We are back! We didn’t go anywhere we have just been busy like everyone else. Today, we carry on my favorite miniseries of the best way to not get eaten is to not look like food; proverbially of course. Part 2 of this is regarding critical asset protections. This includes, but again not limited to, domain controllers and critical asset backups, business continuity planning, ... READ MORE
Blog
All quiet on the western front (for now)
Over 100 years ago, the Great War was being waged in what is now central and eastern Europe, along with Russia. During the “war to end all wars,” the world saw significant technology changes that brought new, and often terrifying, ways to inflict damage on people and countries. Fast forward to early 2022 and the Russia-Ukraine war, where we are seeing another wave of ... READ MORE
CVE 2022 30190 “Follina”
Have you ever had to download a Microsoft Word document from a co-worker, friend, family member? I know I have. Now imagine you think you receive a Word document from your boss titled “New Promotions/Raises”. Without thinking, you go to download and access the file, and then a weird window pops up about Microsoft Windows Diagnostic Tool. The document is blank, which is weird, ... READ MORE
CISA Issues Rare Directive Regarding VMware Exploits
In a directive posted on May 18, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) declared that all Federal Civilian Executive Branch agencies were required to perform actions on several VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation vRealize Suite ... READ MORE
Lateral Movement with Low Privilege Shell for Red Teams
After hours of OSINT (Open-Source Intelligence) and social engineering campaigns, your Red Team has finally obtained the coveted internal shell. The username, IP address, host and operating system information populates your (Command and Control) C2 framework interface, and a new stage of the engagement begins. But now that you have the shell, where do you go from here? Truth ... READ MORE
CVE and CVSS scores: Making Vulnerabilities Make Business Sense
Late last year, news spread in the cybersecurity community about the zero-day Apache Log4j vulnerability. This vulnerability was somewhat unique—it was dangerous enough to warrant breathless news coverage, causing concern far outside of cybersecurity circles. RSM’s advice for organizations affected by the vulnerability was simply, “Drop everything and fix it. Now.” That level ... READ MORE
Scam Calls and Manipulation: How to Recognize Suspicious Content
The experience is almost universal—you notice an unknown, but not entirely unfamiliar number flash across your screen during your workday. Because the number shares an area code with your location, you assume that you’re finally receiving a follow-up from your mechanic, or your doctor’s office, or your banker. When you answer, the voice on the other end (often automated) ... READ MORE
Russia Ukraine Conflict Observables
With the rise of cyberwarfare against Ukraine and Russia, one could agree that there could be potential blowback from the sanctions that the United States has placed on the country of Russia. Some of the attacks that have been observed against Ukraine are attacks that include data wiping malware, such as HermeticWiper, Whispergate, and IsaacWiper. There have also been ... READ MORE
Wi-Fi Security and Design Considerations
When wireless networks are created and designed in the modern enterprise, security for these networks is necessary, but so is ensuring the business requirements are aligned. Everything from antenna placement, conducting site surveys, antennas used, supported cipher suites, authentication protocols, and the EAP type used can all play a role in the security of a ... READ MORE
The easiest way to not get eaten is to at least try to not look like food: Hardening attack surfaces – Part 1
This will be a miniseries of posts; this is part 1 of 4. I was advised by a leader long ago in my consulting career to never do “Free Consulting.” I still strongly believe in that sentiment today, but there is also a part of me that wants to give back to the community, and this post is my and RSM Defense’s way of doing so. I also strongly believe that in 2022, threat actor ... READ MORE