Go Count Hashes
I do a fair amount of itch-scratching, where you see an anti-pattern and a small explosion of failures present themselves, and you're there to put the little fires out, b
Inference.
The way we leak information will eventually change, but for now we're overlooking this because there isnt enough known-bad events to support the change, aside from those
'ExpLoading'
If you have ever dismissed a search order binary plant attack because the folder from where it takes place doesnβt allow for writes without elevation?
Bigger Organisational Benefits of Password Cracking
Visibility everywhere yeilds a better understanding of work working, or work needing more support or new approaches. this is that for AD passwords en-mass.
Paying or Preventing Ransom Payments
Don't make criminals of victims, think a little harder on this problem.
DNS Security TXT
DNS Security TXT record A method to hold security contact signposting from an authoritative position
Design Ownership
I wanted to write about attitudes on credential stuffing, whose responsiblity it is, human behaviour, technology ecosystem and generally rant away as usual.
Vertical Vulnerability Managment
Vulnerabilities are technology, security and risk vertical, as should be the management.
The Internet facing velocity problem
This post is mostly framed at big-game infrastructure, but there is no reason why you cant take what you want from it and get your wins. Think about the process involved
DNS Stewardship
JML for DNS anyone ? Keep it Simple.