decrypt[.]fail

This post tries to summarize the key steps to take for an effective Privilege Access Management program. Segmenting Privileges in an Active Directory based IT infrastructure is a key defense strategy against automated as well as human operated Ransomware attacks.

Key Challenges:

  1. Domain Admin group members have global privileges
  2. IT staff has local Admin privileges on all workstations
  3. The local Administrator account has the same password on many/all systems
  4. Passwords of highly privileged accounts aren't rotated frequently
  5. IT staff's normal user accounts have high privileges

The problem with the above is not that IT staff will misuse these privileges – The problem is rather that if one of the IT staffs' privileged accounts is compromised, adversary can laterally move very easily and quickly create a lot of damage (like encrypting all the systems they get access to).

Let's look into mitigating strategies for the above 5 Challenges!

Read more...

The Fediverse is a vastly different place than Twitter. Functions like the Local Timeline and server announcements in Mastodon create communities that do feel way more like real communities than let's say #infosec Twitter.

Things are just more civilized on Mastodon.

However, there are users on Mastodon, who use cross-posting integrations to toot all their Twitter tweets to Mastodon. With that the following issues arise:

  1. High frequency tweets flood the otherwise civilized Local Timeline of the user's home instance.
  2. The Mastodon user account becomes more or less a Bot – You cannot interact with it because the actual human never logs into Mastodon to check notifications there.

For the above reasons I have decided to limit such user accounts on the two instances I'm responsible for going forward. Below is a description of the 'Limit' moderation action.

Read more...

As a fellow #infosec practitioner I enjoy maturing the Cyber Security capabilities of the organization I work for. And as we make progress almost every day, I keep thinking about what the perfect state will be like and whether a state of perfection can ever be reached.

So, what does a perfect state of Cyber Security Operations look like?

Read more...

Modern ISPs will automatically provide your home devices with IPv4 and IPv6 addresses. For the privacy minded that means that you have to mask both IP addresses to properly hide your geo-location. Most VPN clients only take care of your IPv4 address – Therefore, you might want to disable IPv6 on your device.

On my main personal laptop I'm using Debian 10 at the moment, so here are the steps to disable IPv6 on Debian 10:

sudo nano /etc/sysctl.conf (at the end of the file add “net.ipv6.conf.all.disable_ipv6 = 1”)

sudo sysctl -p

This post stores notes about my latest #linux laptop setup based on Manjaro i3 (community edition).

Read more...

If you are experiencing issues with email delivery for new registration confirmations or other notification emails, here are some things that might help:

  1. Review Logs with...

    > sudo journalctl -u mastodon-sidekiq | grep -i smtp

  2. Try sending an email using your mastodon settings on SSMTP (https://linuxhandbook.com/linux-send-email-ssmtp/)

  3. Reach out to your hosting provider and ask whether they are blocking SMTP by default (to prevent email spam)

  4. Search Mastodon Admin forum at https://discourse.joinmastodon.org

#decentralization

In the last couple of months I have spent a good amount of time reading, trying out, and thinking about decentralized social networks on the Internet. This post summarizes my understanding of the three different types I have come across.

Read more...

#infosec

It probably is a good time to share books worth reading – Below you can find my favorite #infosec books.

Sandworm (Andy Greenberg)

Sandworm (Amazon) is currently my favorite because it gives you an understanding of nation-state actor capabilities. It gives you good reasons for making excellence in cybersecurity a habit and not an act.

The Cuckoo's Egg (Cliff Stoll)

The Cuckoo’s Egg (Amazon) I like because it plays in a time that is so long ago with inferior tech and is a good reminder that things used to take forever. Today we do so many amazing things in a matter of minutes or hours (our adversaries do too) that we forget about all the little details that have been automated by tech.

Cult of the Dead Cow (Joseph Menn)

The cult of the dead cow (Amazon) is a book that explains a lot about the hacker culture in the US. This one might be a little nerdy but also gives some insight on how the US government came to understand cybercrime.