Craig Hays – Medium

Craig Hays

Admin of One — A Powerful Way to Highly Limit Blast Radius

One of the most important principles of cyber security is Admin of One. By reducing the number of devices a password can manage to a…

Jun 4, 2023

Admin of One — A Powerful Way to Highly Limit Blast Radius

Jun 4, 2023

Published in
InfoSec Write-ups

Nmap OS Detection: Easy, Fast, and Powerful Examples [How To Guide]

Nmap OS detection is a quick and powerful way to determine what operating system a remote device is running. Here’s how to use it.

Sep 22, 2022

Nmap OS Detection: Easy, Fast, and Powerful Examples [How To Guide]

Sep 22, 2022

Published in
InfoSec Write-ups

How Hackers Use Open-Source Intelligence to Ransomware Companies

Demonstrating with a real company how a hacker can compromise an organisation in under 2 hours using OSINT and social engineering.

Sep 10, 2021

How Hackers Use Open-Source Intelligence to Ransomware Companies

Sep 10, 2021

Published in
InfoSec Write-ups

How I Bought a £240.00 Annual Subscription for Bargain £0.01

I found a way to alter a premium subscription service price and bought it for a penny. This is how I did it.

Aug 11, 2021

How I Bought a £240.00 Annual Subscription for Bargain £0.01

Aug 11, 2021

Published in
InfoSec Write-ups

Pre-Account Takeover by Reversing a Weak Email Verification Token Algorithm

I spoofed access to other people’s email in order to pre-steal user accounts before they are first registered. Here’s how I did it.

Jul 22, 2021

Pre-Account Takeover by Reversing a Weak Email Verification Token Algorithm

Jul 22, 2021

Published in
InfoSec Write-ups

Cracking Encrypted Credit Card Numbers Exposed By API

I found an API that exposed encrypted credit card numbers. Here’s how I cracked them to reveal the full card details.

Jun 22, 2021

Cracking Encrypted Credit Card Numbers Exposed By API

Jun 22, 2021

Published in
InfoSec Write-ups

One Time Code Bypass With An Inverted Brute-Force Attack

“We’ve sent a six-digit code to your email address. Enter it below to login.”

Jun 18, 2021

One Time Code Bypass With An Inverted Brute-Force Attack

Jun 18, 2021

Published in
Digital Diplomacy

Why You Should Never Trust a Free Proxy Server

Free and open proxy servers promise anonymous internet access, but at what cost?

Nov 6, 2020

Never trust an open proxy server

Nov 6, 2020

Published in
The Startup

How Phishing Websites Use Captcha to Fool Browsers and People

Evading detection and building trust with Captcha challenges and Smishing attacks.

Oct 30, 2020

How Phishing Websites Use Captcha to Fool Browsers and People

Oct 30, 2020

Published in
The Startup

Phishing Email to Company Devastating Ransomware in 5 Hours

How hackers manually escalated from a malicious email to a devastating, company-wide ransomware takeover in under 5 hours.

Oct 25, 2020

Phishing Email to Company Devastating Ransomware in 5 Hours

Oct 25, 2020

Craig Hays

Craig Hays

FinTech startup to £105 million acquisition. Now I make stuff and help people with cyber security. https://craighays.com

Following

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams