It’s the graveyard shift at the SOC. Ana and Elsa are on duty, when suddenly it becomes clear that Bad Things are afoot. The nightmare scenario has come about – the Evil Hackers have come for them, and now the company has got to deal with it. To keep their ... Read More

Flashback to August 2014. Planning for HackFu 2015 is well underway: Alec: Hmm, maybe HackFu could use a bit of DefCon-style badge hacking..? Martyn (MWR): Can we do something cool for £10-£20 per badge? Max 100. Alec: No problem. Fast-forward to June 2015, skipping out many months of design, construction, frustration, late ... Read More

Unwanted email is as near a certainty in life as death and taxes. “Selling” spam is a nuisance; phishing emails or messages bearing hostile attachments have the potential to really ruin your day. A lot of the time there are dead giveaways that the message isn’t what it appears to be ... Read More

I thought I’d briefly share the latest gadget I’ve been tinkering with. You may remember the robot I built for HackFu – I always thought I could do better with the packaging of the controller unit. It was in three pieces, namely the camera receiver, the TV, and the control ... Read More

As defenders, we have many reasons to do our jobs. We want to comply with regulations, protect our employers (and protect our pay cheques!), and just maybe we enjoy the challenge despite the certain knowledge that someday an exploit with our name on it is going to smack us between ... Read More

ELSA is a powerful component of SecurityOnion; one can waste productively use many hours drilling through your logs. The more parsers and dashboards you write for your own specific log sources the more insightful it becomes and pretty soon you’ll be asking yourself questions you never knew you had. Take the ... Read More

Part One of this post is here; this time I’m going to talk about TempEx and its controller: Parts list From the point of view of the challenge, TempEx is mostly chrome, but we all know that this is the element upon which all coolness is built and we should ... Read More

Words have not yet been invented to describe the utter awesomeness of HackFu. Run by MWR Infosecurity, it’s two extremely intense days of team-based hacking, puzzling and pwning, tackled by means of skill, luck and sometimes even outright cash bribery (Facebook photo albums here and here). Many thanks to the RAF Air Defence ... Read More

Welcome to my latest challenge, part of the run-up to BSides London 2013. It’s a bit different this time, both in terms of what you have to do and what you get if you do it. The prizes on offer are tickets to the event, with a special prize of a ... Read More

If you’ve not checked out Security Onion (SO) yet, you really should. It’s a powerhouse Linux distro, running everything an analyst could need to carry out effective Network Security Monitoring (NSM). The latest beta is looking fantastic; watch the video and try it out, you won’t be sorry! I’m not going ... Read More