Malicious OneNote

January 24, 2023 - 4 mins read

Anatomy of a Malicious Email Attachment With Microsoft’s recent changes to macros within the Office and M365 suite, Threat Actors have changed their TTPs to utilize the OneNote (.one) file type for Malicious Code Delivery TL;DR (.one) files are a binary blob capable of embedding any file type. Threat actors are utilizing the prolific nature of OneNote to execute malicious code on endpoints. Block (.one) files from incoming email and dissociate commonly abused file extensions.

2023.01.17.News You Should Know

January 17, 2023 - 2 mins read

Microsoft is set to introduce significant changes to the Windows enterprise over the next year. With multiple security settings going from recommended to enforced. Highlights include the EOL for AD Connector 2.0.x, changes to MFA, and the end of standalone Office Apps for 2016/19. Caniphish’s Sebastian Salla published a review of thousands of misconfigured SPF records today allowing emails to be sent on behalf of foreign governments, the Massachusetts Institute of Technology, the University of Miami, among others.

2023.01.10.News You Should Know

January 10, 2023 - 3 mins read

House omnibus spending bill brings three interesting cybersecurity measures. Section 7030 will require cybersecurity to be a key consideration in the adoption of technology and specifically 5g technologies for members of the Digital Connectivity and Cybersecurity Partnership. The “No TikTok on Government Devices Act” bans the use of the Chinese-owned ByteDance company’s TikTok social media platform on goverment owned devices with power being given to the Director of the Cybersecurity and Infrastructure Security Agency (CISA) to dictate how application management is performed.

2023.03.01.News You Should Know

January 3, 2023 - 3 mins read

Google Chrome 110, slated for release on Feb 7th will drop support for Windows 7 and Windows 8.1. This matches Microsoft’s end-of-life date for Windows 7 and 8.1 extended support. Raspberry Robin targets financial institutions in Europe, current victim profiles seem to show Threat Actors targeting Spanish and Portugeuse speaking institutions. The offensive framework recently underwent updates to provide polymorphic code, preventing hashes or signatures to have much effect against detection.

2022.20.12.News You Should Know

December 20, 2022 - 2 mins read

Most of the Information Security community has fled Twitter in favor of a Mastodon instance Infosec.Exchange Mastodon is a federated replacement for Twitter and has balloned from 100k user to over 2.5m users since Musk’s takeover of the Twitter platform. As most vendors, businesses, consultants, and infosec personalities made the move to Mastodon, so has the public zeitgeist of up-to-date security news and disclosures. To keep tabs, you can check out the public feeds CTI and ThreatIntel (These tags do not require an account to view.

Racism, Fascism, and other Human Problems on Mastodon

November 27, 2022 - 2 mins read

I am continually fascinated by the amount of users from the Twitter Diaspora who are decrying the lack of robust fixes for socialogical issues within the Fediverse at large, but specifically within the Mastodon social media realm. It is not any surprise to those of us that have studied human behavior or history that bigots and other practicers of vile “-isms” are to be found on the fediverse as every where else.

Mastodon Privacy for Small Instances

November 26, 2022 - 3 mins read

Mastodon, one of many social media platforms on the Fediverse, has attracted a lot of attention since the purchase of Twitter by Elon Musk. With some instances growing by tens of thousands of users in as little as a week, and new personal instances popping up everywhere, I thought I’d take a moment to look at some of the security and privacy features. As instances are usually ran by a tech savvy individual and service a small group of friends, family, and colleagues, it seems imperative that privacy be at the forefront, especially for marginalized groups.

Impostor Syndrome

November 11, 2022 - 2 mins read

“Do you not know, my son, with how little wisdom the world is governed?” ― Axel Oxenstierna, Lord High Chancellor of Sweden to his son who feared holding his own as a peace delegate at the Peace of Westphalia I find that people in the Information Security field often believe that others are smarter than them, or more educated or experienced than them. But my experience has been the opposite.

Host Identification through WPAD (Web Proxy Auto Discovery) DNS Queries

February 22, 2022 - 1 min read

DNS is by far my favorite passive way to identify required resources and to perform reconnaissaince against a host. DNS is one of the least secured protocols and runs as a fairly untrusted WPAD can be a great resource for identifying hosts home domains without a lot of DNS

HEAR Model

July 17, 2021 - 6 mins read

Photo by Oladimeji Ajegbile from Pexels This method of Bible study was handed down to me in 2008 at The University of Tennessee Chattanooga’s Baptist Collegiate Ministries (UTC-BCM). At the time Robbie Gallaty was leading Brainerd Baptist and had an intense focus on discipleship and relationship in the church family. His dedication to discipleship led to a resurgence of strong Godly men and families leading small groups in the community.