Posts
Threat Modeling ? Not My Cup of Tea...
Threat Modeling is not everyone's cup of tea, but let's threat model everyone's cup of tea.
Read more
The Cost of Expiration
Who needs to know when a domain has expired ?
It Depends, and it Deepens.
Read more
File Folding.
File Folding is a technique that moves a file into hex, and that hex is broken into folder file names in a fashion that can be reconstructed.
Read more
Data-bouncing
Data-Bouncing - The art of indirect exfiltration. Using & Abusing Trusted Domains as a 2nd Order Transport.
Read more
Securing Ghost Blog Authentication with Cloudflare's ZeroTrust Access Policy
How to implement MFA in Ghost Blog with Cloudflare's Zerotrust Access Policy.
Read more
Three-Word Password Attacks
The idea behind three word passwords as a concept is in my opinion a nice nudge in the right direction, In a perfect world, a passphase or a sentence
Read more
Identity Inheritance via expired domains
I wonder if any of these leaked email address domains are expired, and I wonder if I can buy them and inherit the identities associated with them via password resets
Read more
'ExpLoading'
If you have ever dismissed a search order binary plant attack because the folder from where it takes place doesn’t allow for writes without elevation?
Read more
Bigger Benefits of Password Cracking
Visibility everywhere yeilds a better understanding of work working, or work needing more support or new approaches. this is that for AD passwords en-mass.
Read more
Paying or Preventing Ransom Payments
Don't make criminals of victims, think a little harder on this problem.
Read more
DNS Security TXT
DNS Security TXT record
A method to hold security contact signposting from an authoritative position - from Casey Ellis & myself https://dnssecuritytxt.org/?tc
Read more
Vertical Vulnerability Managment
Vulnerabilities are technology, security and risk vertical, as should be the management.
Read more