There is always the year of “X”, like the year of the linux desktop :P And it seems that 2022 is the year of stable diffusion1 and openAI. After This introduction, the following sections are based on the output of ChatGPT2, or as I like to call it: ChaDGPT. It’s capabilities are more than impressive, but see for yourself… What is AI? Artificial intelligence (AI) has its roots in the field of computer science, which emerged in the 1940s. Read more...

TIBER1 (Threat Intelligence-Based Ethical Red Teaming) is a framework to assess the cybersecurity resilience of financial institutions. TIBER tests are designed to simulate real-world cyber threats and attacks, and are intended to help financial institutions identify and address weaknesses in their cybersecurity posture. A quick how to Here are some general guidelines for how TIBER tests can be best executed: Identify the scope of the test: TIBER tests should be focused on a specific aspect of an organization’s cybersecurity posture, such as its network, applications, or processes. Read more...

Although it’s just September yet, it feels like the year is almost over with all the stuff there is to do. The CISSP with 90 days left until the exam is almost around the corner and a lot of other private stuff is still in the making. Cleaning, Clearing, Erasing, Purging, Degaussing and Destruction The thought for this blogpost originated when I put my old server racks in the car for destruction. Read more...

While flying through some clouds and on my way to enjoy some holidays on the other side of the globe, the thought about the current status on cloud environments is keeping me awake. “It feels like cloud security is still in it’s infancy!?”, “How long did it actually take, to get to the current status on On-premise AD security?”, “What’s the current status on cloud environments?”, “How long did it take to get to this state? Read more...

The first part of my BloodHound post was about the setup and usage of the tool. This part will mainly focous on the built-in queries and some small tips and tricks. I think the only way to fully grasp BloodHound is by frequently using it. Built-in queries After dumping our raw data with SharpHound1, it’s time to get to work. BH has some built-in queries which helps us to get a quick overview of the domain we are facing. Read more...