Skip to content
CTUS.IO Logo
  • Consulting Services
    • Enterprise Security
    • E-Commerce Security
    • Application Security
    • Offensive Security
    • Security Task Relief
    • SSDLC Support
    • The Skinny
  • Cheat SheetsConsiderations
  • Posts
  • Subrosa
  • MiscEverything Else

Landing

LandingCarroll2018-11-27T23:30:01+00:00

no, yeah… yeah no…

A quick post about an article on LinkedIn about 'Pentester Syndrome'  the link on linkedin is over http so apologies, it wasn't me setting the...
Read more

The Crowd, The Source… 

This week I saw Synack and HackerOne share some information about moving into other offerings, I wanted to talk about them and explore what it...
Read more

Malware Not Needed?

Recently had a *duh* moment while playing with the 'opened folder' canary technique used by http://canarytokens.org/ - a Thinkst* project One of the Canary triggers...
Read more

EAI

External Authentication Injection - What is it? It's applying folder level authentication to abuse web applications or client browsers, how you introduce it is based...
Read more

Prey or Pray

I've started making some designs for fun, T-shirt-able nerdy text puns and shit like that :: here or click the big text below funny for...
Read more

A Method of Disclosing .Onions

tl;dr Browsing via Tor is still fine, Hosting onions ... (possibly) less fine. This post is in theory, sound, however executing it would take real...
Read more

Kawasaki Analise …

So, I'm out here in Goa India at the moment Mysuru India (now) escaping the cold, I've just wound up a little bit of Appsec work...
Read more

Lowkey Enterprise Asset Assurance

The Skinny Many of you will be familiar with the starters and leavers process in organisations, we all have to do it. take the same...
Read more

BugBounty != Security Consulting

It's been getting harder and harder to put your finger on the differences between Bug-bounty and Security Consulting/Testing for some, mostly due to the massive...
Read more

Cover Your Own Ass(ets)

I've reached a point in my professional life where as much as I love popping & dropping (shell's and domain controllers) it's actually more effective...
Read more

Password bAdvice

TL;DR : Guy who knows everyone has weak passwords, tells them it's their fault they get hacked, yet, it's not their fault he has their...
Read more

Active Directory Integrated Network Appliances

That's a Nice Palo-Alto Firewall  Forescout Active Directory Integrated Network Appliance you have there ... be a shame if it: Exposed it's PAN Agent hashes to...
Read more

Enterprise Security

Suspendisse potenti. Nullam dictum dapibus leo. Donec vel risus a nisl fringilla facilisis ac vitae felis. In accumsan placerat tortor et fermentum. In feugiat, justo...
Read more

Contact

Email john.carroll@ctus.io | gpg C71EBE4A

Phone 020 8133 7637

Skype Call

LinkedIn Connect

Signal & WhatsApp available on Request

Documents

Sample Pentest Report – Coming Soon

Sample OSINT Report – Coming Soon

Sample SUBROSA Report

Visitor

Country – United States

IP – 54.147.29.160

 

  • Slackor is a RAT written in Golang that uses Slack as a C2 channel. Today I’m releasing it open source for all to e… twitter.com/i/web/status/1…

    5 hours ago
©2019 CTU SECURITY LIMITED - 09698773