Troy Hunt

MARCH 15, 2020

That sucks for you because you end up both missing out on events and sooner or later, suffering from cabin fever (I've always found that difficult across many years of remote work). It'll run from 9am to 5pm Sydney / Melbourne / Canberra time or an hour earlier for me here in Queensland.

Hacking 254

Hacking Technology Software Risk 254

eSecurity Planet

NOVEMBER 16, 2021

How HTML smuggling works. Cybercriminals that use HTML smuggling are betting that the routine use of HTML and JavaScript in everyday operations by businesses will enable them to stay hidden and protected from the businesses’ conventional threat mitigation procedures. Also see: Top Endpoint Detection & Response (EDR) Solutions.

Firewall 111

Firewall Ransomware Banking Malware 111

NetSpi Technical

MARCH 11, 2024

This blog will cover how we discovered CVE-2024-21378 and weaponized it by modifying Ruler , an Outlook penetration testing tool published by SensePost. In late 2015, Nick Landers, Co-Founder of Dreadnode, published a blog on the abuse of Outlook Rules for RCE. are displayed through a form structure in an “inspector window”.

Authentication 52

Authentication Penetration Testing Technology Phishing 52

Krebs on Security

MARCH 2, 2020

An individual thought to be involved has earned accolades from the likes of Apple , Dell , and Microsoft for helping to find and fix security vulnerabilities in their products. ” A LinkedIn profile for a Yassine Algangaf says he’s a penetration tester from the Guelmim province of Morocco. to for a user named “ fatal.001.”

DNS 258

DNS Penetration Testing Malware Hacking 258

CyberSecurity Insiders

DECEMBER 21, 2021

This blog was written by an independent guest blogger. Whether you are starting from scratch or already have safety measures in place, it is paramount to make data protection a priority. If you are starting from scratch, you should identify what type of sensitive information you and your organization are in charge of safeguarding.

Architecture 139

Architecture Encryption Authentication Data breaches 139

Troy Hunt

AUGUST 5, 2021

And without doubt, the best educational technology thing I've ever brought home is my Prusa 3D printer. I ended up buying the MK3S+ and a few different spools of filament, purchased from the official website and shipped from Europe. Tinkercad Tinkercad is without doubt the best place to start kids learning 3D modelling.

Education 70

Education Technology Software Retail 70

Kali Linux

MAY 31, 2021

This release welcomes a mixture of new items as well as enhancements of existing features, and is ready to be downloaded (from our updated page) or upgraded if you have an existing Kali Linux installation. release from February 2021 is: Releasing Kaboxer v1.0 - Introducing Kali Applications Boxer v1.0! Releasing Kali-Tweaks v1.0

Engineering 52

Engineering Firmware Architecture Backups 52

Kali Linux

MAY 15, 2022

brings the new version, GNOME 42, which is a more polished experienced following the work previously introduced in versions 40 and 41. The shell theme now includes a more modern look , removing the arrows from the pop-up menus and using more rounded edges. Quarter #2 - Kali Linux 2022.2. The summary of the changelog since the 2022.1

Wireless 52

Wireless Firmware Architecture Media 52

Troy Hunt

DECEMBER 3, 2023

The very next day I published a blog post about how I made it so fast to search through 154M records and thus began a now 185-post epic where I began detailing the minutiae of how I built this thing, the decisions I made about how to run it and commentary on all sorts of different breaches. And then ensured could never happen again.

Data breaches 363

Data breaches Passwords Internet Internet 363

Troy Hunt

AUGUST 21, 2023

Well, it's not "hidden" insofar as it's easily discoverable if you watch the network traffic from the client, but it's not meant to be called directly, rather only via the web app. That is all - only from the home page. That is all - only from the home page. Which is bad. in just 5 minutes.

Firewall 201

Firewall Authentication Internet Internet 201

Fox IT

NOVEMBER 1, 2023

We provide an overview of payloads dropped by the Blister loader based on 137 unpacked samples from the past one and a half years and take a look at recent activity of Blister. Furthermore, there has been a shift in payload type from Cobalt Strike to Mythic agents, matching with previous reporting.

Computers and Electronics 92

Computers and Electronics Encryption DNS Ransomware 92

Security Boulevard

SEPTEMBER 1, 2021

<a href='/blog?tag=Cybersecurity'>Cybersecurity</a> tag=Cybersecurity'>Cybersecurity</a> <a href='/blog?tag=Ransomware'>Ransomware</a> tag=Ransomware'>Ransomware</a> <a href='/blog?tag=Cyber-attacks'>Cyber-attacks</a> Additional Resources.

Digital transformation 145

Digital transformation Cybersecurity Cyber threats IoT 145

Troy Hunt

AUGUST 7, 2020

As I've given further thought to the future since the M&A process, the significance of community contributions has really hit home. Every single byte of data that's been loaded into the system in recent years has come from someone who freely offered it in order to improve the security landscape for everyone. I've taken shortcuts.

Passwords 364

Passwords Architecture Data breaches Internet 364

Cisco Security

AUGUST 29, 2022

In part one of this issue of our Black Hat USA NOC (Network Operations Center) blog, you will find: Adapt and Overcome. From the beginning of Black Hat 25 years ago, volunteers built the network for the conference rather than using the hotel network. Building the Hacker Summer Camp network, by Evan Basta.

Engineering 84

Engineering Wireless Malware DNS 84

Malwarebytes

JANUARY 23, 2023

Since then, they have studied the campaign in depth, uncovering its inner workings, before taking everything down. A script then calls home to its command-and-control (C2) server for additional information on what to place behind the static banner. Decrypted code of the ad playlist, which plays in videos hidden from users.

Adware 80

Adware Advertising Marketing Encryption 80

Troy Hunt

NOVEMBER 14, 2018

A nice, slick, clean set of violation reports from the content security policy (CSP) I run on Have I Been Pwned (HIBP). Logging on to Report URI and being greeted with something like this: This blog post is about how add-ons and extensions in browsers cause CSP violations like the ones above and how they should be dealt with.

Media 213

Media Accountability Technology 213

McAfee

DECEMBER 1, 2020

In February 2020, less than 40% of companies allowed most of their employees to work from home one day a week. By April, 77% of companies had most of their employees working exclusively from home. Figure 1: Data protection gaps resulting from direct-to-cloud access. So everyone wins, right?

Digital transformation 90

Digital transformation Cloud Migration Technology Mobile 90

Cisco Security

AUGUST 28, 2023

The NOC partners are selected by Black Hat, with Arista, Cisco, Corelight, Lumen, NetWitness and Palo Alto Networks delivering from Las Vegas this year. Check out Iain’s article: ‘ Inside the Black Hat network operations center, volunteers work in geek heaven.’ Or, is from a briefing or a demo in the Business Hall?

Wireless 68

Wireless DNS Mobile Technology 68

ForAllSecure

MAY 13, 2022

After hearing a talk, a Dallas-based hacker set out to find out what was going on inside the smart meter attached to his home, and what he found was surprising. It's estimated that within the first year, over half the homes in the United States had spark meters installed. But we all know how security by obscurity works in the end.

Engineering 52

Engineering Energy and Utilities Computers and Electronics Firmware 52

Kali Linux

MARCH 28, 2023

Longer history lesson Knoppix - Initial two weeks work Whoppix (White-Hat and knOPPIX) came about as the founder, @Muts, was doing an in-person air-gap network penetration test lasting for two weeks in 2004. He started to get requests from people, asking for tools to included as well as bug reports. A fresh start in March 2013.

InfoSec 52

InfoSec Penetration Testing Architecture Software 52

Troy Hunt

MARCH 21, 2018

That harm extends all the way from those in data breaches feeling a sense of personal violation (that's certainly how I feel when I see my personal information exposed), all the way through to people literally killing themselves (there are many documented examples of this in the wake of the Ashley Madison breach).

Data breaches 182

Data breaches Government Passwords Media 182

Troy Hunt

JANUARY 10, 2018

million records on US consumers (this started a series events which ultimately led to me testifying in front of Congress ), South Africa had data on everyone living in the country (and a bunch of deceased folks as well) leaked by a sloppy real estate agent and data from Australia's Medicare system was being sold to anyone able to come up with $30.

Hacking 279

Hacking Government Risk Encryption 279

Troy Hunt

JUNE 10, 2019

Search for your account across multiple breaches [link] — Have I Been Pwned (@haveibeenpwned) December 4, 2013 I’ll save the history lesson for the years between then and today because there are presently 106 blog posts with the HIBP tag you can go and read if you’re interested, let me just talk briefly about where the service is at today.

Data breaches 279

Data breaches Passwords InfoSec Accountability 279