BugCrowd & Researcher Philosophy Thoughts
Organisations Should never use in-house triage, Hunters and researchers should only use them as a payment platform. that's it on a napkin.
Read more
Posts
HP Aruba Privileged Escalation Dec 2025
The HP Aruba VIA VPN client for Linux contains a local privilege escalation vulnerability that allows any unprivileged local user to gain root access. - CVE-2025-37186
Read more
Poll-Dancing & Age Verification
Poll-Dancing & Age Verification - a critical view of yougov's obvious biased framing of the age verification shit-show
Read more
Threat Modeling ? Not My Cup of Tea...
Threat Modeling is not everyone's cup of tea, but let's threat model everyone's cup of tea.
Read more
Files, Folders & Fun (revisited)
Playing with folder resolution to build a better pretext
Read more
The Cost of Expiration
Who needs to know when a domain has expired ?
It Depends, and it Deepens.
Read more
File Folding.
File Folding is a technique that moves a file into hex, and that hex is broken into folder file names in a fashion that can be reconstructed.
Read more
Data-bouncing
Data-Bouncing - The art of indirect exfiltration. Using & Abusing Trusted Domains as a 2nd Order Transport.
Read more
Securing Ghost Blog Authentication with Cloudflare's ZeroTrust Access Policy
How to implement MFA in Ghost Blog with Cloudflare's Zerotrust Access Policy.
Read more
Three-Word Password Attacks
The idea behind three word passwords as a concept is in my opinion a nice nudge in the right direction, In a perfect world, a passphase or a sentence
Read more
Identity Inheritance via expired domains
I wonder if any of these leaked email address domains are expired, and I wonder if I can buy them and inherit the identities associated with them via password resets
Read more