Go Count Hashes

I do a fair amount of itch-scratching, where you see an anti-pattern and a small explosion of failures present themselves, and you're there to put the little fires out, b

3 min read β€” Published: 2 months ago

Inference.

The way we leak information will eventually change, but for now we're overlooking this because there isnt enough known-bad events to support the change, aside from those

4 min read β€” Published: 5 months ago

'ExpLoading'

If you have ever dismissed a search order binary plant attack because the folder from where it takes place doesn’t allow for writes without elevation?

4 min read β€” Published: 6 months ago β€” Category: Exploitation

DNS Security TXT

DNS Security TXT record A method to hold security contact signposting from an authoritative position

3 min read β€” Published: 6 months ago β€” Category: Cyber Security

Design Ownership

I wanted to write about attitudes on credential stuffing, whose responsiblity it is, human behaviour, technology ecosystem and generally rant away as usual.

3 min read β€” Published: 6 months ago β€” Category: Appsec

The Internet facing velocity problem

This post is mostly framed at big-game infrastructure, but there is no reason why you cant take what you want from it and get your wins. Think about the process involved

4 min read β€” Published: 6 months ago

DNS Stewardship

JML for DNS anyone ? Keep it Simple.

2 min read β€” Published: 6 months ago β€” Category: DNS