be fun and stressful. Regardless, my 5 ways of staying secure don’t change much. Here they are: Don’t publically punish people for getting it wrong, publically praise them for getting it right. Get systems in line with Cyber Essentials Plus, done properly it […]
Over the past months I have been thinking a lot about the best way for the SME to get secured. So a great starting point is a few “x Steps” articles, little things that can help the SME, and big business, be secure. Passwords How many times have you heard people say “use a different password […]
Every year most businesses go through some form of penetration test and typically within a few minutes of being on site I can make a reasonably good prediction as to what I will find. So I thought why not create a quick post on Top 5 Ways to Annoy a Pentester. Very useful to all those […]
Every morning my first job of the day over a nice cup of coldbrew coffee is to go through the emails received over night. Occasionally I find a gem in the midst of the noise received from the internets. This morning I received the following email in the Security Operations mailbox: A spotting the spelling […]
For a long time I have been advising clients, friends and the business community on how to avoid falling for phishing attacks. Even the banks have got in on the act now with some rather good TV ads. Nether the less, phishing attacks works, especially when done well. Last week I received this: The Baited […]
Ingredients Butter Drizzle of olive oil Pinch of parsely Chopped Tomato Your favourate steak rub 1 Ribeye steak, 1 inch thick 1 Onion, sliced thin Method Season steak with your favourate rub for an hour. In a small bowl, mix some butter and 1 teaspoon of your favourate rub.Transfer butter/rub mix to a sheet of […]
The hottest of hot sauces Habanero Peppers – 40 Serrano Chili Peppers – 4 Jalapenos – 3 Garlic Cloves – 10 whole Vinegar Distilled – 1 cup Water – 1 cup Olive Oil – 3.4 Tablespoons Lemon Juice – ½ cup Molasses – 2 Tablespoons Smoked Paprika – 1 Tablespoon Kosher Salt – 1 teaspoon […]
Ingredients 3 tablespoons vegetable oil 1 teaspoon minced garlic 1 1/2 cups of finest tomato ketchup 6 tablespoons cider vinegar 1/2 cup water 2 tablespoons Worcestershire sauce 1 teaspoon sweet paprika 1 bay leaf 1/4 teaspoon Tabasco sauce 1/4 teaspoon cayenne pepper 3 tablespoons lemon juice 4 tablespoons butter 3 tablespoon honey Method Heat the vegetable oil in […]
Ingredients 2 cups vinegar 1 cup olive oil 2/3 cup Worcestershire sauce 1/2 cup water 2 lemons pulped 2 tablespoons of Lesters mum’s hot sauce 6 crushed bay leaves 2 cloves garlic, smashed or minced 1 tablespoon smoked paprika 1 tablespoon chili powder Method Place all ingredients in a large pot and bring to a boil. Reduce […]
Ingredients 1 1/2 cups of the finest tomato ketchup 1/2 cup cider vinegar 1/2 cup sugar 1/2 cup water 2 tablespoons Worcestershire sauce 1 tablespoon chili powder 1 teaspoon cumin 1/2 teaspoon cayenne pepper Method Mix together the ketchup, vinegar, sugar, water, Worcestershire sauce, chili powder, cumin and cayenne. Gently bring to a low simmer and then […]
Not a fan of store brought. So I make my own. Ingrediants Potato Diced hard boiled eggs Mayonnaise Mustard Salt Pepper Method Peel and chop potatoes to 1/2 inch cubes. Add the potatoes to a large pot and cover the potatoes with water, bring this to a boil and let the potatoes cook to soften. […]
I am not a fan of store brought coleslaw, i find it too greasy and tasteless. Ingredients Chopped cabbage and carrots 1/4 cup mayonnaise 1/4 cup sour cream 1 tablespoon apple cider vinegar 1/2 tablespoon sugar 1 cup blue cheese crumbles a pinch of salt a pinch of pepper Method Mix the mayonnaise, sour cream, apple cider vingar and sugar […]
Very simple, easy to make, pulled pork. You really want to take some time, go to a skilled local butcher (avoid those darn supermarkets, the meat isn’t the best). For a typical shoulder, expect a cook time of around 2 hours per pound. Ingredients Pork Shoulder, as big as you like. Method Trim of the […]
This is my variation on a Texan bbq rub. It is great on chicken and pork. Ingredients ¼ cup light brown sugar 1 tbsp smoked paprika 1 tsp ground cayenne pepper 1 tsp chili powder 1 tbsp salt 1 tsp garlic powder 1 tsp onion powder 1/2 tsp ground black pepper Method Mix all together and store in your rub shaker.
Ingredients ½ cup brown sugar ½ cup paprika 1 tablespoon black pepper 1 tablespoon salt 1 tablespoon chili powder 1 tablespoon garlic powder 1 tablespoon onion powder 1 teaspoon cayenne pepper Method Put it all in a bowl, mix very well, then store in your rub shaker.
1 cup course salt 1 cup course pepper Thats all she wrote folks.
My preferred brisket rub Ingredients 5 tablespoons paprika 3 tablespoons salt 2 tablespoons garlic powder 2 tablespoons onion powder 1 tablespoon black pepper 1 tablespoon dried parsley 2 teaspoons cayenne pepper 2 teaspoons ground cumin 1 teaspoon ground coriander 1 teaspoon dried oregano 1/4 teaspoon hot chili powder 1/2 cup brown sugar Method Mix together and stored in […]
A quick and simple backup script. The source of this is from Voorburg here: https://voorburg.home.xs4all.nl/backup.html
A quick shell script to auto-connect openvpn to your VPN. You just need to ensure that your autologin configured .ovpn file is saved in /etc/openvpn and rename replaceme.ovpn in the script to the name of your config file.
A short script to deploy hardened Apache2 on Ubuntu 18.04 LTS
A short script to harden SSH
Short script to output the state of a system.
A short script to install OpenVAS on Ubuntu 18.04 LTS.