November 6, 2022

TSD #014: Your Colleague; Your Enemy?

Hello friend 👋

I have been extremely busy this week. Lots of late nights. My new and improved website is live. I'm 3/5 of the way through the SWITCHFIRE course update. Laid a wooden floor in my living room. And am enjoying the drop in temperature as winter approaches. On top of that, it's been a really intriguing week in the world of cyber security.

The UK's National Cyber Security Centre officially announced that it is scanning all internet-facing devices hosted in the UK for vulnerabilities. Incredible! Here's why:

...we are building a data-driven view of “the vulnerability of the UK”. This directly supports the UK Government Cyber Security Strategy relating to Understanding UK Cyber risk.

Pretty cool.

The scanning activity is carried out using freely available network tools that are running in the cloud from the following 2 IP addresses:


This is a really interesting move from the NCSC, I'm not entirely sure if other governments around the world do this within their borders. If you happen to know a government that does, I'd love to hear about it.

Information security has many subdomains. One of the hardest to manage is Insider Threat. When employees become a threat to the organisation's information security. For example:

  • an employee might print sensitive data and take it home
  • an employee might email sensitive documents outside of the company
  • an employee might take photographs of their screen when they're working from home
  • an employee might sell their credentials (username & password) to a cyber crime gang on the dark web (yep, that's a thing)
  • the list goes on

You might be aware that Elon Musk took over Twitter recently and this week it was reported that almost 4,000 employees will lose their jobs. Half the company. This puts the company at significant risk of insider threat. I can only imagine what the Identity and Access Management and Data Loss Prevention teams are going through. They're responsible for locking out access and preventing data loss.

If you haven't heard of Tabletop Scenarios, I highly recommend you follow it. They tweet cyber scenarios relevant to the news of the day. Here's their Elon-Twitter-insider tweet:

You can get in touch with me by simply hitting reply. I respond to every email that hits my inbox.

Until next week,

Gary ✌️

Fun Things This Week

📽 My New Video

Hacked in Under 1 Minute: Last week I showed you how to set up Metasploitable2 as a free, offline attack lab. In this video, I'll show you how to get a root shell in under 1 minute.


Jack meets with Maddie Stone, a security researcher from Google's Project Zero. In this episode, you hear what it’s like battling zero-day vulnerabilities.

👾 Cool Tools

Threatest is a Go framework for testing threat detection end-to-end. It allows you to detonate an attack technique, and verify that the alert you expect was generated in your favourite security platform.

Sandman is a backdoor that is meant to work on hardened networks during red team engagements. Sandman works as a stager and leverages NTP (a protocol to sync time & date) to get and run an arbitrary shellcode from a pre-defined server.

If you've written a tool and you'd like me to see it, just drop me an email!

P.S. Some of the links in this newsletter are affiliate links and help support my content. Thank you for your support! ✌️

More Articles
Subscribe to The Sunday Download

Receive weekly news and insights in your inbox. Don't miss out!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.