TMB

Security Engineering – A manifesto for defensive security

Published 28/06/2019 | By TMB

Presentation on the need to re-examine how we engineer systems (taking service providers as an example) and the implications on how we quantify cyber risk if we want to take this message into the board room (as given at BT’s SnoopCon 2019 and Cisco’s June 2019 Knowledge Network webinar for service providers). Continue reading →

Posted in Presentations | Tagged C-Suite, conference, CRQ, cyber risk quantification, devops, devsecops, hardening, infradev, orchestration, risk, seceng, service providers, SnoopCon, sre

So you want to build a SOC: Lessons from the front line

Published 20/06/2019 | By TMB

Presentation on building an effective operational security capability (as given at Cisco Live US/Talos Threat Research Summit 2019). Continue reading →

Posted in Presentations | Tagged blue team, conference, SOC, TTRS

Discover the secrets of the SOC

Published 18/06/2019 | By TMB

Presentation on building effective SOCs (as given at InfoSec Europe 2019 on the interactive workshop track). Continue reading →

Posted in Presentations | Tagged blue team, C-Suite, conference, InfoSec Europe, SOC

Use Infrastructure as Code they said. Easier to audit they said… (part 1)

Published 26/01/2019 | By TMB

Whilst there are some great examples of how to assess infrastructure as code dynamically with things like the Center for Internet Security‘s Docker benchmark and CoreOS‘s Clair, these kinda run a little too late in the pipeline for my liking. If we want to treat infrastructure as code then surely we ought to be performing code reviews and if we’re performing code reviews then perhaps we can perform a subset of these checks automatically pre-commit? Continue reading →

Posted in Blog | Tagged auditing, devops, devsecops, infradev, orchestration, seceng, secops, sre, training

An offensive introduction to Active Directory on UNIX

Published 06/12/2018 | By TMB

By way of an introduction to our talk at Black Hat Europe, Security Advisory EMEAR would like to share the background on our recent research into some common Active Directory integration solutions. Just as with Windows, these solutions can be utilized to join UNIX infrastructure to enterprises’ Active Directory forests. Continue reading →

Posted in Blog | Tagged analysis, auditing, Black Hat Europe, blue team, conference, exploit, hardening, red team, root, training, UNIX, Windows

Where 2 worlds collide: Bringing Mimikatz et al to UNIX

Published 06/12/2018 | By TMB

Presentation on Active Directory integration solutions for UNIX (as given at Black Hat Europe 2018). Continue reading →

Posted in Presentations | Tagged analysis, auditing, Black Hat Europe, blue team, conference, exploit, hardening, red team, root, training, UNIX, Windows

The importance of logs: You won’t see what you don’t log

Published 31/10/2018 | By TMB

Presentation on logging and auditing strategies (as given at Secure South West 11). Continue reading →

Posted in Presentations | Tagged blue team, hardening, red team, SecureSouthWest, training

Web Application Whitepaper

Published 06/09/2017 | By TMB

This document aims to analyse and explore data collected from technical assurance engagements during 2016. Continue reading →

Posted in Whitepapers | Tagged analysis, HTML5, SDL, training, web

Exploring Windows Subsystem for Linux

Published 27/07/2017 | By TMB

Whilst there has been quite a lot of analysis of Microsoft’s new Windows Subsystem for Linux (aka WSL or Bash on Ubuntu on Windows) and how it functions (particularly from Alex Ionescu), most of this has focused on how it affects the Windows security model. Being a keen UNIX focused researcher, I decided to take it for a spin. Continue reading →

Posted in Blog | Tagged analysis, Linux, root, Windows

padmin to root: Roles on AIX

Published 02/10/2015 | By TMB

Following a recent post from a consultant at IBM discussing how how privileged access should be performed on VIOS, I figured it was time to share some of our research in this arena. Those of you that are regular readers will know that I love root. For those of you that are new, welcome aboard. Continue reading →

Posted in Blog | Tagged AIX, analysis, auditing, exploit, root, UNIX