Primary Content: Home

Graceful Security!


I post content about Information Security from the point of view of an attacker and show how to fix security issues. Hopefully something buried in here will be of use to any Penetration Testers, Security Consultants or people trying to defend against hackers!

The easiest way to navigate the site is by choosing a category above or scroll down to see the most recent posts!

Let me know what you think!     — @HollyGraceful



We’ve had a Data Breach – do we need to notify? [UK Law]

I’m going to go ahead and open with: I am not a lawyer. If you’ve had a data breach and you need to know if you should notify an authority, or the public, you should speak to a lawyer. Don’t take legal advice from a blog post. I was researching the requirement to disclose under UK law and I thought it was interesting so here are some (probably incomplete) notes to explain (my interpretation of) the current UK Law.

A Quick Malware Teardown

A follower sent me a suspicious looking file recently to get my opinion on its behavior and to see if I could pull out a little detail on how it’s working. “Suspicious looking” because at the time, it was getting a zero score on VirusTotal but it appeared to be doing something just a little dodgy in the background. I wanted to post some notes around my quick tear down of the malware show that since so much malware is poorly written and obfuscated you can often do a large amount of analysis of a file’s behaviour in a short period of time.