I quite like diamonds. Not for their look but for the whole backstory on why they are so desired today. The De Beers ‘cartel’, amongst others, inflated the price of diamonds since the 1800s. Around 1938 the De Beers diamond group …
Layered Learning
In our bubble of InfoSec, we can find ourselves feeling like we are fighting a loosing battle. We write perfect policies – that nobody reads and after your 5th security incident you can feel like you are bashing your head …
Cybersecurity Leadership Summit 2018 Europe
We had the pleasure of attending the Cybersecurity Leadership Summit 2018 Europe in Berlin and thought it would be a good idea to capture some of the event and hopefully pass on some of the conference for people who did …
Argos Doesn’t Take Care of IT
So recently I needed a computer monitor in a hurry, I was in the north and I wanted a monitor to be collected by a colleague in the south. My mind pondered several next day options but then it hit …
The Romance Scam
There was a simpler time where people would send post cards asking for pen-friends. A friendship slowly developed and they would ask for a small amount of money. With the advent of the internet all this changed though, scammers could …
Some AntiSocial Password Advice
Advice on passwords is getting out of hand. Just round and round in the echo chamber of infosec with our highly subjective opinions. It serves only to confuse users and does little to actually change the habits we see around password …
Blueteam Tools In My Toolbox
From the very start of being interested in ‘hacking’ and Information Security I do wonder what influences the style, the culture… I mean we all love InfoSec redteams and the ways for a brief moment our minds provide us with …
Trivial Mistakes On Trello
Open Source Intelligence (OSINT) is the practice of using publicly available data about a target company or person. In our field of work it’s critical because it gives you all the juicy details you can later turn into a pretext. …
Sim Swap Fraud – A Victim’s Perspective
For many victims of SIM Swap Fraud, the first time they learn about the attack is in the hours after their life has been changed forever. It’s an all too common story, the signal bars disappear from your mobile phone, …
G-Cloud 10
We take great pride in announcing The AntiSocial Engineer has been entered into the G-Cloud 10 Framework and this signifies our ability to sell directly to HMG – in many Digital Marketplace listings we have even been listed first! From …
Technology Makes Us Safer… Sometimes…
Whilst many of us in Information Security are struggling to patch the broken and educate the confused, the largest of the corporates seem to be making giant leaps in protecting their customers. None more so then the banking sectors! Of …
Shut Up About Facebook
People seem annoyed recently that a little known company called Cambridge Analytica have been accused of doing some pretty dodgy things with our data. I mean, it truly was an edge of the seat expose by Channel 4 – at …
As We Grow
It was Christmas Eve 2014 when I started The AntiSocial Engineer. It was founded from a passion to secure people online and fuelled by utter hatred of how the information security industry was. The aim was simple, I wanted to …
Phishing, Evolved.
When we talk about phishing, the first thing people would associate with is the traditional phishing email. The click here. The “urgent action needed” kind of junk we see everyday in our inboxes… but is this still the case? Are …
Two Factors Of Security
Note: Before starting this article we couldn’t miss the opportunity to recommend people to this web page should you need help setting up two factor on your accounts – https://twofactorauth.org/ Google’s announcement that 10% of users use 2-factor authentication has been …
Let’s forget the phishing dangers, is email getting us down?
In no way are we trying to diminish the importance of good email security practice, but sometimes I think about the unforeseen impact email can have on our daily lives. We focus on the fancy malware and the sophisticated credential …
Advanced Phishing Techniques and TalkTalk
We have already had our dealings with TalkTalk as covered in our earlier blogs here and here. We felt the need to disclose their 2015 Data breach previously, but it does disappoint us to need to write again. This isn’t a …
Cyber Resilience Week
In support of the Digital Leaders ‘Cyber Resilience Week’ Richard will be speaking at two events: Monday 11th September 2017 – The DeMontfort University in Leicester – http://digileaders.com/events/securing-business-digital-age Thursday 14th September 2017 – Chelsea Football Club – http://digileaders.com/events/securing-business-digital-age-2 The days will be …
The Making of a Drop Box
A drop box is a small computer designed to be connected to a corporate network, once connected it should enable attackers remote access to the network through a variety of methods. We have seen similar devices used in the wild …
Malicious Packets
Recently we had quite an interesting engagement and we have been allowed to share some of the details! Objective: Gain physical entry to a building for the purpose of impromptu network penetration test and wireless testing. Company Arena: Global Offices, Finance, …