Last weekend I spoke at CrikeyCon VI. I am always excited to attend and present at CrikeyCon, the attendees are fantastic and overall the organisers have created an amazing conference ❤.
This year I presented The Boring Security Talk. This session covers a variety of issues, DNS, Email, CI/CD and dependency management.
You can view the slides here. I will update this past when the video becomes available.
I have put together a list of links and reference materials:
- Hackers exploit Jenkins servers, make $3 million by mining Monero
- DHS: Multiple US gov domains hit in serious DNS hijacking wave
- Advice on Mitigating DNS Infrastructure Tampering
- A Deep Dive on the Recent Widespread DNS Hijacking Attacks
- DNS Squatting with Azure App Services
- Managing DNS with DNSControl, CloudFlare, DNSimple, GitHub, VSTS, Key Vault and Docker
- MX Toolbox
- Phishing Scorecard
- UK ICO, USCourts.gov... Thousands of websites hijacked by hidden crypto-mining code after popular plugin pwned
- Malicious Docker Containers Earn Cryptomining Criminals $90K
- Postmortem for Malicious Packages Published on July 12th, 2018
- Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem
- Pipdig Update: Dishonest Denials, Erased Evidence and Ongoing Offences
If you want to catch this presentation in person, you will be able to see it at the Azure Global Bootcamp in Melbourne.
Update - You can now watch the https://www.youtube.com/watch?v=5OlMEi_vcgY!