Building the IoTrain
While developing the Matter workshop for DEF CON, I wondered what fun IoT project I could create that looks catchy, works well with DEF CON visitors,…
Zoltan Balazs
All posts by Zoltan Balazs
Persistent Phishing Campaign Uses Surveymonkey and Cloudflare, Bypasses Gmail’s Spam Filter
I don’t know what I did in the past, but boy do attackers love to send me phishing messages. This time, the story started with the…
Android Set-top Box Lies about Its OS Version, Comes Pre-infected with Malware
Cheap Android set-top boxes are being sold by criminals, which either pre-infect devices with malware or have malicious code delivered via an update. Set-top boxes are…
Finding a Secure Baby Monitor Is Much Harder Than You’d Think
If you are in a situation where you need to buy a baby monitor (camera), you probably want to choose something secure, right? For most of…
The Story About Three Million Toothbrushes Used in a DDoS Attack Is Not True
February 7th, 2024, was the day when many news portals ran a story about 3 million smart toothbrushes participating in a distributed denial of service attack…
The Anatomy of a Spear Phishing Attack With OSINT Tips and an Almost Disappointing Ending
On 2021 September 5, I bought a new domain, zh4ck.eth. This domain is interesting because I used magic Internet money (a.k.a cryptocurrency) to pay for it,…
SpeedHacking CTF at Hacktivity 2023 – Behind the Scenes
Introduction At this year’s Hacktivity conference we organized the SpeedHacking CTF competition. Now it’s time to tell you how the idea came together, what we did…
Win a PS5 at Our Speed Hacking CTF @ Hacktivity
If you like CTF games, you will have the opportunity to try your skills at the Hacktivity conference! On Friday, find the QR code at the…
I Sent Glitter, an AirTag, and Some Love to Facebook Marketplace Scammers
It is already late evening, and I just posted my old MacBook Pro for sale on Facebook Marketplace. I have sold many items this year, so…
Don’t Get Scammed Again: No One Can Recover Your Lost Funds
We have recently published a detailed article about a “pig butchering” cryptocurrency-related scam. This is a follow-up on what happens to victims after they lose significant…
IT Security Predictions for 2023
I know, I know, we are a bit late with this one, but better late than never 🙂 What everyone writing these predictions loves is that…
How I Got $88 from a WhatsApp Scammer And “Forgot” to “Reinvest” It
Warning: Don’t try this at home! Following these steps might involve you losing money. You have been warned! UPDATE: After sharing this story I got contacted…
Protecting the World, One NFT at a Time
At CUJO AI, we like to play with new technologies. And even though we have provided machine learning-based 0-day phishing protection since 2019, we do not…
MLSEC 2022 – The Winners and Some Closing Comments
And the winners of the MLSEC 2022 challenge are Facial Recognition First place – Alex Meinke Facial Recognition Second place – Zhe Zhao Phishing First Place…
How I Failed Twice… and Finally Passed the Offensive Security OSED 72-hour Exam (EXP-301)
If you’re not interested in the long introduction and just want to go straight to my write up of the attempts, start with “The First Try”…