Malware Not Needed?
Recently had a *duh* moment while playing with the 'opened folder' canary technique used by http://canarytokens.org/ - a Thinkst* project One of the Canary triggers works [...]
EAI
External Authentication Injection - What is it? It's applying folder level authentication to abuse web applications or client browsers, how you introduce it is based on [...]
Prey or Pray
I've started making some designs for fun, T-shirt-able nerdy text puns and shit like that :: here or click the big text below funny for anyone [...]
A Method of Disclosing .Onions
tl;dr Browsing via Tor is still fine, Hosting onions ... (possibly) less fine. This post is in theory, sound, however executing it would take real collaboration [...]
Kawasaki Analise …
So, I'm out here in Goa India at the moment Mysuru India (now) escaping the cold, I've just wound up a little bit of Appsec work for [...]
Lowkey Enterprise Asset Assurance
The Skinny Many of you will be familiar with the starters and leavers process in organisations, we all have to do it. take the same thinking [...]
BugBounty != Security Consulting
It's been getting harder and harder to put your finger on the differences between Bug-bounty and Security Consulting/Testing for some, mostly due to the massive social [...]
Cover Your Own Ass(ets)
I've reached a point in my professional life where as much as I love popping & dropping (shell's and domain controllers) it's actually more effective that [...]
Password bAdvice
TL;DR : Guy who knows everyone has weak passwords, tells them it's their fault they get hacked, yet, it's not their fault he has their passwords. [...]
Active Directory Integrated Network Appliances
That's a Nice Palo-Alto Firewall Forescout Active Directory Integrated Network Appliance you have there ... be a shame if it: Exposed it's PAN Agent hashes to the [...]