Profile avatar
matt.volkis.au
Managing Director of Volkis (@volkis.au), cyber security guy.
36 posts 113 followers 301 following
Regular Contributor
Active Commenter
Posts 22 Comments 21

Oh man, I have so many stories about that "startup". The founder Marshall Webb spent a year harassing me because I posted a research paper on the Mirai botnet (he considered himself to be the sole authority). It later turned out his knowledge came from him personally hosting their infrastructure 1/5

submitted 19 days ago • 24 comments

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2024! portswigger.net/research/top...

submitted 22 days ago • 2 comments

Is this the start of a trend towards trojaned CPUs in nation state hacking?

submitted 22 days ago • 0 comments

watchTowr Labs reregistered lapsed S3 buckets and found that they were still being used for things like updates. Long read but worth going through!

submitted 22 days ago • 0 comments

I'd be keen for Civilization VII but $120 is way too much!

submitted 23 days ago • 0 comments

I'm putting together a bit of a list of Australian Infosec people on Bluesky here: bsky.app/profile/did:... If anyone wants to be added or knows people who should be added let me know!

submitted 23 days ago • 0 comments

I tried to get the handle @matt.volkis.au but it hasn't gone all that well! How come it worked for @skorov.volkis.au but not me? That said I'm kind of liking the hackery vibe of "Invalid Handle"!

submitted 23 days ago • 2 comments

This is a great blog post with some brilliant old school web hacking. It raises the question though: do we really want car companies to be able to remotely track and unlock our cars?

submitted 34 days ago • 0 comments

I’ve always thought that there should be active subscription renewals like you should have to press a button that says “yes I want to renew this for the next year” www.smh.com.au/politics/fed...

submitted 53 days ago • 0 comments

big wheel keep on turnin' www.wired.com/story/us-tre...

submitted 58 days ago • 1 comment

Another target of Salt Typhoon, this time it’s the US Treasury. Doesn’t seem like they issued themselves bonds but they probably got some incredible intelligence. www.abc.net.au/news/2024-12...

submitted 58 days ago • 0 comments

I put together a VERY limited (for now) list of web hackers in a Starter pack: go.bsky.app/9uay4Ad A lot of people are missing (I will try to add more as I find them) but make sure you follow people already in the list!

submitted 71 days ago • 3 comments

Selling stuff on Facebook Marketplace is a minefield nowadays. This one is trying the "pay for courier" scam - notice the bad Auspost URL there.

submitted 73 days ago • 0 comments

Trying to tidy up the data on my own computer makes me wonder how on earth large organisations could ever hope to manage the data they collect.

submitted 77 days ago • 1 comment

I did a talk at @sectalks.bsky.social Brisbane last month and the slides are public: https://github.com/f3rn0s/public-slides/blob/main/Please%20Stop%20Letting%20Me%20Get%20In.pdf I hope to record an online video version some time in the new year.

submitted 79 days ago • 0 comments

submitted 80 days ago • 2 comments

I kid you not, @itch.io has been taken down by Funko of "Funko Pop" because they use some trash "AI Powered" Brand Protection Software called Brand Shield that created some bogus Phishing report to our registrar, iwantmyname, who ignored our response and just disabled the domain

submitted 79 days ago • 696 comments

There are so many "state of the threat landscape" cyber security reports that come out that I'm not sure it's possible to read them all. What's the point? Why does every company have to have a "state of the threat landscape" report?

submitted 79 days ago • 1 comment

A few weeks ago we snuck in an anonymised red team report on our handbook. Unlike our anonymised pentest report it's not from a single engagement - it's a bit of a mishmash of different red teams we've done, but it's all real stuff. You can read it on the link below.

submitted 80 days ago • 1 comment

Threaded view in Bluesky is brilliant. To enable it go to Settings -> Content and media -> Thread preferences. It gives you a more Reddit style experience when clicking into conversations.

submitted 89 days ago • 0 comments

Phishing training and ISAT doesn’t work, according to this study from University of Chicago and University of San Diego. A successful phishing attack isn’t just down to the user, but we need process and technology like MFA, filtering, access control. www.computer.org/csdl/proceed...

submitted 94 days ago • 0 comments

Now that Twitter is "X", what do we call tweets?

submitted 582 days ago • 0 comments