John Carroll

Privacy Engineering ?

Privacy

Grammarly taking more data than it should, a exploration and musings over the idea of privacy engineering in conjunction with application security assessments

Read more

Securing Ghost Blog Authentication with Cloudflare's ZeroTrust Access Policy

Random

How to implement MFA in Ghost Blog with Cloudflare's Zerotrust Access Policy.

Read more

Three-Word Password Attacks

OffSec

The idea behind three word passwords as a concept is in my opinion a nice nudge in the right direction, In a perfect world, a passphase or a sentence

Read more

Get TI from historical breach data?

OSINT

We can do more with breach data.

Read more

Identity Inheritance via expired domains

Exploitation

I wonder if any of these leaked email address domains are expired, and I wonder if I can buy them and inherit the identities associated with them via password resets

Read more

Beaker.

Random

Running a little port canary for half a year, observations, data, application, and thoughts.

Read more

Publicker

Defence

Cross-referencing acquired credentials against public known, known bad credentials in a bid to really hit home the cultural change required. or just fully breaking down a target.

Read more

Inference.

OSINT

The way we leak information will eventually change...

Read more

Go Count Hashes

InfoSec

Get more from your ntds.dit data, generally we acquire this file to maul an environment, but there's a blue way to provide value without cracking a single hash, it's to count them.

Read more

'ExpLoading'

Exploitation

If you have ever dismissed a search order binary plant attack because the folder from where it takes place doesn’t allow for writes without elevation?

Read more