Jonathan Walker

The CFP for the very first hacker con I submitted to and spoke at is open. I’m also on their CFP board!

Submit to Thotcon’s CFP by January 1, 2025!

If you make submitting to a con in 2025 your New Year’s resolution, you’ll accomplish it on day 1 if you submit on Jan 1.

www.thotcon.org/cfp.html

Repo swatting attack deletes GitHub and GitLab accounts This brand new type of attack combines two fundamental functions in SCM providers for malicious intent by abusing a trust and safety feature meant to protect users.

Repo swatting: Upload crypto miner to victim repo -> report abuse to GitHub/Gitlab -> repo is taken down. sourcecodered.com/repo-swatting/

Stop Using Predictable Bucket Names: A Failed Attempt at Hacking Satellites This blog discusses the security risks of S3 bucket namesquatting in AWS, where attackers could potentially exploit predictable bucket naming patterns that include region names, and documents the auth...

In response to @frichetten.com finding ap-southeast-7 in a Bluesky post, I am happy to announce my new blog post here first. Please join me in my discovery of us-east-15 asset and my failed attempt at intercepting satellite communications.

www.securityrunners.io/post/stop-us...

Well now I’m motivated 👌 I’ll go ahead and drop at least a draft by tomorrow.

So I was doing some research on bucket namesquatting for over ~50 service buckets and found some services to have up to us-east-9 in some cases which was interesting. Perhaps related? Unlikely 🤷‍♂️. I should write that up but failed research is never as interesting as successful research.