Paper: Thematic for Success in Real-World Offensive Cyber Operations – How to make threat actors work harder and fail more often

tl;dr Today we've released a whitepaper on the key techniques that continue to enable us to breach the largest and most sophisticated organisations on the planet. Organisations that prioritize these areas, and the mitigations we outline, will thwart attacks while making threat actors work harder and ultimately fail more often. Objective The purpose of this … Continue reading Paper: Thematic for Success in Real-World Offensive Cyber Operations – How to make threat actors work harder and fail more often

Crave the Data: Statistics from 1,300 Phishing Campaigns

tl;dr 1,300 phishing campaigns were analysed involving over 360,000 usersTargets in Charities to be over 3 times more likely to click than the Health SectorHowever once clicked half of all targets were likely to supply credentials regardlessBest case 1/10 of targets will click a linkBest case 1/20 of targets will supply credentials Background Our hypothesis … Continue reading Crave the Data: Statistics from 1,300 Phishing Campaigns

Introduction to Anti-Fuzzing: A Defence in Depth Aid

tl;dr Anti-Fuzzing is a set of concepts and techniques that are designed to slowdown and frustrate threat actors looking to fuzz test software products by deliberately misbehaving, misdirecting, misinforming and otherwise hindering their efforts. The goal is to drive down the return of investment seen in fuzzing today by virtue of making it more expensive … Continue reading Introduction to Anti-Fuzzing: A Defence in Depth Aid

Visualising Firewall Rulesets – Simplifying Firewall Administration and Spotting the Pivot Point

Managing firewall rulesets in any moderately-sized environment can be a complicated task. As IT infrastructures perpetuate change, firewall rules often become more complicated, overlapped and difficult to manage. We've been working on a prototype of a tool which seeks to provide more assurance over firewall rulesets; by providing better insight through visualising the paths through … Continue reading Visualising Firewall Rulesets – Simplifying Firewall Administration and Spotting the Pivot Point