Domain Insights, hidden value ?

I wonder if any of these leaked email address domains are expired, and I wonder if I can buy them and inherit the identities associated with them via password resets

3 min read β€” Published: 5 days ago β€” Category: Appsec

Inference.

The way we leak information will eventually change, but for now we're overlooking this because there isnt enough known-bad events to support the change, aside from those

4 min read β€” Published: 23 days ago

'ExpLoading'

If you have ever dismissed a search order binary plant attack because the folder from where it takes place doesn’t allow for writes without elevation?

4 min read β€” Published: 2 months ago β€” Category: Exploitation

DNS Security TXT

DNS Security TXT record A method to hold security contact signposting from an authoritative position

3 min read β€” Published: 2 months ago β€” Category: Cyber Security

Design Ownership

I wanted to write about attitudes on credential stuffing, whose responsiblity it is, human behaviour, technology ecosystem and generally rant away as usual.

3 min read β€” Published: 2 months ago β€” Category: Appsec

The Internet facing velocity problem

This post is mostly framed at big-game infrastructure, but there is no reason why you cant take what you want from it and get your wins. Think about the process involved

4 min read β€” Published: 2 months ago

DNS Stewardship

JML for DNS anyone ? Keep it Simple.

2 min read β€” Published: 2 months ago β€” Category: DNS