Troy Hunt

MARCH 1, 2018

As this service has grown, it's become an endless source of material from which I've drawn upon for conference talks, training and indeed many of my blog posts. I've regularly quoted the NCSC in particular, for example there's a bunch of their work in my recent blog post about authentication guidance for the modern era.

Government 188

Government Data breaches Passwords Authentication 188

Veracode Security

FEBRUARY 23, 2021

This is the seventh entry in this blog series on using Java Cryptography securely. In order to get both, we would need a separate crypto-scheme that would compute authentication tags (a.k.a The MAC algorithm (HMAC) takes the message (M) of arbitrary length and generates fixed size authentication tags (or MACs).

Authentication 71

Authentication Encryption Architecture Risk 71

Cisco Security

AUGUST 29, 2022

In part one of this issue of our Black Hat USA NOC (Network Operations Center) blog, you will find: Adapt and Overcome. I heard a comment that the Wi-Fi service in the Expo Hall was “the worst I’ve ever experienced at a conference.” Over the week-long conference, we used all but three of the switches and all the APs.

Engineering 84

Engineering Wireless Malware DNS 84

McAfee

SEPTEMBER 29, 2021

One vendor surveyed IT professionals at the RSA conference in 2018. In August of 2020, researchers from Dutch and German universities [2] co-presented at the 29th Usenix conference on a survey they conducted. Tag critical assets for automated prioritization. This includes both open (free) and paid threat intelligence sources.

DNS 67

DNS Manufacturing Data breaches Risk 67

Troy Hunt

DECEMBER 3, 2023

The very next day I published a blog post about how I made it so fast to search through 154M records and thus began a now 185-post epic where I began detailing the minutiae of how I built this thing, the decisions I made about how to run it and commentary on all sorts of different breaches. And then ensured could never happen again.

Data breaches 363

Data breaches Passwords Internet Internet 363

Cisco Security

AUGUST 28, 2023

At each conference, we have a hack-a-thon: to create, prove, test, improve and finally put into production new or improved integrations. File Analysis and Teamwork in the NOC Corelight and NetWitness extracted nearly 29,000 files from the conference network stream, which were sent for analysis in Cisco Secure Malware Analytics (Threat Grid).

Wireless 68

Wireless DNS Mobile Technology 68

Cisco Security

MAY 26, 2022

In part one of this issue of our Black Hat Asia NOC blog, you will find: . To accomplish this undertaking in a few weeks’ time, after the conference had a green light with the new COVID protocols, Cisco Meraki and Cisco Secure leadership gave their full support to send the necessary hardware, software licenses and staff to Singapore.

Wireless 93

Wireless Mobile Engineering Firewall 93

Google Security

JULY 27, 2023

Maddie Stone, Security Researcher, Threat Analysis Group (TAG) This is Google’s fourth annual year-in-review of 0-days exploited in-the-wild [ 2021 , 2020 , 2019 ] and builds off of the mid-year 2022 review. Project Zero wrote about one of these cases in November 2022 in their “Mind the Gap” blog post.

Spyware 91

Spyware Manufacturing Internet Internet 91

Lenny Zeltser

FEBRUARY 13, 2020

I shared my view on the reasons for this on the company’s blog: What, Why, and How of Cybersecurity Asset Management Security leaders who’ve implemented effective asset management will live longer, healthier, and more fulfilling lives :-). Asset management is deceptively unsexy, yet incredibly useful when done right.

CISO 79

CISO Information Security Architecture Technology 79

Kali Linux

MARCH 28, 2023

It was common for big exploits to make an appearance around these security conferences. As we were scrapping it all and starting from scratch when starting with Kali, we moved to Git and used GPG to tag releases, at the same time, published all our build-scripts allowing anyone to build Kali on any platform. 2008 was no exception.

InfoSec 52

InfoSec Penetration Testing Architecture Software 52

Google Security

JANUARY 29, 2021

Examples include Address Space Layout Randomization, Control Flow Integrity (CFI), Stack Canaries and Memory Tagging. Thank you to Jeff Vander Stoep for contributions to this blog post. These mitigations may need to be enabled across an entire process's memory space to be effective.

Architecture 101

Architecture Media Engineering Risk 101

ForAllSecure

MAY 13, 2022

Everybody's got their own little blog where they post stuff. Yeah, there are tracks at conferences, but it hasn't yet exploded into the mainstream. There's a little security tag they put to see if someone is tampered with it but they are not locked. I mean, it's a talk that I gave it a new radio conference.

Engineering 52

Engineering Energy and Utilities Computers and Electronics Firmware 52

Troy Hunt

JUNE 10, 2019

Search for your account across multiple breaches [link] — Have I Been Pwned (@haveibeenpwned) December 4, 2013 I’ll save the history lesson for the years between then and today because there are presently 106 blog posts with the HIBP tag you can go and read if you’re interested, let me just talk briefly about where the service is at today.

Data breaches 279

Data breaches Passwords InfoSec Accountability 279

Troy Hunt

FEBRUARY 11, 2018

This tag was in the source code over at secure.donaldjtrump.com/donate-homepage yet it was pulling script directly off Igor Escobar's GitHub repository for the project. You can safely use an integrity attribute on your script tag because if ever we want to change the implementation, we'll simply rev the version. from its current state.

Government 245

Government Risk Software Technology 245

SiteLock

AUGUST 27, 2021

Have you ever had trouble keeping up with your blog post schedule? If you’ve hit a wall with blogging, it’s likely due to one of these reasons: A lack of time. There are many forms of content you can find and share: Articles (blog posts). Curate several articles into a single curation just by tagging multiple articles.

Marketing 52

Marketing 52