What motivates attackers to dump data publicly? How is it sold, traded and redistributed and for that matter, what even causes people to go public with it? These are all questions I’ve dealt with over the years running the ethical data breach search service “Have I been pwned”. It’s also given me the opportunity to interact with everyone from the attackers breaching these systems to the impacted organisations to law enforcement agencies.
In this talk, I'll share the lessons learned from working with billions of publicly dumped records as a result of major data breaches. The talk sheds light on how this class of adversary operates and the weaknesses within organisations they continually manage to exploit. It's a unique inside look at security from a very real world and very actionable perspective.
Troy Hunt is a Pluralsight author, Microsoft MVP and world-renowned internet security specialist. He spend his time teaching developers how to break into their own systems before helping to piece them back together to be secure against today’s online threats. He’s also the creator of “Have I been pwned?”, the free online service for breach monitoring and notifications. Troy regularly blogs at troyhunt.com from his home in Australia.