Jump to content

John Kelly

  • Content Count

  • Joined

  • Last visited

  • Days Won

  • Invited by

    Kevin Beaumont

John Kelly last won the day on February 3 2020

John Kelly had the most liked content!

Community Reputation

10 Good


Personal Information

  • Bio
    Ex IT, Network & SOC Operations Manager. Now doing tech stuff for Cisco.

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. This just about covers every single frikkin aspect of IT & InfoSec Operations Management .........
  2. Have you got "category" filtering capability on your firewalls? some solutions are now including this sort of thing into the Proxy Avoidance/Anonymiser categories (with varying levels of success).
  3. Still critically important. Zero-trust is great IF (as others above have stated) you have complete control of the users & devices connecting to your network. For the other 99.9999% of organisations the amount of "not a clue what that is" stuff connected to your networks still need to have ingress/egress blocking in place to at least try and control whatever the hell they are doing......
  4. Yep, think it's ver 63 that "enabled" it by default.
  5. For any you find providing DoH you may also want to block port 853 to prevent DoT (cloudflare addresses are a definite for this).
  6. +1 for Beers With TALOS - 5 senior guys from the TALOS team drink beer and talk shit about security (but shit with a lot of common sense attached). Usually about an hour long but only every two weeks or so. https://www.talosintelligence.com/podcasts
  7. I'm going to focus on controls/stuff you can do without spending cash. Patch your shit. Seriously. When I get some more time I'll write up a long form post on how you can "nudge" the server, app and network teams to think it's a really good idea to do this but this should be a key focus for anyone working in blue teams. When you've finished patching the above go around again and look for all the stuff you've missed. Then patch it. The repeat the process on a regular basis. Lock down your admin creds (particularly in AD) and reject any app that "requires" Domain Admin/Local Admin or similar to run. Trust me, they don't - it's just lazy implementation guides from the vendor, start digging and there will be a method that allows the app to run via a standard user account. Close the easy gaps first. Attackers are lazy, and they'll use the minimum required to get in. Review your firewall rules for example: any permit tcp inbound 139/445 ones in there? bin them. Look for/ask for security guides or hardening guides from your existing vendors. They should all have them, and the likes of Microsoft/Cisco/Apple/insert large IT provider here are generally very good at telling you how to secure their stuff if you go and look for it.
  8. Won't be there this year which I'm gutted about, it's been a cracking event for the past few years.
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy