Blog 3 — The Art of Cyber Tech

03.24.2025 The Art of Cyber Tech

If anyone spends any time in. the red-blue team activities or even the black-gray-white-hat areas, you may have noticed that there are not a lot of pen testing tools around files. Some monitoring tools will have detection rules for downloads and uploads of files. They may have detection rules that say user bob1 downloaded 11 files from SharePoint or OneNote, and say that extra file is X% more than the rule was set for. And what do you do with that other than contact the user? If the user says no and some hacker stole files, it is kind of like counting how many chickens you have left after the fox had visited. For defense against file theft, you have to created the good defenses from the outside in. You need some DLP tools to help prevent files leaving the coupe. And have good internal ACL controls and isolation of critical information sources. Because if you look at the penetration tools. included in/with Kali Linux, there are really no tools for accessing files. The core reason is if you get inside the hen house in root ways, no tools are needed but copy. There is the old joke of the dreaded right click attack when some is both an AD and WMware admin, you could steal all of AD with a right click and copy. Alot of all that is because in most orgs minds monitoring tools to. guard entry into the hen house is the same as internal controls. DLP seems like a nice thing to get too later. Once inside the hen house the fox only has to grab and run.

03.05.2025 The Art of Cyber Tech

There is one major difference between the hacker and the organization, hackers are very hands on and businesses want set and forget. The average CISO wants a handful of silver bullets where they pay a vendor to. man the watchtower watching for an attack. That remains the case even though most hacks into and organization go undiscovered. We separated ransomware other hacks because how each is conducted. But hacks, into a business are most often finding an unknown weakness. Before Log4J no security app scanned for that. There was no event being written to event logs (though most people don’t know how EDR’s work). Nonetheless, companies pay for solutions they want to turn on and wait for email alerts and notices from the vendor. Half of that is too many tasks and too little time, and, being UI junkies. And it takes time and effort to learn how things work under the covers, so wanting a tool to tell you there is an event comes with the issue. Cyber security is a lot about knowing what your treasure is; what hackers will try to steal, and what is abnormal-normal in your environment. And each environment is different. The security tools you can buy shoot to cover the most common things. In your company the weak links are not likely to be the common things, so, vendors solutions are less likely to cover you. I know it is a hard pill to swallow. No one wants such an open ended set of tasks. It is easier to tell ourselves we can pay some money and not have to worry about security. But the hands on is where the hackers live. They get into the weeds looking for a weakness and exploit it. And they use the same tools white hat admin use to redefine their hacks until it goes undetected.

03.03.2025 Blog 3 Scott Steenburgh

Sabotage in the Kingdom…..sometimes when tech people stay in the same company and role for too long, they start to feel a sense of ownership. They start to forget that they work for an organization, an organization that has goals and objectives. We get to a place where our own preferences seem to us to be the same as the organizations. Though that is rarely the case. But we tell ourselves what is right for me must be right for everyone, why else would I what I do if it was not right? Then is some cases a peer or someone in another department does something we disagree with, so we throw them under the bus. We willfully cause them to fail. All the while we believe that action does no harm to the organization. The loser broke our rules after all. Sometimes when I have seen this happen and it comes to light with the leadership, the tech admin are shocked negative reactions came back to them. And again this happens when we are in the same company doing the same role for too long. That builds complancancy. It becomes a loop where we say I must be right because I have been here 12 years. If I were wrong sabotaging someone, I would have been booted out a long time ago. Such behavior is hart to see and clearly see. That means organizations have to always build a team culture of what is good and what is bad behavior towards each other.

01.17.2024

Technology has since 2007, sped up to such a rate that some projects can be behind before they are completed. Given the reality of FY and budgeting, the approval cycle can last longer than it takes to start buying and deploying a solution. Then if we guess wrong on the technology, it cannot be easily undone. This has been happening often the last 5+ years. IT makes a choice and maybe the vendors sales team stretched the promise a little, then you realize the mistake. But, likely we have a 3 year deal (to make the budget work), and CIO/CISO are on the hook, so you live with it. In the meanwhile, the right solution keeps evolving. By the time we get to where the wrong choice can be replaced, everything has changed. The first thought to getting around this is to view the tech we use as part of the business processes. And the leadership team needs to buy into that. At the very least we all have to give the speed of technological a good deal of respect. We cannot think it is a basic tool, like a printer. It is not often that companies factor how fast tech changes. Perhaps we need to do that.