Craig Jones
π€ SpeakerAppearances Over Time
Podcast Appearances
And we could tell in the logs that they...
they were mistyping the password, you know?
And, you know, the person who'd obviously taken the key had obviously tried to relay onto another person, and they were mistyping this thing.
You immediately knew then that this wasn't just, like, a dude.
You know, this was a serious operation.
Well, we actually had an external bug bounty report as a SQLI injection.
And what was kind of weird about it was, you know, I remember the user actually claiming to be from Australia, but they had a Chinese name, you know.
Now, at the time, we didn't have amazing telemetry from any of the software firewalls.
We had kind of base telemetry, which gave you like... It was really designed for product managers to understand what features that users were using.
So they understood where to put their kind of limited resource time into, right?
So we had that, and we had a really good idea of like...
where all of the serial numbers for these devices sat and their IP addresses associated to it.
So it's always kind of interesting to correlate the IP with the intended location of the researcher.
It's one that had never been turned on before, which was pretty suspicious.
It was a serial number that had just come from a web trial of a VM.