HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mh_

no profile record

Submissions

It's our birthday – so we built everyone this retro game

canary.tools
1 points·by mh_·10 maanden geleden·4 comments

Caring

blog.thinkst.com
1 points·by mh_·vorig jaar·0 comments

Vendor Booths don't have to suck (and why your startup should reconsider them)

blog.thinkst.com
1 points·by mh_·2 jaar geleden·0 comments

Hacking as a pathway to building better Products

blog.thinkst.com
3 points·by mh_·2 jaar geleden·0 comments

Unfashionably secure: why we use isolated VMs

blog.thinkst.com
305 points·by mh_·2 jaar geleden·243 comments

Wrong on the Internet

twitter.com
1 points·by mh_·2 jaar geleden·0 comments

Be careful of the examples you use. They stick

blog.thinkst.com
199 points·by mh_·3 jaar geleden·128 comments

Seasonal themes, delighting users and small UX touches

blog.thinkst.com
1 points·by mh_·4 jaar geleden·0 comments

Is Elon Beyond Reproach?

twitter.com
22 points·by mh_·4 jaar geleden·34 comments

Always Be Hacking

blog.thinkst.com
2 points·by mh_·4 jaar geleden·0 comments

Apples AT&T demo was a good example of pg's “relentlessly resourceful”

blog.thinkst.com
2 points·by mh_·4 jaar geleden·2 comments

Ask HN: Will referral codes cheapen honest referrals?

1 points·by mh_·4 jaar geleden·2 comments

Building WireGate: A WireGuard front to detect compromised keys

blog.thinkst.com
8 points·by mh_·5 jaar geleden·0 comments

Use a fake kubeconfig file to detect attackers

blog.thinkst.com
1 points·by mh_·5 jaar geleden·0 comments

Using a SQL Injection attack to detect attackers

blog.thinkst.com
1 points·by mh_·5 jaar geleden·0 comments

Good attacks make good detections make good attacks (a MySQL booby-trap)

blog.thinkst.com
1 points·by mh_·5 jaar geleden·2 comments

Grab quarterly reports/summaries on current Information Security research

thinkst.com
1 points·by mh_·5 jaar geleden·0 comments

A (free) quarterly selection (and review) of security research / papers / talks

thinkst.com
2 points·by mh_·5 jaar geleden·0 comments

comments

mh_
·10 maanden geleden·discuss
We build tools (commercial: https://canary.tools) and free (https://canarytokens.org | https://opencanary.org) that help slowdown/detect attackers.

It supports normal(ish) pacman-like activity, except some of the dots you consume might be canaries, which will slow you down/likely lead to you being detected/caught.
mh_
·10 maanden geleden·discuss
It’s our birthday - so we built everyone this retro game.

(Complete all levels, and we will send you a special 10-year edition t-shirt)
mh_
·3 jaar geleden·discuss
Heh. "You can totally put in any value here, as long as its exactly this one"
mh_
·4 jaar geleden·discuss
You totally can?
mh_
·4 jaar geleden·discuss
Ouch. I’m super curious why you found it such a waste. I found it super interesting (I guess for all the reasons in the post)
mh_
·4 jaar geleden·discuss
I wrote this about 13 years ago (a little tongue in cheek) but it held up:

https://sensepost.com/blog/2009/twitter-killed-the-infosec-b...

-snip- There’s something liberating about saying “here’s a link”, as opposed to taking the time to formulate your thoughts into a full blown posting.

We were curious if this twitter-effect was real, imaginary or only applicable to lazy people like us.. Thanks to python-twitter and a few lines of script we can look at the the blogging habits of some info-sec superstars (and maybe confuse correlation and causation to jump to conclusions while we at it). -snip-
mh_
·4 jaar geleden·discuss
We are already pretty ok at gifting back (our hoodies/gifts have a pretty good rep).

I kinda default to “don’t mess with it” but sometimes wish we could do more to say thanks.
mh_
·5 jaar geleden·discuss
You can wave the encoding away (with a tick-box) but in general, people over-estimate what attackers will "notice". In cases like this, many are as desperate to get the loot as users are when they get phished. dialogue boxes and browser warning fade into the background as they hit "accept" to move closer to their goal.