Landing

This week I saw Synack and HackerOne share some information about moving into other offerings, I wanted to talk about them and explore what it...
Read more

Recently had a *duh* moment while playing with the 'opened folder' canary technique used by http://canarytokens.org/ - a Thinkst* project One of the Canary triggers...
Read more

External Authentication Injection - What is it? It's applying folder level authentication to abuse web applications or client browsers, how you introduce it is based...
Read more

I've started making some designs for fun, T-shirt-able nerdy text puns and shit like that :: here or click the big text below funny for...
Read more

tl;dr Browsing via Tor is still fine, Hosting onions ... (possibly) less fine. This post is in theory, sound, however executing it would take real...
Read more

So, I'm out here in Goa India at the moment Mysuru India (now) escaping the cold, I've just wound up a little bit of Appsec work...
Read more

The Skinny Many of you will be familiar with the starters and leavers process in organisations, we all have to do it. take the same...
Read more

It's been getting harder and harder to put your finger on the differences between Bug-bounty and Security Consulting/Testing for some, mostly due to the massive...
Read more

I've reached a point in my professional life where as much as I love popping & dropping (shell's and domain controllers) it's actually more effective...
Read more

TL;DR : Guy who knows everyone has weak passwords, tells them it's their fault they get hacked, yet, it's not their fault he has their...
Read more

That's a Nice Palo-Alto Firewall  Forescout Active Directory Integrated Network Appliance you have there ... be a shame if it: Exposed it's PAN Agent hashes to...
Read more

Suspendisse potenti. Nullam dictum dapibus leo. Donec vel risus a nisl fringilla facilisis ac vitae felis. In accumsan placerat tortor et fermentum. In feugiat, justo...
Read more