Homelab Utility computer.

My main lab and testing computer is an older Lenovo Thinkcentre. I put in 20gb of memory, 256gb SSD, and a 12tb WD gold HDD. The OS is Ubuntu, which I use to host VM’s on. Utilizing VirtualBox, I run a Kali Linux VM that I use for HackTheBox CTF’s.

Security assessment for ABC company.

I recently addressed user complaints regarding personalized spam/phishing emails (spear phishing), expressing concerns about a potential breach. Upon investigation, it became apparent that the domain lacked crucial security measures like SPF, DMARC, and DKIM. Configuring these protocols resulted in a significant decrease in both inbound and outbound spam incidents.

Further examination revealed that Multi-Factor Authentication (MFA) was neither enforced nor enabled for the entire user base of approximately 50 individuals. To address this vulnerability, I collaborated with my contact at the company to implement the following measures:

1. Established an MFA exclusion group, providing existing users the opportunity to sign in and set up MFA.
2. Enforced MFA company-wide, ensuring heightened security for all users.
3. Implemented a one-day grace period for new accounts, allowing them time to set up MFA.
4. Designated a single owner for all service accounts, requiring MFA registration for each of these accounts.

These actions collectively strengthened the organization’s cybersecurity posture, mitigating the risk of spear phishing and enhancing overall user account security.