Kerberoasting, a technique for offline cracking of Kerberos service account passwords in Active Directory environments, was publicly introduced and detailed … Continue reading Kerberoasting History| PwnDefend
Are we stuck in a cyber world that never learns? are we doomed to suffer the same fate over and … Continue reading Ransomware kill chains are boring.. will we ever learn?| PwnDefend
“Juice jacking” has become a modern cybersecurity myth — a catchy scare story built on a long-patched Android debugging issue … Continue reading A threat to sanity – Cyber Myth: Juice Jacking| PwnDefend
Firewalls are often both a defended gate but also the front door to access corporate network. That is all lovely until it’s not! You see so many corporate network intrusion incidents occur from threat actors simply logging into the VPN (due to lack of VPN), and then we have the software vulnerabilities where they shell their way in, but did you think that another way could be from stealing all the backups from a ‘security’ provider? Well now you might! There’s been bit of an incident ...| PwnDefend
Update Adobe Reader Your Adobe Reader Needs Updating Your version of Adobe Reader is outdated. To ensure the best experience … Continue reading Dark Duckie Hotel Demo| PwnDefend
This weekend I was running a workshop with my awesome friend James, where we were discussing the realities of wireless network security, man in the middle attacks and what we have found in the field, both from an offensive perspective and as corporate network defenders. As with all things in life, sometime reality doesn’t work quite as well as a demo! So I’ve done a quick thread on twitter showing the kill chain an adversary can deploy when attacking WPA2 PSK (without PMF enforced) networ...| PwnDefend
Recently the Online Safety Act (OSA) has come into force, now regardless of your opinion on this, I wanted to look at some things that exist today when considering children’s mobile phone access.| PwnDefend
The U.S. bombing of Iranian nuclear facilities on June 22, 2025, alongside Israel’s ongoing military campaign, marks a significant escalation … Continue reading Why U.S. and Israeli Airstrikes on Iran Won’t Shift the Cyber Threat Landscape| PwnDefend
In my travels I have found it matters more how you do IT securely than how you ‘do security’. What … Continue reading Bolting on security does not work| PwnDefend
Chances are, no one’s actually watching you — but in a world full of cameras, phones, and digital breadcrumbs, it’s smart to know how to move with a little more privacy. Whether you’re heading to your favorite coffee shop or just want to practice slipping through the city unnoticed, this guide will help you stay low-profile without going full secret agent. It’s about blending in, being unpredictable, and keeping your personal movements personal — all without looking over your shou...| PwnDefend
Using AI feels great sometimes and then empty others, this was created in seconds, it’s fine, it works.. but it has no soul! But who cares about soul when it’s a check list right? The more fundamental question is, do you have the policies, processes and procedures to defend against social engineering attacks against password resets? If not, perhaps this may help.| PwnDefend
A cyberpunk-styled visualization of the Scattered Spider attack flow, defensive countermeasures, and an interactive checklist with activity log, designed for WordPress compatibility.| PwnDefend
Currently there appears to be a relatively significant cyber security incident at Marks and Spencer. So I thought I would give a demo of using AI (LLM, GROK) to create a timeline:| PwnDefend
When a suspected email mailbox compromise is reported, initiating an investigation promptly is critical. However, to ensure the investigation is effective, certain minimum intelligence requirements must be met. This blog outlines the bare minimum data needed to start investigating a suspected email mailbox compromise, whether the intelligence comes from an internal team or a third-party source.| PwnDefend
