Craig HaysAdmin of One — A Powerful Way to Highly Limit Blast RadiusOne of the most important principles of cyber security is Admin of One. By reducing the number of devices a password can manage to a…Jun 4, 2023Jun 4, 2023
Craig HaysinInfoSec Write-upsNmap OS Detection: Easy, Fast, and Powerful Examples [How To Guide]Nmap OS detection is a quick and powerful way to determine what operating system a remote device is running. Here’s how to use it.Sep 22, 2022Sep 22, 2022
Craig HaysinInfoSec Write-upsHow Hackers Use Open-Source Intelligence to Ransomware CompaniesDemonstrating with a real company how a hacker can compromise an organisation in under 2 hours using OSINT and social engineering.Sep 10, 20214Sep 10, 20214
Craig HaysinInfoSec Write-upsHow I Bought a £240.00 Annual Subscription for Bargain £0.01I found a way to alter a premium subscription service price and bought it for a penny. This is how I did it.Aug 11, 20211Aug 11, 20211
Craig HaysinInfoSec Write-upsPre-Account Takeover by Reversing a Weak Email Verification Token AlgorithmI spoofed access to other people’s email in order to pre-steal user accounts before they are first registered. Here’s how I did it.Jul 22, 20212Jul 22, 20212
Craig HaysinInfoSec Write-upsCracking Encrypted Credit Card Numbers Exposed By APII found an API that exposed encrypted credit card numbers. Here’s how I cracked them to reveal the full card details.Jun 22, 20211Jun 22, 20211
Craig HaysinInfoSec Write-upsOne Time Code Bypass With An Inverted Brute-Force Attack“We’ve sent a six-digit code to your email address. Enter it below to login.”Jun 18, 20211Jun 18, 20211
Craig HaysinDigital DiplomacyWhy You Should Never Trust a Free Proxy ServerFree and open proxy servers promise anonymous internet access, but at what cost?Nov 6, 20201Nov 6, 20201
Craig HaysinThe StartupHow Phishing Websites Use Captcha to Fool Browsers and PeopleEvading detection and building trust with Captcha challenges and Smishing attacks.Oct 30, 2020Oct 30, 2020
Craig HaysinThe StartupPhishing Email to Company Devastating Ransomware in 5 HoursHow hackers manually escalated from a malicious email to a devastating, company-wide ransomware takeover in under 5 hours.Oct 25, 2020Oct 25, 2020