The internet is full of bots and some aren't nice (DDoS, scraping, exploits, AI..). To block bots, we must identify them in the traffic. That's hard as some pretend to be human/browsers! Let's explore JA3/JA4 hashes, fingerprinting the TLS handshake.

There was a recent incident where Microsoft somehow allegedly blocked a mailbox of a sanctioned individual. Any organization highly depending on MS products that might come into the crosshair should ask - can this happen to me?

Ah, to be a phisher on a sunny day. Throw your bait, crack a beer - but where would I go to set up my tools?

You can actually calculate an upper-bound cost for cracking your passwords via offline attacks. This is how.

You can actually calculate an upper-bound cost for cracking your passwords via offline attacks. This is how.

Talk about security best practices for Copilot solutions, taking inspiration from MS GitHub Copilot and OWASP Top10 for LLMs.

Observing a highly-scalable phishing as a service campaign.

Are there any options on how to prevent GitHub Copilot to process our secrets?