Hello World! Recently a vulnerability has been discovered in everyone’s favourite terminal emulator.(That is, if you dont use Solar-PuTTY.) The run down in a bitesize chunk is that a faulty implementation of cryptographic techniques, leads to an ability to recover a users private key. Specifically a NIST P-521 private key, potentially giving an attacker the abilityContinue reading “CVE-2024-31497 – PuTTY Key Recovery Attack.”
Category Archives: Cyber Security
We are back!
Hello World! I have returned from my sabatical! Coming soon will be a new gear review on the GL.iNet GL-X3000NR! It’s noted that the previous review on the LinkSprinter has become the most viewed post on this site. Additionally coming soon will be an introduction to RINA. Recursive InterNetwork Architecture model networking model, but oneContinue reading “We are back!”
Con games: How do they do it?
Hello World! So, this is going to be a fun one. Lots to cover as we jump into what social engineering is and why it works. Let us get started by listing the names that we give to these types of attacks. There are many terms used somewhat interchangeably, they include but are not limitedContinue reading “Con games: How do they do it?”
Hertzbleed (CVE-2022-23823 and CVE-2022-24436)
Hello World! On June 14th 2022, a new family of side-channel attacks, frequency based, were disclosed to the public. The method is quite technical and above my level of understanding in places, additionally there isn’t anything the majority of people need to do. BUT! There is a way this has potential to affect many peopleContinue reading “Hertzbleed (CVE-2022-23823 and CVE-2022-24436)”
TryHackMe h4cked – A Guide.
This is an easy room on TryHackMe, consisting of an analysis of a simple attack and using the attackers’ own methods to break back into the machine. You won’t find any flags here, or in any of my posts. If you already know what to do and are using this for easy answers, then youContinue reading “TryHackMe h4cked – A Guide.”
1 Year! – Learning together.
Hello World! It’s been over a month since my last post, it’s been busy. A constant desire to learn new things is something that can be hard to manage. Without a main goal it can be hard to choose the path you want to take, and this industry is truly endless. Off the back ofContinue reading “1 Year! – Learning together.”
MITRE ATT&CKcon 3.0
Hello World! A very brief post, over the last couple days I attended ATT&CKcon 3.0. It was full of brilliant talks and interesting people. A talk from educators in the social sciences sector and their students from high school to postgrads. Demonstrating a social engineering attack and mapping it to the matrix, that was oneContinue reading “MITRE ATT&CKcon 3.0”
Multi-factor authentication: What’s all the fuss?
Hello World! Here it is, what all the cool kids are talking about… even a passwordless future. The things these security keys can do in the way of certificates and biometrics are evolving with increasing pace. They will very likely become a primary authentication method soon. But that’s not now… I’ll start by giving theContinue reading “Multi-factor authentication: What’s all the fuss?”
Backup codes!
Hello World! Building on my misconfiguration of security keys, I had to use a backup code for the first time ever today. I cannot stress enough the importance of these codes for your accounts that have multi-factor authentication. Write them down and keep them in a safe place, they could really save your skin. EspeciallyContinue reading “Backup codes!”
That wasn’t supposed to happen…
Hello World! I’ve successfully broken a YubiKey and locked myself from the accounts, it’s not completely broken it just needs to be reset but what a pain in the backside. This is why I have my backup key, meaning this is nothing but an inconvenience to me. I was trying to setup my YubiKey withContinue reading “That wasn’t supposed to happen…”
AACYBER 