Posts

I’ve come to recognize two distinct mindsets in security: those grounded in technical reality, and those I call the “boogeyman crew.” The latter operates on fear rather than facts, treating every scanner-flagged “CRITICAL!” finding as an equally urgent disaster. Their world is populated by various specters: the compliance boogeyman who’ll condemn them for not addressing every high-severity CVE regardless of context, the dreaded auditor who’ll condemn them for not following frameworks to the letter and, of course, the truly bad actors lying in wait. ...

Traditional vulnerability scanning has been a cornerstone of enterprise security programs for decades. However, some fundamental aspects of how these tools operate - and how quickly vulnerabilities are exploited in the wild - suggest we might need to reconsider this approach. This analysis explores why scanning might be problematic as a primary security measure, particularly for Internet-facing systems, and considers what alternatives might look like. The Empirical Case Against Scanning I’d like to explore some observations about how traditional network and web vulnerability scanners work and why their core premises might be problematic, particularly when assessing Internet-facing systems. While this analysis focuses primarily on Internet-exposed hosts, many of these fundamental limitations apply equally to internal systems that aren’t directly accessible from the Internet. ...

Built a tool called censyspy that simplifies FQDN discovery via Censys. While you can absolutely do all of this with the Censys CLI and their query syntax (which isn’t particularly complex), this wrapper makes it a bit more straightforward if you’re specifically hunting for FQDNs. Since Censys has such a massive certificate dataset, queries can take a few minutes to complete - the tool defaults to a 5-minute timeout which should be enough for most cases. ...

Welcome to my new blog. What to Expect I’ll be using this space to share: Security tools I build Analysis of interesting security problems Data-driven observations Technical experiments and results Random thoughts about security issues I encounter The focus will be primarily technical content, though I may occasionally venture into other topics that catch my interest. Coming Soon My next post will challenge the fundamental logic of vulnerability scanning and present a new paradigm for modern security. Stay tuned! ...