I wonder if any of these leaked email address domains are expired, and I wonder if I can buy them and inherit the identities associated with them via password resets
The way we leak information will eventually change, but for now we're overlooking this because there isnt enough known-bad events to support the change, aside from those
If you have ever dismissed a search order binary plant attack because the folder from where it takes place doesn’t allow for writes without elevation?
Visibility everywhere yeilds a better understanding of work working, or work needing more support or new approaches. this is that for AD passwords en-mass.
Don't make criminals of victims, think a little harder on this problem.
DNS Security TXT record A method to hold security contact signposting from an authoritative position
I wanted to write about attitudes on credential stuffing, whose responsiblity it is, human behaviour, technology ecosystem and generally rant away as usual.
Vulnerabilities are technology, security and risk vertical, as should be the management.
This post is mostly framed at big-game infrastructure, but there is no reason why you cant take what you want from it and get your wins. Think about the process involved
JML for DNS anyone ? Keep it Simple.