Matt Strahan
@matt.volkis.au
Managing Director of Volkis (@volkis.au), cyber security guy.
Reposted by Matt Strahan
May 2, 2025 at 1:03 AM
This one resonates with me. We started a company and realised we’re great at delivering services but we’re not great at sales and not great at marketing. Luckily we’ve now got people who are great at those things!
May 1, 2025 at 4:21 AM
This one resonates with me. We started a company and realised we’re great at delivering services but we’re not great at sales and not great at marketing. Luckily we’ve now got people who are great at those things!
New Volkis shirts!
Tshirts are ready!! 🎉
Hortense visited the friendly team at All of the above Screenprinting in West Melbourne
- For those of you who have pre ordered, we will be shipping these out over the next few weeks. 🐺
(More pictures on linkedin)
Hortense visited the friendly team at All of the above Screenprinting in West Melbourne
- For those of you who have pre ordered, we will be shipping these out over the next few weeks. 🐺
(More pictures on linkedin)
May 1, 2025 at 4:19 AM
New Volkis shirts!
Reposted by Matt Strahan
I have cancelled our planned trip to the RSA Conference in San Francisco later this month. @metlstorm.risky.biz and I were headed over to record some live shows and see everyone. Unfortunately I have received advice that crossing the border into the United States right now would be a bad idea.
April 11, 2025 at 12:33 AM
I have cancelled our planned trip to the RSA Conference in San Francisco later this month. @metlstorm.risky.biz and I were headed over to record some live shows and see everyone. Unfortunately I have received advice that crossing the border into the United States right now would be a bad idea.
I saw that the super attacks resulted in $500k of unauthorised payments and my thought was "huh, that's not that bad". Shows the state of cyber security in 2025.
April 7, 2025 at 6:23 AM
I saw that the super attacks resulted in $500k of unauthorised payments and my thought was "huh, that's not that bad". Shows the state of cyber security in 2025.
This is a wild read! The top cabinet members of USA were discussing war plans in a Signal chat. That's unsettling enough considering it's out of band comms. Then they accidentally added a journalist to the chat.
The Trump Administration Accidentally Texted Me Its War Plans
U.S. national-security leaders included me in a group chat about upcoming military strikes in Yemen. I didn’t think it could be real. Then the bombs started falling.
www.theatlantic.com
March 24, 2025 at 10:54 PM
This is a wild read! The top cabinet members of USA were discussing war plans in a Signal chat. That's unsettling enough considering it's out of band comms. Then they accidentally added a journalist to the chat.
Going to be at @crikeycon.bsky.social tomorrow. Hope to see you all there!
March 20, 2025 at 11:16 PM
Going to be at @crikeycon.bsky.social tomorrow. Hope to see you all there!
Reposted by Matt Strahan
Thank you www.volkis.com.au for your ongoing support of CrikeyCon, coming in with Silver sponsorship again. We love our long term supporters, and Volkis has been a wonderful friend and supporter of the Con. Welcome back!
March 12, 2025 at 7:57 AM
Thank you www.volkis.com.au for your ongoing support of CrikeyCon, coming in with Silver sponsorship again. We love our long term supporters, and Volkis has been a wonderful friend and supporter of the Con. Welcome back!
I'm going to guess LLMs are going to result in a whole bunch of super weird defamation cases. Don't just go blindly trusting Chat GPT!
You apparently can now be fired from a university for stuff an AI hallucinated about you.
www.nytimes.com/2025/03/12/u...
www.nytimes.com/2025/03/12/u...
Yale Scholar Banned After A.I. News Site Accuses Her of Terrorist Link
The deputy director of a liberal project at Yale Law School was put on leave over allegations that she is linked to Samidoun, a group the U.S. government has said funds terrorists.
www.nytimes.com
March 13, 2025 at 12:14 AM
I'm going to guess LLMs are going to result in a whole bunch of super weird defamation cases. Don't just go blindly trusting Chat GPT!
In a world full of bad news we must always find happiness in the good news!
Volkswagen is bringing back physical buttons
Volkswagen is bringing back physical buttons
“Honestly, it’s a car. It’s not a phone.”
buff.ly
March 7, 2025 at 11:08 PM
In a world full of bad news we must always find happiness in the good news!
Reposted by Matt Strahan
Oh man, I have so many stories about that "startup". The founder Marshall Webb spent a year harassing me because I posted a research paper on the Mirai botnet (he considered himself to be the sole authority). It later turned out his knowledge came from him personally hosting their infrastructure 1/5
A teen DOGE staffer recently given access to government systems worked at a startup known for hiring convicted hackers. Someone using a Telegram handle associated with him also solicited a cyberattack-for-hire service in 2022. All raising questions about his vetting. www.wired.com/story/edward...
DOGE Teen Owns ‘Tesla.Sexy LLC’ and Worked at Startup That Has Hired Convicted Hackers
Experts question whether Edward Coristine, a DOGE staffer who has gone by “Big Balls” online, would pass the background check typically required for access to sensitive US government systems.
www.wired.com
February 7, 2025 at 5:16 AM
Oh man, I have so many stories about that "startup". The founder Marshall Webb spent a year harassing me because I posted a research paper on the Mirai botnet (he considered himself to be the sole authority). It later turned out his knowledge came from him personally hosting their infrastructure 1/5
Reposted by Matt Strahan
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2024! portswigger.net/research/top...
Top 10 web hacking techniques of 2024
Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year
portswigger.net
February 4, 2025 at 3:02 PM
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2024! portswigger.net/research/top...
Is this the start of a trend towards trojaned CPUs in nation state hacking?
February 4, 2025 at 9:58 PM
Is this the start of a trend towards trojaned CPUs in nation state hacking?
watchTowr Labs reregistered lapsed S3 buckets and found that they were still being used for things like updates. Long read but worth going through!
8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur
Surprise surprise, we've done it again. We've demonstrated an ability to compromise significantly sensitive networks, including governments, militaries, space agencies, cyber security companies, suppl...
labs.watchtowr.com
February 4, 2025 at 9:34 PM
watchTowr Labs reregistered lapsed S3 buckets and found that they were still being used for things like updates. Long read but worth going through!
I'd be keen for Civilization VII but $120 is way too much!
Pre-purchase Sid Meier's Civilization VII on Steam
The award-winning strategy game franchise returns with a revolutionary new chapter. Sid Meier's Civilization® VII empowers you to build the greatest empire the world has ever known!
store.steampowered.com
February 4, 2025 at 3:35 AM
I'd be keen for Civilization VII but $120 is way too much!
I'm putting together a bit of a list of Australian Infosec people on Bluesky here: bsky.app/profile/did:... If anyone wants to be added or knows people who should be added let me know!
February 4, 2025 at 1:13 AM
I'm putting together a bit of a list of Australian Infosec people on Bluesky here: bsky.app/profile/did:... If anyone wants to be added or knows people who should be added let me know!
I tried to get the handle @matt.volkis.au but it hasn't gone all that well! How come it worked for @skorov.volkis.au but not me?
That said I'm kind of liking the hackery vibe of "Invalid Handle"!
That said I'm kind of liking the hackery vibe of "Invalid Handle"!
February 3, 2025 at 11:19 PM
I tried to get the handle @matt.volkis.au but it hasn't gone all that well! How come it worked for @skorov.volkis.au but not me?
That said I'm kind of liking the hackery vibe of "Invalid Handle"!
That said I'm kind of liking the hackery vibe of "Invalid Handle"!
This is a great blog post with some brilliant old school web hacking. It raises the question though: do we really want car companies to be able to remotely track and unlock our cars?
New blog post with @shubs.io:
We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely.
Full post here: samcurry.net/hacking-subaru
We found a vulnerability in Subaru where an attacker, with just a license plate, could retrieve the full location history, unlock, and start vehicles remotely.
Full post here: samcurry.net/hacking-subaru
Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel
On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK admin panel that gave us unrestricted access to all vehicles and customer accounts in the United State...
samcurry.net
January 23, 2025 at 9:01 PM
This is a great blog post with some brilliant old school web hacking. It raises the question though: do we really want car companies to be able to remotely track and unlock our cars?
I’ve always thought that there should be active subscription renewals like you should have to press a button that says “yes I want to renew this for the next year” www.smh.com.au/politics/fed...
Started a new year health kick? Beware the ‘subscription trap’
Gyms, streaming services and meal-kit providers are being targeted by proposed new laws that will crack down on unfair business practices.
www.smh.com.au
January 4, 2025 at 9:12 AM
I’ve always thought that there should be active subscription renewals like you should have to press a button that says “yes I want to renew this for the next year” www.smh.com.au/politics/fed...
Reposted by Matt Strahan
big wheel keep on turnin' www.wired.com/story/us-tre...
US Treasury Department Admits It Got Hacked by China
Treasury says hackers accessed “certain unclassified documents” in a “major” breach, but experts believe the attack’s impacts could prove to be more significant as new details emerge.
www.wired.com
December 31, 2024 at 3:46 AM
big wheel keep on turnin' www.wired.com/story/us-tre...
Another target of Salt Typhoon, this time it’s the US Treasury. Doesn’t seem like they issued themselves bonds but they probably got some incredible intelligence. www.abc.net.au/news/2024-12...
US Treasury says Chinese hackers led a 'major cybersecurity' breach
The revelation comes as US officials continue to grapple with the fallout of a massive Chinese cyber espionage campaign known as Salt Typhoon.
www.abc.net.au
December 31, 2024 at 1:27 AM
Another target of Salt Typhoon, this time it’s the US Treasury. Doesn’t seem like they issued themselves bonds but they probably got some incredible intelligence. www.abc.net.au/news/2024-12...
Reposted by Matt Strahan
I put together a VERY limited (for now) list of web hackers in a Starter pack:
go.bsky.app/9uay4Ad
A lot of people are missing (I will try to add more as I find them) but make sure you follow people already in the list!
go.bsky.app/9uay4Ad
A lot of people are missing (I will try to add more as I find them) but make sure you follow people already in the list!
December 18, 2024 at 12:54 AM
I put together a VERY limited (for now) list of web hackers in a Starter pack:
go.bsky.app/9uay4Ad
A lot of people are missing (I will try to add more as I find them) but make sure you follow people already in the list!
go.bsky.app/9uay4Ad
A lot of people are missing (I will try to add more as I find them) but make sure you follow people already in the list!
Selling stuff on Facebook Marketplace is a minefield nowadays. This one is trying the "pay for courier" scam - notice the bad Auspost URL there.
December 16, 2024 at 2:39 AM
Selling stuff on Facebook Marketplace is a minefield nowadays. This one is trying the "pay for courier" scam - notice the bad Auspost URL there.
Trying to tidy up the data on my own computer makes me wonder how on earth large organisations could ever hope to manage the data they collect.
December 12, 2024 at 3:01 AM
Trying to tidy up the data on my own computer makes me wonder how on earth large organisations could ever hope to manage the data they collect.
Reposted by Matt Strahan
I did a talk at @sectalks.bsky.social Brisbane last month and the slides are public:
https://github.com/f3rn0s/public-slides/blob/main/Please%20Stop%20Letting%20Me%20Get%20In.pdf
I hope to record an online video version some time in the new year.
https://github.com/f3rn0s/public-slides/blob/main/Please%20Stop%20Letting%20Me%20Get%20In.pdf
I hope to record an online video version some time in the new year.
December 9, 2024 at 11:02 AM
I did a talk at @sectalks.bsky.social Brisbane last month and the slides are public:
https://github.com/f3rn0s/public-slides/blob/main/Please%20Stop%20Letting%20Me%20Get%20In.pdf
I hope to record an online video version some time in the new year.
https://github.com/f3rn0s/public-slides/blob/main/Please%20Stop%20Letting%20Me%20Get%20In.pdf
I hope to record an online video version some time in the new year.