I’m currently studying for CISSP (Certified Information Systems Security Professional), and while it does dive deep into risk analysis and business cyber security objectives, it also has a couple of history lessons baked into it. The "Orange Book" is the common name for the Trusted…
Continue reading...Firstly, if you haven’t updated Google Chrome on all your devices, go and do so. Whilst the headlines around CVE-2026-0628 have mostly been exaggerated fearmongering, it has raised a very serious issue for administrators - do you let users install whatever browser extensions they want?…
Continue reading...This week I’ve been focusing on reviewing multi factor authentication, particularly in a Microsoft environment. I’ve learnt a lot about session binding, and about how both Microsoft and Google and protecting users in the background. It’s cemented my belief that personal devices are the biggest…
Continue reading...This is a short one just to document a really useful command. Packet capturing is obviously a major tool in the arsenal of both cyber security analysts and network administrators, and Wireshark is normally my go-to for that. But, I had scenario where I had…
Continue reading...In previous posts we looked at different authentication methods and evaluated their strengths and weaknesses, then looked at session hijacking and device-bound session credentials. We’re now going to put that knowledge to practical use by auditing the MFA methods in use in a Microsoft environment.
Continue reading...
