John Carroll
Data-bouncing
Data-Bouncing - The art of indirect exfiltration. Using & Abusing Trusted Domains as a 2nd Order Transport.
Read more
Securing Ghost Blog Authentication with Cloudflare's ZeroTrust Access Policy
How to implement MFA in Ghost Blog with Cloudflare's Zerotrust Access Policy.
Read more
Three-Word Password Attacks
The idea behind three word passwords as a concept is in my opinion a nice nudge in the right direction, In a perfect world, a passphase or a sentence
Read more
Identity Inheritance via expired domains
I wonder if any of these leaked email address domains are expired, and I wonder if I can buy them and inherit the identities associated with them via password resets
Read more
'ExpLoading'
If you have ever dismissed a search order binary plant attack because the folder from where it takes place doesn’t allow for writes without elevation?
Read more
Bigger Benefits of Password Cracking
Visibility everywhere yeilds a better understanding of work working, or work needing more support or new approaches. this is that for AD passwords en-mass.
Read more
Paying or Preventing Ransom Payments
Don't make criminals of victims, think a little harder on this problem.
Read more