Installation Security Considerations
I'd wrote about this in on my old site, I didn't do a great job of migrating, but this is a useful tip for IT/Infosec concerned [...]
nessusd.exe LPE > SYSTEM
As a pen tester I've always had an account on a Nessus Pro, obviously that changes with the new model, but as a contractor I have [...]
The Wireless Problem
The right way to Guest-Network FOLLOWED BY WHY. Network Positioning Get off my LAN! Ideally a separate line completely, consider a guest network provider, let them [...]
no, yeah… yeah no…
A quick post about an article on LinkedIn about 'Pentester Syndrome' the link on linkedin is over http so apologies, it wasn't me setting the tone [...]
The Crowd, The Source…
This week I saw Synack and HackerOne share some information about moving into other offerings, I wanted to talk about them and explore what it means [...]
Malware Not Needed?
Recently had a *duh* moment while playing with the 'opened folder' canary technique used by http://canarytokens.org/ - a Thinkst* project One of the Canary triggers works [...]
EAI
External Authentication Injection - What is it? It's applying folder level authentication to abuse web applications or client browsers, how you introduce it is based on [...]
Prey or Pray
I've started making some designs for fun, T-shirt-able nerdy text puns and shit like that :: here or click the big text below funny for anyone [...]
A Method of Disclosing .Onions
tl;dr Browsing via Tor is still fine, Hosting onions ... (possibly) less fine. This post is in theory, sound, however executing it would take real collaboration [...]
Kawasaki Analise …
So, I'm out here in Goa India at the moment Mysuru India (now) escaping the cold, I've just wound up a little bit of Appsec work for [...]
Lowkey Enterprise Asset Assurance
The Skinny Many of you will be familiar with the starters and leavers process in organisations, we all have to do it. take the same thinking [...]
BugBounty != Security Consulting
It's been getting harder and harder to put your finger on the differences between Bug-bounty and Security Consulting/Testing for some, mostly due to the massive social [...]