Next at #SteelCon was a talk about Threat Modelling, slides are available here: https://github.com/ajones17/TMT2025

They mentioned using the free Microsoft Threat Modelling software, available at https://aka.ms/tmt, and the various frameworks available:

STRIDE: https://www.microsoft.com/en-us/security/blog/2007/09/11/stride-chart/
PASTA: https://versprite.com/cybersecurity-listings/offsec/threat-models/
DREAD: https://download.microsoft.com/download/d/8/c/d8c02f31-64af-438c-a9f4-e31acb8e3333/Threats_Countermeasures.pdf

One interesting thing that makes sense, but I'd not really thought about, was that new supplier "offboarding" should be written at the same time as "onboarding" docs.
If nothing else, it should signal to the supplier that you have thought about an exit strategy.

Next at #SteelCon I went to "Hacking Stripe Integrations to Bypass E-Commerce Payments" by Ananda Dhakal, who was part of the Nepal team of hackers that were assigned Stripe as a target of a 2023 competition.
They found some vulnerabilities.

One was that you could basically edit the HTML to lower the postage rate to "0" and the system would accept it and honour the transaction 🤣

Next year they were assigned the same target and found more!

The next one I heard at #Steelcon was "Fantastic crypto failures and where to find them" which was interesting, although I didn't understand all of it.

As @metacosm said, it was really aimed at developers, which are unlikely to be in the audience.

#SteelCon Adaora Uche - #Scams, #Sextortion and Snapchats: Keeping Gen-Alpha Safe in a Digital Wild West

Within 19 hrs of 1 guy in the US starting chatting with a sextorter on the Wizz app, he had killed himself. This was not the only example.

In the audience, someone from a school said they had a teacher disappear recently from a secondary school, and it turned out he was being investigated for being inappropriate with 20 kids from the school. She is dealing with the fallout with 6 of the children.

Someone else in the audience was sextorted, and was threatened with her parents and work being told. She bravely didn't give in to their demands.
A credit to her parents, they basically said "what is your point? we've seen her nude before" 🤣
She said it was an interesting talk with her employer, however 😢

I had a good day at #Steelcon yesterday.
I joined the "Exploring Windows with PowerShell" workshop, and although I have used #PowerShell off and on for years, I still learnt loads.
There are some interesting code samples here: https://pastebin.com/u/guyrleech and here: https://github.com/guyrleech

I also met some nice people, and am looking forward to some interesting talks today.