Aaron.

Am I being Phished? Remember C.O.P.S

Hello World! A little preamble to the upcoming guide but I wanted to put out my mnemonic for spotting phishing attacks, email, SMS or voice… This is all a work in progress, but whilst it isn’t polished by any means… It’s not going to do any harm by me sharing it with you. Content/Context –Continue reading “Am I being Phished? Remember C.O.P.S”

Coming Soon – Home/Internet security guides.

Hello World! Coming soon will be guides on improving your security, soon I will take a look at protecting your accounts from takeover. Aiming these guides at the home user who is curious, I want these guides to feel friendly and to explain things from my perspective, how I do things. I don’t want itContinue reading “Coming Soon – Home/Internet security guides.”

Planes are pretty cool! – Food for thought #3.

Just a little unstructured rambling today from me, I’m sure someone will enjoy the read… I have begun reading through a 2016 thesis on Security in next-gen Air Traffic communication networks by Martin Strohmeier, it was brought to my attention regarding discussions about a possible use case for software defined radio. This isn’t anything new,Continue reading “Planes are pretty cool! – Food for thought #3.”

Here comes the “Cyber Army”.

Hello World… So the Russian government finally pulled the trigger on their invasion into Ukraine, since then we have seen information warfare erupt as the Russian dictator tries to deny any wrongdoing. But I wanted to talk about the “Cyber Army” now threatening Russian government infrastructure, not the Ukrainians in particular but the world asContinue reading “Here comes the “Cyber Army”.”

Russian Threat Actors

Hello World! Short and sweet here. With tensions between NATO and Russia rising, multiple agencies have put out advisories to keep your eyes peeled for cyber threats out of Russia. I would encourage anyone involved in security currently to view the tactics, techniques and procedures of these actors. Here’s a good report from CISA aboutContinue reading “Russian Threat Actors”

2021 – A Year in review.

Hello World! As the year of 2021 now comes to a complete closure, the effects of the new year festivities subside and teams, students and professionals sit back down in the office full time. Another year of what will surely be packed with many surprises awaits us… 2021 like 2020 was marred by the effectsContinue reading “2021 – A Year in review.”

Remote Code Execution in Java Apache Log4j 2 (CVE-2021-44228)

Hello World! The Internet was rattled the last couple of days over a new critical bug found within a very ubiquitous library, current known vulnerable versions include but may not be limited to Apache Log4j versions 2.10 to 2.14.1. Patches are now mostly available and should be installed as soon as possible, 44228 is currentlyContinue reading “Remote Code Execution in Java Apache Log4j 2 (CVE-2021-44228)”

YubiKeys!

Hello World! I finally bit the bullet and bought myself two YubiKeys and a cover for each. One for my person and one for a safe place configured as a backup. What’s a YubiKey? Wikipedia states: “The YubiKey is a hardware authentication device manufactured by Yubico to protect access to computers, networks, and online servicesContinue reading “YubiKeys!”

REvil on the run!

Hello World! Ransomware hackers and affiliates of the REvil (Ransomware Evil), also known as Sodinokibi are on the run from the feds this week, one can suspect that the US authorities have it out for them as this is not the first occasion of direct engagement against this threat actor (TA). If you follow theContinue reading “REvil on the run!”

Undetected Brute force attacks in Microsoft Azure AD.

Hello World! Recently Security Researchers have released a PoC (proof-of-concept) exploit that allows for username enumeration and password brute-forcing on vulnerable Microsoft Azure servers, more specifically Azure active directory. Is is able to do this by taking advantage of weaknesses that lie within the Autologon mechanism. Let’s do a quick breakdown on some of theseContinue reading “Undetected Brute force attacks in Microsoft Azure AD.”