Author: Matt

Matt Burrough is a Senior Penetration Tester at Microsoft, focusing on the company’s internal assets and cloud deployments. Before moving to a security role, he was a developer and also spent five years debugging, code reviewing, and reverse engineering Windows at Microsoft. Matt also worked at NPR creating new technology for digital radio, including the first ever close-captioned radio broadcasting system. Matt has a passion for computer security and holds a Master’s degree in Computer Science and a graduate certificate in Computer Security from the University of Illinois at Urbana-Champaign. He also graduated from Rochester Institute of Technology with a Bachelor of Science in Networking, Security, and System Administration.

Layer8 Master Key Talk Now Online

If you didn’t have a chance to see my talk on master key attacks at last year’s Layer 8 conference, it’s now available for viewing on YouTube. Enjoy!

Matt April 30, 2021 April 30, 2021 Locksport / Pentesting / Speaking

Repinning an American 1305

For the past six months, I’ve been focused on a project I hope to share with everyone very soon. In the meantime I took a break a couple of days ago to work on building a progressive set of American 1305 locks – removing 1, 2, and 3 pins from …

Matt March 25, 2021 March 25, 2021 Locksport

SANS Keynote Recording Available

My SANS keynote talk on cloud red teaming has been shared on YouTube here. I’ve also posted the slides for it here. Enjoy!

Matt August 8, 2020 April 30, 2021 Pentesting / Speaking

Master Key Attacks Talk at Layer 8

Today I’ll be giving an updated talk on attacks against master keyed systems at the TOOOL virtual Lock Pick Village at the Layer 8 Conference at 10 AM Pacific/1 PM Eastern. I hope you’ll be able to attend!

Matt June 6, 2020 June 6, 2020 Locksport / Pentesting / Speaking

SANS Cloud Summit Keynote

If you are interested in cloud security, take a look at the 2020 SANS Cloud Summit coming up at the end of May. In addition to some greats SANS courses, like 545, they are also hosting a virtual CTF and have a series of speakers to kick off the event. …

Matt April 28, 2020 April 28, 2020 Speaking

New Impressioning Meetup

Join us Sunday, March 8 at 1:00 PM at Black Lodge Research in Redmond, WA for Seattle Locksport‘s first lock impressioning meetup. All experience levels welcome! We’ll have all the gear, locks, and key blanks you need. We’ll be meeting every 2nd Sunday of the month to practice, teach, learn, …

Matt February 20, 2020 February 20, 2020 Locksport

DEF CON 27 Talk: Master Key Insider Attacks

Earlier this month, I spoke at DEF CON 27’s Lock Pick Village on insider attacks that can be executed on master-keyed systems. (Note: Not Master brand locks. 😊) A copy of my slides can be downloaded from: https://burrough.org/papers/Burrough-DC27_Master_Key_Talk.pdf. AbstractAs a lock enthusiast and professional pentester, I think a lot about …

Matt August 20, 2019 August 20, 2019 Locksport / Speaking

Pentesting Azure Apps in another Humble Bundle

If you missed the first Humble Bundle, my book is now available in No Starch Press’ “Hacking 2.0” bundle: https://www.humblebundle.com/books/hacking-no-starch-press-books. Pay $8 or more and get my eBook, along with several other great tiles, and you’ll also support great charities like the EFF. Just be quick – the bundle is …

Matt May 29, 2019 May 29, 2019 Azure Book

SANS Holiday Hack Challenge Recognition

Ed & his team at CounterHack/SANS announced the winners of the 2018 SANS Holiday Hack Challenge this week. While I didn’t win, my report did get an honorable mention! Not bad for my first year playing. If you’d like to see my entry, you can download it here. Thanks to …

Matt March 24, 2019 March 24, 2019 Pentesting

My Solution for SANS Holiday Hack Challenge

Late last year I decided to spend some time during the holidays to work on the SANS Holiday Hack Challenge. I’ve looked at a few of their challenges in the past, but never during the actual competition period, and never going through an entire year’s challenge. I’m very happy I …

Matt January 23, 2019 January 23, 2019 Pentesting