Doxing was initially a practice for undermining hackers’ online anonymity by ‘dropping docs’ but has evolved into a tool used for real-world extortion, employing violence-as-a-service tactics. Read this detailed blog post on the research I presented at Black Hat USA 2024.
Read the full transcripts of my interviews with threat actors involved in doxing for extortion. This includes ‘Ego’, a member of the notorious doxing gang ViLE, and ‘Reiko’ a system administrator and developer of the largest online doxing community, Doxbin.
In January 2024, breaking headlines were made, with commentary from Prime Minister Anthony Albanese, that 50+ major Australian brands had customer accounts compromised through credential stuffing attacks. This article provides threat attribution, and detailed research on the adversaries involved.
If you ever find yourself wondering how you will be able to progress your cyber security career in the direction you want, this article is for you. We all have different objectives, whether that be flexibility, a position in specialist security niche, a certain amount of remuneration or a specific title.
Often the barrier to entry with the OSCP exam is not just the time investment required, but the actual financial cost. This begs the question of what preparation can you complete before signing up to the course?
Portswigger’s Web Security Academy is the best free resource to develop web application penetration testing skills. In this article, I describe my study approach and exam tips and tricks to pass the accompanying BSCP exam.
This is a written version of the presentation I completed at AISA Cyber Conference Melbourne in October 2022, and AISA Cyber Conference Canberra in March 2023.
Despite mainstream media, boot camps and universities claiming there is a cyber security skills shortage, and that you can become a professional “in just 24 weeks”, it hasn’t been made clear that the shortage is of experienced professionals, and not entry level candidates. This creates a “chicken and the egg” scenario, as individuals struggle to secure their first role.
A review of the most well known Ethereum smart contract flaw, known as the “re-entrancy” attack. This attack is also known as a race-to-empty attack, which intends to recursively loop a withdrawal until a smart contract balance is emptied. I presented this attack at BSides Perth 2021.
A journal article which was a submission to AFCEA’s The Cyber Edge Writing Contest on “The Future of Cyber Warfighting”.