infosec - Jonsdocs

Tagged

infosec

A collection of 44 posts

(ISC)² Security Congress 2021 - day one

Security Congress 2021

(ISC)² Security Congress 2021 - day one

My reflections on the first day of the (ISC)2 Security Congress conference.

Playing with honeypots: part 4

Playing with honeypots: part 4

Looking at a different attack on the honeypot I investigate an attempt to deploy a crypto currency miner.

Playing with honeypots: part 3

Playing with honeypots: part 3

Having built a honeypot and published it to the Internet, it's time to see what the attackers tried to do.

Playing with honeypots: part 2

Playing with honeypots: part 2

I build my honeypot in Microsoft's Azure cloud using open source software.

Playing with honeypots: part 1

Playing with honeypots: part 1

Let's look at what honeypots are, and why we might use them.

Receiving a security disclosure for an old subdomain

Receiving a security disclosure for an old subdomain

After receiving a security disclosure from a security researcher I knew I needed to investigate.

Wargaming: running incident response plan tests - part 3

Wargaming: running incident response plan tests - part 3

Part two finished with our defenders heading in the right direction to find the simulated infection. They'll have used a combination of tools in order to get this far, likely including firewall and network logs. As a reminder, for this exercise there was a simulation running that reached out to

Wargaming: running incident response plan tests - part 2

Wargaming: running incident response plan tests - part 2

The time has come to run your wargame, let's look at what happens on the day itself.

Wargaming: running incident response plan tests - part 1

Wargaming: running incident response plan tests - part 1

Cyber exercising is important for checking how a team responds to an incident.

The dangers of default credentials

The dangers of default credentials

Default credentials are useful for logging in to systems initially, but shouldn't remain in place afterwards.

Hacking my old blog: part 4, security fixes

hacking my old blog

Hacking my old blog: part 4, security fixes

To finish off the series, I discuss some of the mechanisms that could have been used to protect my old blog.

Hacking my old blog: part 3

hacking my old blog

Hacking my old blog: part 3

The final post in the attack phase of this series.

Hacking my old blog: part 2

hacking my old blog

Hacking my old blog: part 2

Let's get into the admin panel...

Hacking my old blog: part 1

hacking my old blog

Hacking my old blog: part 1

A dig around my old blog to see if I can hack it.

Dealing with low hanging fruit

Dealing with low hanging fruit

Deal with the easy quick wins before you have an external testing team perform their audit.

My CISSP experience

My CISSP experience

In early September 2020 I studied for the CISSP at an intensive six day course.

"We have conducted a review to ensure this never happens again"

"We have conducted a review to ensure this never happens again"

If you're going to claim to have "conducted a review" you need to make sure your response is appropriate and useful.

Passwords as technical debt

Passwords as technical debt

Passwords aren't going away...

Dealing with Ransomware - a real life tale

Dealing with Ransomware - a real life tale

Thinking clearly during a ransomware attack is key, helping to save your data.

Permissions vs authority

Permissions vs authority

A discussion of the differences between "having permissions" and "having authority".

Why we chose OAuth for eVitabu

Why we chose OAuth for eVitabu

User authentication is an important consideration when designing any system. Here's how we decided to use OAuth for eVitabu.

Towards a safe and secure smart world (conference)

Towards a safe and secure smart world (conference)

A summary of my key take aways from January's conference.

Learning from cyber attacks

Learning from cyber attacks

Cyber attacks are a regular occurrence, and it's important that we learn from them.

Reusing paper - good for the environment, risky for privacy

Reusing paper - good for the environment, risky for privacy

It's important to review the paper you re-use to avoid leaking confidential information.

Delegated trust vs Web of Trust

Delegated trust vs Web of Trust

The difference between the web of trust and delegating your trust to a third party.