Cyberis Blog

Reassuringly clear thinking.

  • Detect and respond
  • Red teaming
  • Research

Microsoft Bookings – Facilitating Impersonation

Microsoft Bookings introduces a significant security risk by allowing end users to create fully functional Entra accounts without administrative oversight. These accounts, tied to shared Booking pages, can be exploited for impersonation, phishing, and email hijacking. Attackers could leverage this functionality to bypass security measures, gain unauthorised access to sensitive resources, and facilitate lateral movement within an organisation. Our blog explores these weaknesses in detail and provides recommendations for detection and mitigation.

Read more
  • Red teaming

"Assumed Compromise" Assessments: A Guide

In red teaming, defining the business objectives of the exercise early is essential to driving the best value realisation from the exercise. Each attack simulation involves a bespoke scoping exercise, and it is during these scoping processes that we discuss different ways of potentially achieving the desirable business objectives and the pros and cons of each.

Read more
  • Penetration testing
  • Red teaming
  • Tools and techniques

Avoiding Microsoft OneNote attachments spreading malware on your network

OneNote is note-taking software, developed by Microsoft and is included in the default Office suite bundle. In recent years, OneNote files have become popular channels for attackers to distribute malware, given their common installation and Microsoft's organisational measures to block macros from running in Excel and Word.

Read more
  • Red teaming

Informed consent: Social engineering and 'assumed compromise'

"Informed consent: Permission granted in full knowledge of the possible consequences" We're familiar with the concept of informed consent; in medicine, we treat it as criminal to perform a medical intervention without valid informed consent being in place. In red teaming, informed consent is just as important.

Read more
  • Penetration testing
  • Red teaming

Why you need to protect DA (Domain Admin)

This post will discuss why protecting administrative accounts responsible for the domain and the forest is so important. We will look at what is means for an attacker to gain access to these privileges and the impact of these types of breaches.

Read more
  • Penetration testing
  • Red teaming

Dead canaries in your network

When an adversary is inside your network, the faster you can detect and remove the intrusion the better.  Even if you don't have a "network" per se – even if you are running a pure zero-trust environment – detecting an attacker at work early will give you the upper hand. Even with sophisticated EDR products in the mix, criminals can often introduce malware to an environment to gain a foothold in a way that isn't detected.  Introduction of malware and establishment of a foothold is critical to criminal operations and so today's criminal gangs spend a great deal of time and resources using tradecraft and techniques to bypass the detective and preventative controls running on user workstations.  Even with a really good set of tools in the hands of an experienced defence teams, there is a good chance of criminals starting their attack chain without being caught. Using canaries can help you stay ahead.

Read more
  • Detect and respond
  • Red teaming

Using Red Teaming to upskill detection and response teams

When we talk about red teaming, it's quite easy for people to understand the benefits of using attacker techniques in our approach when it comes to exploring a particular attack pathway and to see the benefits of identifying the chains of vulnerabilities that allow a compromise to happen.  Quite frequently, though, people underestimate how effective red teaming can be when it comes to upskilling detection and response teams. I'd like to give an example of how - run well - red teaming can be used to improve detection and response outcomes.  This is, of course, an anecdote, but it certainly gives an idea of how performance changes when teams are challenged in the right way.

Read more
  • Red teaming

How Red Teaming can help you identify systemic weaknesses and control gaps

Working with mature organisations, we use full chain attack simulations to identify high level weaknesses and control gaps that simply aren’t highlighted by standard approaches such as traditional penetration testing.

Read more

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Contact us About Cyberis