Last weekend I spoke at CrikeyCon VI. I am always excited to attend and present at CrikeyCon, the attendees are fantastic and overall the organisers have created an amazing conference ❤.

This year I presented The Boring Security Talk. This session covers a variety of issues, DNS, Email, CI/CD and dependency management.

You can view the slides here. I will update this past when the video becomes available.

I have put together a list of links and reference materials:

• Hackers exploit Jenkins servers, make $3 million by mining Monero
• DHS: Multiple US gov domains hit in serious DNS hijacking wave
• Advice on Mitigating DNS Infrastructure Tampering
• A Deep Dive on the Recent Widespread DNS Hijacking Attacks
• DNS Squatting with Azure App Services
• DNSControl
• Managing DNS with DNSControl, CloudFlare, DNSimple, GitHub, VSTS, Key Vault and Docker
• MX Toolbox
• PostMark
• Phishing Scorecard
• UK ICO, USCourts.gov... Thousands of websites hijacked by hidden crypto-mining code after popular plugin pwned
• Malicious Docker Containers Earn Cryptomining Criminals $90K
• Postmortem for Malicious Packages Published on July 12th, 2018
• Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem
• Pipdig Update: Dishonest Denials, Erased Evidence and Ongoing Offences

If you want to catch this presentation in person, you will be able to see it at the Azure Global Bootcamp in Melbourne.