Three-Word Password Attacks
The idea behind three word passwords as a concept is in my opinion a nice nudge in the right direction, In a perfect world, a passphase or a sentence
Read more
John Carroll
Identity Inheritance via expired domains
I wonder if any of these leaked email address domains are expired, and I wonder if I can buy them and inherit the identities associated with them via password resets
Read more
'ExpLoading'
If you have ever dismissed a search order binary plant attack because the folder from where it takes place doesn’t allow for writes without elevation?
Read more
Bigger Benefits of Password Cracking
Visibility everywhere yeilds a better understanding of work working, or work needing more support or new approaches. this is that for AD passwords en-mass.
Read more
Paying or Preventing Ransom Payments
Don't make criminals of victims, think a little harder on this problem.
Read more
DNS Security TXT
DNS Security TXT record
A method to hold security contact signposting from an authoritative position - from Casey Ellis & myself https://dnssecuritytxt.org/?tc
Read more
Vertical Vulnerability Managment
Vulnerabilities are technology, security and risk vertical, as should be the management.
Read more
The Internet Facing Velocity Problem
It's probably faster to find a flaw in all IPv4 Assets with Open-source attack and exploit validation tools than it is for someone internal to hunt down the owners, maintainers and appropriate people for remedial actions - The Internet Facing Velocity Problem
Read more