Our Vision

To give customers the most compelling IT Support experience possible.

Our Mission

Our mission is simple: make technology an asset for your business not a problem.

Our Values

We strive to make technology integrate seamlessly with your business so your business can grow. As your technology partner, when your business grows ours will grow with you, therefore, we will work hand in hand with you to support your growth.

Our Values

We develop relationship that makes a positive difference in our customers Business.

Our Values

We exibit a strong will to win in the marketplace and in every aspect of our Business

The Difference Between Advising and Shaming

Imam Ibn Rajab Al-Hanbali's work, "The Difference Between Advising and Shaming," is a profound exploration of the subtle but crucial distinctions between offering constructive #advice and engaging in harmful #criticism. His insights are timeless, providing valuable guidance on how to interact with others in a manner that promotes growth and preserves dignity.


Here are ten key lessons from the book that resonate deeply:

1. Intent Matters: The intention behind advising should always be to help and support the individual. In contrast, shaming aims to belittle and demean. The purpose behind the words greatly influences how they are received.

2. Respect and Dignity: Effective advice honors the recipient's dignity and self-worth. Shaming, however, undermines a person's value and can inflict emotional harm.

3. Constructive vs. Destructive: Advising offers constructive feedback that promotes improvement and growth. Shaming is destructive, often leaving the individual feeling worse without offering a clear path forward.

4. Focus on Behavior, Not Person: Good advice targets specific behaviors or actions and suggests ways to improve them. Shaming attacks the person’s character or identity, making it personal and damaging.

5. Empathy and Understanding: Advising should come from a place of empathy and understanding, taking into account the person's circumstances and feelings. Shaming lacks empathy and often disregards the individual's context.

6. Encouragement vs Discouragement: Advising encourages and motivates the person to do better, offering support and upliftment. Shaming discourages, leading to decreased self-esteem and motivation.

7. Long-term Impact: Advising fosters positive long-term effects, building trust and encouraging continuous improvement. Shaming, on the other hand, can have lasting negative impacts, damaging relationships and causing emotional scars.

8. Promotes Growth: Advising is geared towards helping individuals grow and develop, focusing on their potential and strengths. Shaming stunts growth by fixating on faults and weaknesses.

9. Builds Trust: Consistent, respectful advising builds trust and strengthens relationships. Shaming erodes trust, creating distance and resentment.

10. Leads to Positive Change: When done correctly, advising can lead to meaningful and positive change. Shaming often results in defensiveness, denial, or withdrawal, preventing any constructive outcomes.

These lessons emphasize the importance of delivering #feedback with care, empathy, and respect. In doing so, we uplift others and contribute positively to their personal and professional development, rather than tearing them down.

This distinction is particularly relevant in today's world, where the lines between #constructive #criticism and harmful #shaming can easily blur. By applying the principles outlined by Imam Ibn Rajab Al-Hanbali, we can navigate our interactions more mindfully and contribute to a more supportive and understanding society.

The Lazarus Heist

 The 2016 #Bangladesh #Bank #cyber heist, where $81 million was stolen, ranks among the most significant cybercrimes. #Hackers infiltrated Bangladesh Bank’s #SWIFT #network and initiated unauthorized transfers from its account at the #Federal Reserve #Bank of New York. The stolen funds were dispersed through accounts in the #Philippines, where they were laundered via casinos with weak AML (anti-money laundering) regulations.



The #Lazarus Group, a #North #Korean state-sponsored #hacking syndicate, was identified as the primary perpetrator. They used custom #malware to gain access, bypassing inadequate security controls within #Bangladesh #Bank. Investigators, including those from #India, found that the attackers exploited weak network segmentation and #monitoring within the bank. According to Geoff White  "The Lazarus Heist"(pp. 109-116), the malware code used was highly advanced, further complicating detection and response.

The incident revealed critical issues in Bangladesh Bank’s #infrastructure, including outdated systems and lack of incident response planning, which delayed containment efforts. Adding to the suspicion, a fire broke out post-incident in a specific #office area, destroying potential evidence and hindering investigations. https://lnkd.in/gNctf6TK

This fire, combined with reports of potential data mishandling by the bank’s IT department, raised doubts about the transparency of the bank’s response.

International organizations, including #INTERPOL and the #FBI, were involved in the probe, linking the heist to #North Korea’s efforts to bypass global sanctions. The heist pressured SWIFT to improve its security standards and forced global financial institutions to reassess their #cybersecurity practices, particularly in high-stakes interbank #communication.

The heist underscores the need for robust #cybersecurity, stronger internal controls, and improved global AML regulations. The case remains a pivotal example of how cybercriminals can #exploit financial systems, emphasizing the need for vigilant, coordinated international cybersecurity efforts.

Cybersecurity from an Islamic Perspective: Bridging Faith and Digital Security

I'm incredibly excited to announce a significant milestone in my professional journey and passion! After much dedication and hard work, I've officially published my debut book, "Cybersecurity from an Islamic Perspective: Bridging Faith and Digital Security."



This book is a deep dive into how timeless Islamic ethical principles like Sidq (truthfulness/integrity) and Amanah (trustworthiness/custodianship) can offer unique insights and a robust framework for navigating the complex challenges of our digital world. It's a topic I believe is crucial for fostering a more secure and responsible cyberspace for everyone.

As my first book, this project has been a labor of love, drawing inspiration from my background and the esteemed works of many cybersecurity and Islamic scholars. I'm eager to share this unique perspective with my network and the broader community.

You can find "Cybersecurity from an Islamic Perspective" on Amazon here:
πŸ‘‰ https://lnkd.in/gZfrvWe5

For those with Kindle Unlimited, the Kindle version is available to read for free! You can also read a free sample chapter before purchasing.

I would be honored if you would consider reading it. Your insights and feedback are invaluable, especially as I embark on this new chapter as an author. Please feel free to share your thoughts, and let's continue the conversation around ethics and security in the digital age.

#Cybersecurity #IslamicEthics #DigitalSecurity #NewBook #FirstTimeAuthor #Infosec #FaysalHasan #EthicalAI #DigitalResilience #TechEthics #KindleUnlimited #CISSP #Policy #Islam #Frameworks #OT #GRC #Governance

First known ransomware that uses Artificial Intelligence to operate.

The game has changed. #ESETResearch has uncovered #PromptLock, the first known #ransomware that uses #artificial #intelligence to operate.

This isn't a pre-programmed #attack. Written in #Golang, this novel #malware leverages a local, #open-source #AI model (gpt-oss:20b) and the Ollama API to write its own #malicious Lua scripts on the fly.

They have identified both #Windows and #Linux variants of this #ransomware uploaded to VirusTotal.

This means the #attack #code can change with every #execution, making it incredibly difficult for traditional #security solutions to keep up.

ESET have named this threat Filecoder.PromptLock.A.
IoCs (Indicators of Compromise):
πŸ“„ 24BF7B7B72F54AA5B93C6681B4F69E579A47D7C102
AD223FE2BB4563446AEE5227357BBFDC8ADA3797
BB8FB75285BCD151132A3287F2786D4D91DA58B8
F3F4C40C344695388E10CBF29DDB18EF3B61F7EF
639DBC9B365096D6347142FCAE64725BD9F73270
161CDCDB46FB8A348AEC609A86FF5823752065D2

This is a wake-up call for the cybersecurity industry.

We need to prepare for a new era of polymorphic, AI-driven threats.

#Ransomware #AI #Cybersecurity #PromptLock #ESETResearch #Threats #Infosec #Golang

Level up your OT skills with these live demos and learning resources.

 Level up your OT skills with these live demos and learning resources.

Whether you're an Cyber pro wants to know more about ICS and OT or IT professional, an engineer, or just starting in ICS/SCADA cybersecurity, these resources are a must-see.

I have got something for everyone, from live automation demos to guides on building your own cyber lab.

Live Automation Demo: Check out the Ecava IGX SCADA IGX Systems live demo. This is a great way to see a full-featured industrial control system in action, complete with real-time data, trends, and alarm management.
https://lnkd.in/g3XvUEmM

Nuclear Reactor Simulator: Test your operational skills with the Dalton Nuclear Reactor Simulator from The University of Manchester Faculty of Science and Engineering  TheUniversity of Manchester.

A unique and hands-on tool for understanding the complexities of critical infrastructure.
https://lnkd.in/gC3PZHSP

one more is ITrust  from Singapore which is the host of several world-class testbeds and training platforms. For Electric, water and IOT etc can be found here https://lnkd.in/gwajtsNH

Another one is Labshock by Zakhar Bernhardt which provides a ready-to-use environment to learn, simulate and test defensive strategies. https://lnkd.in/gkn_4gKT

and this is on of his great post on OT SIEM Mastery: Your Leveling Guide 1-60
https://lnkd.in/geHfR_vi?

Graphical Realism Framework for Industrial Control Simulation (GRFICS)
https://lnkd.in/gSqyyTk2

Virtual Lab Setup Guide: Ready to get hands-on? Rodrigo Cantera PΓ©rez blog series provides a step-by-step guide to setting up a virtual lab to test SCADA protocols and attack Modbus TCP devices.
https://lnkd.in/geRNu9ZW

For OT compliance IEC62443 Simulator https://lnkd.in/eU-KwFRs

OT substation https://lnkd.in/gAgifT8f

and finally ICS/SCADA Cybersecurity Resources: Getting into OT security? @Robert M. Lee founder and CEO Dragos, Inc., has put together a legendary collection of resources for beginners, covering everything from foundational skills to specific training. this is an old post but a lot still relevent
https://lnkd.in/gcVfVGs4

Save this post , like, or Share your favorite resources in the comments!

#OT #OperationalTechnology #ICS #SCADA #Cybersecurity #Simulator #IEC62443  #IndustrialAutomation #Engineering #ProfessionalDevelopment #Energy #oil #gas #manufacturing #automation #cyberguide #pipeline #industry #Nuclear #rail #transport

Cyber Health Check Tool

Try the new Cyber Health Check Tool to get a tailored action plan to improve your cyber security. 

Whether as an individual, or for your business or not-for-profit, the free and anonymous online tool is a fast self-assessment to measure your cyber awareness. 

Once completed, you'll have personalised advice to improve your cyber security. You can also track your progress by implementing your action plan and re-assessing. 

Try the tool now: https://lnkd.in/g2EMp6YN



OT Cyber Resilience Summit

 A full day of deep insights at the #OT Cyber Resilience Summit in #Melbourne The energy was palpable, with a powerful gathering of #Australia's top leaders in operational technology security.

The consensus was clear: moving beyond theory to on the ground execution is key. My main takeaways:

πŸ”· Asset Inventory is Job Zero: But it must be intelligent. Context like system interdependencies and physical location is everything.

πŸ”· Close the Design Reality Gap: Resilience is built by engaging directly with site operations, not just from design documents.

πŸ”· Build the Right Structure: Dedicated roles, clear IT/OT frameworks, and hygiene focused KPIs are non negotiable for program maturity.

πŸ”· Lean on Proven Frameworks: The #SANS 5 Critical Controls and the new #ASD #ACSC "CI Fortify" guide provide an essential blueprint for action.

It was also a pleasure to reconnect with peers and discuss these critical topics.

The need for a principled, holistic approach is what inspired me to write

"The Ethical Guardian of Industry," - which merges advanced security strategies with ethical governance to protect our vital infrastructure available at #Amazon and #Kindle to check out follow this link https://lnkd.in/gxQ3_4Dm

Grateful for the knowledge shared by all and love your feedback on the book!

#OTCyberSecurity #CyberResilience #OperationalTechnology #ICSsecurity #Melbourne #CriticalInfrastructure #ASD #ACSC #SANS #CIFortify #ICS #OT #Scada #Stuxnet #Cyber

Defend your Microsoft Defender now

Defend your #Microsoft #Defender now

The #Microsoft #Defender Triad Your SOC Can't Afford to Ignore

When a disgruntled researcher (Nightmare-Eclipse/Chaotic Eclipse) drops three coordinated tools on GitHub in 18 days #BlueHammer, #RedSun, and #UnDefend the industry must pay attention.

The Three-Pronged Attack:

πŸ”΅ #BlueHammer (CVE-2026-33825, CVSS 7.8) Patched. A local privilege escalation (LPE) flaw chaining TOCTOU and path confusion to extract NTLM hashes and escalate to SYSTEM. Exploited in the wild since April 10.

πŸ”΄ #RedSun (Unpatched)  A privilege escalation with ≈100% reliability on fully updated Windows 10, 11, and Server 2019+. It abuses Defender’s "cloud tag" file restoration to overwrite a system binary (TieringEngineService.exe) and executes it as SYSTEM.

πŸ”» #UnDefend (Unpatched)  A denial-of-service tool that, from a standard user account, blocks Defender signature updates (passive) or disables the engine entirely (aggressive), leaving systems blind.

What This Means for Business:

Huntress has confirmed all three techniques are already weaponized in the wild. With #RedSun and #UnDefend unpatched, you have no official fix. A single initial access (phishing, stolen creds) can lead to:

· Unprivileged user → Full SYSTEM access
· NTLM hash extraction and lateral movement
· Defender blind spot for follow-on payloads

What This Means for the Attacker:

This isn't just a bug report, it's a complete offensive kill chain. Escalate (BlueHammer/RedSun), execute (SYSTEM payload), and blind detection (UnDefend). No memory corruption, no kernel exploit, just logic flaws in Defender's own trusted operations.

Your Action Plan:

· Hunt for indicators: Unexpected Cloud Files sync registrations, NTFS junction/reparse point creation, VSS snapshot enumeration from user-space processes

· Monitor privileged writes to C:\Windows\System32\TieringEngineService.exe

· Consider disabling Cloud-delivered protection as a temporary mitigation for RedSun

· Assume compromise if unpatched systems have had local code execution exposure

Run defender XDR queries published by Steven Lim https://lnkd.in/gFR5bFRz

πŸ’‘ Bigger picture: This episode underscores the fragility of supply chain trust and the catastrophic consequences when vulnerability disclosure breaks down. Microsoft credited other researchers for CVE-2026-33825—not Nightmare-Eclipse—fueling an already volatile situation.

Zero-days are inevitable. Having three dropped in rapid succession by the same researcher, with two remaining unpatched, is a wake-up call for proactive threat hunting.

Stay vigilant. πŸ›‘️

#cybersecurity #infosec #Microsoft #ZeroDay #WindowsDefender #PrivilegeEscalation #BlueHammer #RedSun #UnDefend #ThreatIntelligence

Critical EDR threats - RoguePlanet,Silent Choke

 πŸ”» Three critical #EDR threats dropped in the last couple of weeks that fundamentally break how we think about endpoint security.

If your strategy relies on "having #EDR installed and we are secure," know this below tools ready to break in your defence.

below are quick technical summary of the tools and techniques full details technical link in the comment section.

1. #EDRChoker (Silent Choke)
Throttles EDR outbound bandwidth to 8 bits/sec using Windows QoS.

How: Targets pacer.sys below WFP. TLS handshakes time out.
Result: EDR goes blind. Agent looks online. SOC sees nothing.

2. #AI Evasion Malware Lab Factory The attacker had not written a clever new piece of malware. They had built a factory. Wired into the Cursor AI coding IDE and driven by multiple Anthropic Claude Opus 4.5 agents, the setup mass-produced and tested EDR-evasion payloads.
Claude Opus 4.5 mass-produced 70+ evasion techniques against EDRs, #CrowdStrike, #Defender.

Reality is #AI hallucinated success rates, but productivity multiplier is real. One operator now does what took a team of Hackers.

3. #RoguePlanet  -NEW RoguePlanet Windows Defender Vulnerability.
Race condition in #Microsoft #Defender → Local Privilege Escalation to SYSTEM.

Impact: Works on fully patched Windows 10/11 (June 2026). Researcher warns: "More Defender vulns coming."

#SOC Actions to catch this tools
#EDRChoker
· Run Get-NetQosPolicy. Monitor Event IDs 4001, 4002.
· Alert on "Sensor Health Status Change."

#AI Factory:
· Hunt \Users\Documents\test\ or \build\out\ executables.
· Alert on >25 LDAP queries in 10 mins.
· Block api.telegram.org & *.workers.dev from workstations.

#RoguePlanet
· Alert on MsMpEng.exe spawning cmd.exe or powershell.exe with #SYSTEM token.
· Disable VHD/VHDX auto-mounting via GPO.
· Prioritize application allowlisting (blocks the exploit entirely).

πŸ’Ό For Management

1. Tamper Protection: #Sensor dropout must trigger a paged alert.
2. Don't Trust #Defender Alone: More vulns unreleased. Layer controls.
3. Test Your Config: Haven't tested in 30 days? Assume failure.
4. #AI Multiplier is Here: Move from signatures to fundamentals: MFA, patching, allowlisting, segmentation.

Bottom Line is attackers now build factories to bypass your stack, choke telemetry, and weaponize Defender against you. Defend accordingly.

#cybersecurity #EDR #infosec #AI #ThreatHunting #BlueTeam #CISO #MicrosoftDefender #ZeroDay

A large-scale exploitation campaign targeting web content management systems (CMS


 A large-scale exploitation campaign targeting web content management systems (CMS), with many Australian businesses impacted.

The vulnerabilities being targeted affect CMS software and plugins which, if exploited, enable malicious actors to remotely access and control targeted web servers. 

Organisations, including small businesses, are encouraged to take immediate action to protect their web servers.

 

▶ Inspect your CMS for webshells.

▶ Examine your web access logs for any IP addresses making GET or POST requests to any webshell paths.

▶ Treat servers with identified webshells as compromised, isolate them and perform an audit for malicious activity.

▶ Review network logs for interactions with identified IP addresses. 

▶ Investigate logging and hosts for evidence of persistence, lateral movement or other malicious actions.

▶ Patch vulnerable systems to prevent re-infection.

▶ If there are indications that websites are compromised, restore websites from a recent known-good backup.

 

If a service provider maintains your website, point them to this alert and review our guidance at the below link for additional questions to ask. 

 

Read the full alert and take additional steps to protect your websites

 πŸ‘‰ https://lnkd.in/gkyDM4uY

Twitter Facebook Favorites More