{"id":146607845,"date":"2023-06-10T21:44:00","date_gmt":"2023-06-10T21:44:00","guid":{"rendered":"https:\/\/danconn.dev\/blog\/2023\/06\/10\/the-anatomy-of-a-hack-24hrs-in-devsecops-er\/"},"modified":"2024-07-28T10:40:16","modified_gmt":"2024-07-28T10:40:16","slug":"the-anatomy-of-a-hack-24hrs-in-devsecops-er","status":"publish","type":"post","link":"https:\/\/danconn.dev\/blog\/2023\/06\/10\/the-anatomy-of-a-hack-24hrs-in-devsecops-er\/","title":{"rendered":"The Anatomy of a Hack: 24hrs in DevSecOps ER."},"content":{"rendered":"\n

Going back to the 26th April when I had a wonderful time speaking at DevOpsDays Geneva and was able to speak there too. <\/h2>\n\n\n\n
\n
\n
\n
\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n
\n\n\n

Geneva! It\u2019s a place that I\u2019ve always wanted to go to but never had a reason to, until now. I was asked if I would like to submit a talk to DevOpsDays Geneva and I jumped at the chance!

DevOpsDays Geneva is a lovely conference. I found that while there were many French talk, there were a great deal in English too. This allowed for me to see a fair few talks and enjoy things as sadly my French est tr\u00e9s mal. The team did a great job at looking after us speakers, but a lot of care and attention had gone into making attendees feeling welcome and comfortable. It was one of my favourites of this past year, to be honest.<\/p>\n\n\n\n

Feeling worse for wear<\/h1>\n\n\n\n

I was feeling very tired when I got to Geneva. I took the 8:30am flight from London City Airport and arrived there at 11am, having ran the London Marathon <\/a>the previous day. I had done some reading prior about keeping hydrated with water (absolutely no alcohol) and lots of carbs and protein to repair. But most importantly, moving my foot, ankle and legs to avoid deep vein thrombosis and blood clot complications, as the risk increases after running a marathon<\/a>! <\/p>\n\n\n\n

Luckily I arrived in one piece, and got stuck straight in to seeing what was going on at the conference. I saw some great talks but then dropped my stuff off at my hotel. Sadly I needed to rest as had a bit of a weird back and leg spasm. I was OK but I guess a lot of travel and walking took it\u2019s toll after the previous day!<\/p>\n\n\n\n

The Hack Is Ready For Dissecting<\/h1>\n\n\n\n

So, the talk! I really enjoyed this one! <\/p>\n\n\n\n

Firstly, it was great to start after the whole auditorium had been throwing paper aeroplanes around to win a prize! It was great fun to watch!

Secondly, it was something incredibly personal. This talk was based on the first time I\u2019d got hacked, not very long into my first dev role. <\/p>\n\n\n\n

This experience started my cyber security journey and led me to essentially do an application security engineer role alongside my dev role, because I always wanted to be building things to prevent this happening again. While some colleagues were supportive, others not so much as 10 years ago cyber security was not really a thing to worry about. In fact many people above me might have heard the term secure coding, but they weren\u2019t really aware of how to do it, a lot of the time. And that\u2019s OK, it wasn\u2019t what they were paid to do, and they did want to learn later. That\u2019s all you can ask really.<\/p>\n\n\n\n

Anyhow, this was the story of what it was like to fall prey to something known as the Tim Thumb vulnerability. It affected WordPress sites and highlighted how something meant for a rather innocuous purpose can turn into a very big headache. Although there are some similarities with some real life events, things have been changed so we don\u2019t call anyone out.

Check out the video and hope you like it!<\/p>\n\n\n\n

\n