Workshop - Cyber Security Informer

Hack Yourself First Workshops in Australia, Denmark and Portugal (Virtually, of Course)

Troy Hunt

MARCH 15, 2020

I want to talk about 3 upcoming events which Scott Helme and I are going to be running our Hack Yourself First workshop at starting with this one: NDC Security Australia, 26-27 March, AU$800 This is an extra special event that we've only just decided to run. The website is up and running and you can go and register right now.

Hacking

Hacking Technology Software Risk

WordCamp Miami 2018 – A Tenth Anniversary Event

SiteLock

AUGUST 27, 2021

Friday Workshops. Friday was set aside for session workshops. Developers Workshop. E-commerce Workshop. The Developers Workshop focused exclusively on the new Gutenberg editor. One of the most exciting things Jamie learned about Gutenberg is the use of / shorthand to autofill tags.

Malware

Malware Education Security Awareness Engineering

Subresource Integrity and Upgrade-Insecure-Requests are Now Supported in Microsoft Edge

Troy Hunt

MAY 1, 2018

Edge now joins the other major browsers in rejecting any script which doesn't hash down to the value specified in the integrity tag. I jumped into Windows Update, took the new bits and tested the version again: So the update is good, let's look at what that now means for the test: Success!

Government

Ask a Security Pro: What Is Website Encryption?

SiteLock

AUGUST 27, 2021

Over the last year I’ve led a multitude of security workshops aimed to educate entry-level WordPress users about website security. Some of the questions I regularly field in these workshops are related to the mechanics of SSL certificates, and their role in protecting website data from prying eyes.

Encryption

Encryption Firewall Education Banking

The UK and Australian Governments Are Now Monitoring Their Gov Domains on Have I Been Pwned

Troy Hunt

MARCH 1, 2018

There's a verification process where control of the domain needs to be demonstrated (email to a WHOIS address, DNS entry or a file or meta tag on the site), after which all aliases on the domain and the breaches they've appeared in is returned. At the time of writing, over 110k domain searches have been performed and verified.

Government

Government Data breaches Passwords Authentication

Locking Down Your Website Scripts with CSP, Hashes, Nonces and Report URI

Troy Hunt

NOVEMBER 14, 2017

I run a workshop titled Hack Yourself First in which people usually responsible for building web apps get to try their hand at breaking them. That's pretty much XSS 101 - just get an alert box to fire - and reflecting a script tag is one of the most fundamental techniques attackers use to run their script on your website. Using Nonces.

Hacking

Hacking Risk

Black Hat USA 2022: Creating Hacker Summer Camp

Cisco Security

AUGUST 29, 2022

We were able to import the list of MAC addresses of the Cisco Meraki APs, to ensure that the APs were named appropriately and tagged, using a single source of truth document shared with the NOC management and partners, with the ability to update en masse at any time. This also included the Tag for the SSIDs.

Engineering

Engineering Wireless Malware DNS

The Hacker Mind Podcast: Hacking Diversity

ForAllSecure

APRIL 7, 2021

Tennisha: if you're advanced, and you have a skill set in a particular area, we would love for you to come give some workshops, just to provide exposure to to the squad, we do a bring a hacker to work days every Sunday, where we get exposure to different areas within cybersecurity. What can you do to help? We need volunteers.

Hacking

Hacking InfoSec Cybersecurity Engineering

The Hacker Mind Podcast: Hacking Diversity

ForAllSecure

APRIL 7, 2021

Tennisha: if you're advanced, and you have a skill set in a particular area, we would love for you to come give some workshops, just to provide exposure to to the squad, we do a bring a hacker to work days every Sunday, where we get exposure to different areas within cybersecurity. What can you do to help? We need volunteers.

Hacking

Hacking InfoSec Cybersecurity Engineering

Vulnerability Reward Program: 2021 Year in Review

Google Security

FEBRUARY 10, 2022

The first 20 folks who share this blog post on Twitter and tag @GoogleVRP will receive a gift voucher for swag in their DMs. The Google Play Security Reward Program also released their Android App Hacking Workshop content and published a blog on their work to empower the next generation of Android Application Security Researchers.

Internet

Internet Internet Manufacturing Hacking

The Hacker Mind Podcast: Surviving Stalkerware

ForAllSecure

SEPTEMBER 21, 2021

Black Mirror brainstorms, a workshop in which you create Black Mirror episodes. The same with social media apps, I have to go through various settings to make sure that I'm not tagged without my permission, or in some cases even block a person now and again. Here's my proposal for replacing design sprints. And it's not just Microsoft.

Technology

Technology Software Surveillance Media

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

These are enormously useful for everything from blocking unauthorised external assets from being loaded into the page to prohibiting script tags from being injected to even fixing up content being insecurely embedded such as we saw with that commented out YouTube video.

Hacking

Hacking Government Risk Encryption

IoT Secure Development Guide

Pen Test Partners

OCTOBER 9, 2023

Mind maps can be a good way to collaboratively develop this phase within a threat modelling workshop. Semi-passive tags are also available in that they need temporary energy from a card reader to power up a low power microcontroller inside the tag.

IoT

IoT Firmware Mobile Manufacturing

The Hacker Mind Podcast: Learn Competitive Hacking with picoCTF

ForAllSecure

SEPTEMBER 10, 2021

So getting cybersecurity education materials often comes with a price tag. This type of content just doesn't exist, even if you go through AP Computer Science, which is an amazing course, they don't really tackle cyber security. And right now you can really set that price, anywhere you want, with Pico, it's free.

Hacking

Hacking Education InfoSec Engineering

Happy 10th anniversary & Kali's story.so far

Kali Linux

MARCH 28, 2023

As we were scrapping it all and starting from scratch when starting with Kali, we moved to Git and used GPG to tag releases, at the same time, published all our build-scripts allowing anyone to build Kali on any platform. As these are for a limited time, as well as being handmade item, do expect the price tag to match it.

InfoSec

InfoSec Penetration Testing Architecture Software

The Hacker Mind Podcast: How To Become A 1337 Hacker

ForAllSecure

SEPTEMBER 14, 2022

Vamosi: The Computer Science Annual Workshop or CSAW is a well-established CTF competition in New York. So getting cybersecurity education materials often comes with a price tag. It’s sponsored by the NYU Center for Cybersecurity. And right now you can really set that price, anywhere you want, with Pico, it's free.

Hacking

Hacking Education InfoSec Marketing

Project Svalbard: The Future of Have I Been Pwned

Troy Hunt

JUNE 10, 2019

Search for your account across multiple breaches [link] — Have I Been Pwned (@haveibeenpwned) December 4, 2013 I’ll save the history lesson for the years between then and today because there are presently 106 blog posts with the HIBP tag you can go and read if you’re interested, let me just talk briefly about where the service is at today.

Data breaches

Data breaches Passwords InfoSec Accountability

The JavaScript Supply Chain Paradox: SRI, CSP and Trust in Third Party Libraries

Troy Hunt

FEBRUARY 11, 2018

This tag was in the source code over at secure.donaldjtrump.com/donate-homepage yet it was pulling script directly off Igor Escobar's GitHub repository for the project. You can safely use an integrity attribute on your script tag because if ever we want to change the implementation, we'll simply rev the version. from its current state.

Government

Government Risk Software Technology

Cyber Security Informer

Hack Yourself First Workshops in Australia, Denmark and Portugal (Virtually, of Course)

WordCamp Miami 2018 – A Tenth Anniversary Event

Trending Sources

Subresource Integrity and Upgrade-Insecure-Requests are Now Supported in Microsoft Edge

Ask a Security Pro: What Is Website Encryption?

The UK and Australian Governments Are Now Monitoring Their Gov Domains on Have I Been Pwned

Locking Down Your Website Scripts with CSP, Hashes, Nonces and Report URI

Black Hat USA 2022: Creating Hacker Summer Camp

The Hacker Mind Podcast: Hacking Diversity

The Hacker Mind Podcast: Hacking Diversity

Vulnerability Reward Program: 2021 Year in Review

The Hacker Mind Podcast: Surviving Stalkerware

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

IoT Secure Development Guide

The Hacker Mind Podcast: Learn Competitive Hacking with picoCTF

Happy 10th anniversary & Kali's story.so far

The Hacker Mind Podcast: How To Become A 1337 Hacker

Project Svalbard: The Future of Have I Been Pwned

The JavaScript Supply Chain Paradox: SRI, CSP and Trust in Third Party Libraries

Stay Connected