Firstly, if you haven’t updated Google Chrome on all your devices, go and do so. Whilst the headlines around CVE-2026-0628 have mostly been exaggerated fearmongering, it has raised a very serious issue for administrators - do you let users install whatever browser extensions they want?…
Continue reading...This week I’ve been focusing on reviewing multi factor authentication, particularly in a Microsoft environment. I’ve learnt a lot about session binding, and about how both Microsoft and Google and protecting users in the background. It’s cemented my belief that personal devices are the biggest…
Continue reading...This is a short one just to document a really useful command. Packet capturing is obviously a major tool in the arsenal of both cyber security analysts and network administrators, and Wireshark is normally my go-to for that. But, I had scenario where I had…
Continue reading...In previous posts we looked at different authentication methods and evaluated their strengths and weaknesses, then looked at session hijacking and device-bound session credentials. We’re now going to put that knowledge to practical use by auditing the MFA methods in use in a Microsoft environment.
Continue reading...In the last post I looked at all the different methods of multi factor authentication, and evaluated the strength of each type. Passkeys came out as a clear winner, as they mitigate both fake domains and users being tricked into giving out their one time…
Continue reading...
