Last weekend I spoke at CrikeyCon VI. I am always excited to attend and present at CrikeyCon, the attendees are fantastic and overall the organisers have created an amazing conference ❤.
This year I presented The Boring Security Talk. This session covers a variety of issues, DNS, Email, CI/CD and dependency management.
You can view the slides here. I will update this past when the video becomes available.
I have put together a list of links and reference materials:
- Hackers exploit Jenkins servers, make $3 million by mining Monero
- DHS: Multiple US gov domains hit in serious DNS hijacking wave
- Advice on Mitigating DNS Infrastructure Tampering
- A Deep Dive on the Recent Widespread DNS Hijacking Attacks
- DNS Squatting with Azure App Services
- Managing DNS with DNSControl, CloudFlare, DNSimple, GitHub, VSTS, Key Vault and Docker
- MX Toolbox
- Phishing Scorecard
- UK ICO, USCourts.gov... Thousands of websites hijacked by hidden crypto-mining code after popular plugin pwned
- Malicious Docker Containers Earn Cryptomining Criminals $90K
- Postmortem for Malicious Packages Published on July 12th, 2018
- Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem
- Pipdig Update: Dishonest Denials, Erased Evidence and Ongoing Offences
If you want to catch this presentation in person, you will be able to see it at the Azure Global Bootcamp in Melbourne.