Inference.

The way we leak information will eventually change, but for now we're overlooking this because there isnt enough known-bad events to support the change, aside from those

4 min read β€” Published: 3 months ago

'ExpLoading'

If you have ever dismissed a search order binary plant attack because the folder from where it takes place doesn’t allow for writes without elevation?

4 min read β€” Published: 4 months ago β€” Category: Exploitation

DNS Security TXT

DNS Security TXT record A method to hold security contact signposting from an authoritative position

3 min read β€” Published: 4 months ago β€” Category: Cyber Security

Design Ownership

I wanted to write about attitudes on credential stuffing, whose responsiblity it is, human behaviour, technology ecosystem and generally rant away as usual.

3 min read β€” Published: 4 months ago β€” Category: Appsec

The Internet facing velocity problem

This post is mostly framed at big-game infrastructure, but there is no reason why you cant take what you want from it and get your wins. Think about the process involved

4 min read β€” Published: 4 months ago

DNS Stewardship

JML for DNS anyone ? Keep it Simple.

2 min read β€” Published: 4 months ago β€” Category: DNS

OWASP Top 10 - 2021

This post is as much as an internal sit-rep as it is one for others to witness, share and challenge, I'm trying to understand the Top10's value eleven years on, the current top10 (2021) is in draft and open for comment, I've put my comments here, as well as the opening to this conversation on github

4 min read β€” Published: 4 months ago β€” Category: Appsec