Developing Leeds Scene

Conscious that it's been some time since I wrote a post so I thought I'd write a little something about the developing Leeds 'scene' since co-founding DC151 and helping (albeit a little) with BSides Leeds.  DC151 (Every 2nd Wednesday) I'd complained for years that Leeds had no regular social gathering for people like us so when Mark C announced BSides Leeds and everyone looked this way I picked up the phone and start texting. After some hurried planning I agreed a format and charter with Matt and we committed to a date for the first gathering, October 11th. We gave ourselves around two months to sort everything, including finding a venue. 
So far we've now held four gatherings and I couldn't be happier with how it's worked out. We've had to learn as we go and tweak the format along the way. We've had some great talks and we continue to receive support and attract interest beyond LS1. 
If you're interested in coming along or getting involved in D…

Tools & Techniques - Key Performance Indicators

IntroductionTo date, I've facilitated senior level reporting on the performance of security driven activity in almost every position I've held. For the best part, this has been a green-field requirement which has meant that I've been able to set out and make a case for reporting that drives improvement in the real-world security posture (RWSP) of my charge from the get-go. I believe, no matter what else is going on, that if you can inform the changes and behaviours that lead to your organisation protecting itself, you've had a good day. Secondly to driving improvement, KPIs and metrics provide your leadership team with the insight and visibility into the efforts and valuable work of your security team which might otherwise be hidden from them. 
There is no shortage of materials and musings about the importance of security KPIs however, despite this, many organisations struggle in a number of ways to define and/or employ them. I thought then I'd share some thoughts o…

Tools & Techniques - Suricata 4.0 (High-performance Network IDS, IPS & NSM engine)

On July 27th, 2017 the OIS (Open Information Security Foundation) & the Suricata project team issued a major update release to the Suricata IDS/IPS engine.  The summary of improvements includes: Improved Detection - based on feedback from the rule writing teams at Emerging Threats & Positive Technologies the project added improved inspection for HTTP, SSH & other protocolsImproved TLS detection & logging, & the addition of NFS support. Improved EVE JSON logging functionality including inner/outer ip logging for encapsulated traffic & extended HTTP request/response loggingRUST support Major TCP stream engine update 
Full details of the release can be found here

I've been a big fan & user of Suricata for just over a year now & I've previously written about deploying Suricata on Centos (or RHEL) here. The project still maintains some of the best documentation for an open project I've come across & you can find everything you need to install S…

Tools & Techniques - Cloud Firewalls (DigitalOcean)

My home lab is (probably) typical of most security professionals: a beefy workstation running VMWare workstation, a beefy-ish workstation running ESXi and a bunch of laptops, switches and other devices. I utilise a couple of VPS providers for hosting and exposing VMs to the cloud. My VPS provider of choice has been DigitalOcean for the last couple of years (going by my billing history) and to date, they've been excellent.

They recently introduced and advertised a new service feature called 'Cloud Firewalls' and I had chance to have a play with them today. Essentially, they've incorporated a network level firewall service to their VPS offering which can be used as an alternative or in addition to host-based firewalls like iptables, firewalld, etc. 
Initial Impressions - Pros, Cons and Limitations Pros

No Cost (free!!) - Cloud Firewalls are available at no additional cost.Availability - Cloud Firewalls are available in ever region DigitalOcean operate.Flexibility & Granu…

Tools & Techniques - Kali Linux of a Raspberry Pi

There are a couple of reasons why you might want to install Kali linux on an inexpensive hardware platform that you can deploy, abandon or hide somewhere. An obvious use might be to serve as an 'Evil AP' in support of wireless assessments. Kali linux is officially supported on a number of low-cost ARM based devices, with Offensive Security maintaining minimal, streamlined pre-built images which can be copied across to an SD card, installed and then configured with the packages you need for the task you have in mind. 

Installing Kali Linux on a Raspberry Pi 
Offensive Security maintain good documentation here. For the our needs:
Download and verify the image from here.$ shasum -a 256 /Volumes/SANDISK/kali-2017.01-rpi2.img.xzDD the image over the SD cards$ sudo dd if=kali-2017.01-rpi2.img of=/dev/disk2 bs=1mInsert the SD cards after the dd has completed and boot the rpi. I had a DHCP reservation set on my router so I knew what IP it would get. I also made sure I plugged in the extr…

Six Months of ICO fines

A well known high street supermarket received a fine from the Information Commissioner's office (ICO) yesterday. I had a look at the details and you can too. It's not a vast sum but it should be cause for embarrassment. It should also be cause for concern for anyone working there who has anything to do with data protection given the approaching changes to the ICO's powers coming next year with GDPR
There are still a lot of people who think GDPR will be the next Y2K - I've literally heard two separate groups of people say this. I think a lot of people think that the ICO is a paper tiger and if you pushed them for an example of their actions they'd at best recount TalkTalk's record £400,000 fine. I thought then it might be interesting to review all of the monetary penalties the ICO has issued since the start of this year up to yesterday. All enforcement notices can be viewed online here

ICO Monetary penalties - 01/Jan/17 to 17/Jun/17, Introduction
The ICO has is…

British Airways IT Issues

The media coverage of the recent major systems outage at British Airways is some of the worst I can recall reading. Essentially a national institution working in an industry synonymous with resilience, safety and preparation is making a drama out of a crisis and many technical practitioners are still trying to understand what happened. 
In the most recent reports, it sounds like a contractor accidentally switched off the power in their datacenter and with it, toppled the first domino in a series which lead to 750,000 passengers being unable to fly and an as yet to be calculated compensation bill. 
"It was not an IT issue, it was a power issue" - British Airways 

Nothing in the information they’ve released so far really explains how this course of events came to transpire nor does it provide any confidence or assurance around BA’s approach to business continuity planning (BCP) or disaster recovery (DR). Essentially, someone was able to gain access to and then press a button whic…