Inference.
The way we leak information will eventually change, but for now we're overlooking this because there isnt enough known-bad events to support the change, aside from those
The way we leak information will eventually change, but for now we're overlooking this because there isnt enough known-bad events to support the change, aside from those
If you have ever dismissed a search order binary plant attack because the folder from where it takes place doesnβt allow for writes without elevation?
Visibility everywhere yeilds a better understanding of work working, or work needing more support or new approaches. this is that for AD passwords en-mass.
Don't make criminals of victims, think a little harder on this problem.
DNS Security TXT record A method to hold security contact signposting from an authoritative position
I wanted to write about attitudes on credential stuffing, whose responsiblity it is, human behaviour, technology ecosystem and generally rant away as usual.
Vulnerabilities are technology, security and risk vertical, as should be the management.
This post is mostly framed at big-game infrastructure, but there is no reason why you cant take what you want from it and get your wins. Think about the process involved
JML for DNS anyone ? Keep it Simple.
This post is as much as an internal sit-rep as it is one for others to witness, share and challenge, I'm trying to understand the Top10's value eleven years on, the current top10 (2021) is in draft and open for comment, I've put my comments here, as well as the opening to this conversation on github