Posts

Sunsetting Domains

What to do when you no longer need a domain

Read more

Amature.

The wrong people in the room when the decisions where made to reduce citizen data security.

Read more

Threat Modeling ? Not My Cup of Tea...

Threat Modeling is not everyone's cup of tea, but let's threat model everyone's cup of tea.

Read more

The BYOD Post.

BYOD Problem, options.

Read more

Files, Folders & Fun (revisited)

Playing with folder resolution to build a better pretext

Read more

The Cost of Expiration

Who needs to know when a domain has expired ? It Depends, and it Deepens.

Read more

File Folding.

File Folding is a technique that moves a file into hex, and that hex is broken into folder file names in a fashion that can be reconstructed.

Read more

Untrusted Wi-Fi Networks, Advice for All.

Nine words unpacked.

Read more

Data-bouncing

Data-Bouncing - The art of indirect exfiltration. Using & Abusing Trusted Domains as a 2nd Order Transport.

Read more

Securing Ghost Blog Authentication with Cloudflare's ZeroTrust Access Policy

How to implement MFA in Ghost Blog with Cloudflare's Zerotrust Access Policy.

Read more

Three-Word Password Attacks

OffSec

The idea behind three word passwords as a concept is in my opinion a nice nudge in the right direction, In a perfect world, a passphase or a sentence

Read more

Get TI from historical breach data?

OSINT

We can do more with breach data.

Read more

Identity Inheritance via expired domains

Exploitation

I wonder if any of these leaked email address domains are expired, and I wonder if I can buy them and inherit the identities associated with them via password resets

Read more

Inference.

OSINT

The way we leak information will eventually change...

Read more

'ExpLoading'

Exploitation

If you have ever dismissed a search order binary plant attack because the folder from where it takes place doesn’t allow for writes without elevation?

Read more

Bigger Benefits of Password Cracking

EntSec

Visibility everywhere yeilds a better understanding of work working, or work needing more support or new approaches. this is that for AD passwords en-mass.

Read more

Paying or Preventing Ransom Payments

Random

Don't make criminals of victims, think a little harder on this problem.

Read more

DNS Security TXT

Ideas

DNS Security TXT record A method to hold security contact signposting from an authoritative position - from Casey Ellis & myself https://dnssecuritytxt.org/?tc

Read more

Vertical Vulnerability Managment

InfoSec

Vulnerabilities are technology, security and risk vertical, as should be the management.

Read more

The Internet Facing Velocity Problem

EntSec

It's probably faster to find a flaw in all IPv4 Assets with Open-source attack and exploit validation tools than it is for someone internal to hunt down the owners, maintainers and appropriate people for remedial actions - The Internet Facing Velocity Problem

Read more