Craig Hays

Craig Hays

I’m Craig Hays, a writer, musician, academic researcher, failed skydiver, movie producer, FinTech startup to £105m-acquisition veteran, public speaker, and maker of things.

Craig Hays

Right now I’m focusing my attention on cybersecurity and helping people and organisations defer inevitable cyber-attacks such as ransomware, data theft, and cyber-enabled fraud for as long as possible.

In The Press

RE: Human Layer Security Podcast – Episode 7 – “How to Hack a Human” with Craig Hays, Ethical Hacker

Craig Hays – Open-Source intelligence (OSINT) in Cyber Security #Cyberfest21 [1:52:22 onwards]

CISOOnline.com

How Corporate Data and Secretes Leak from GitHub Repositories

Research Papers

How to Hack a Human, Tessian.com, (January 2021)

What happened when I leaked my server password on Github.com, CraigHays.com, (June 2020)

Bypassing internet service provider traffic shaping with peer-to-peer file sharing through deliberate false positives, IEEE/IET Communications, Volume: 5 Issue: 11 (August 2011)

I’m also the curator of:

Want to get smarter about cyber security? Join my growing list of newsletter readers for exclusive news, reviews, how-tos, and more.

[Cybersecurity] BeyondTrust Privileged Remote Access - Ultimate Deployment Guide

[Cybersecurity] Nmap OS Detection: Easy, Fast, and Powerful Examples [How To Guide]

[Cybersecurity] Vulnerability Scanning vs Penetration Testing: Why Both are Important

[Cybersecurity] Microsoft LAPS: Setup, Install, Use, And Secure With Multi-Factor Authentication

[Cybersecurity] CyberFest21

[Cybersecurity] How I Bought a £240.00 Annual Subscription for Bargain £0.01

[Cybersecurity] Pre-Account Takeover by Reversing a Weak Email Verification Token Algorithm

[Cybersecurity] Cracking Encrypted Credit Card Numbers Exposed By API

[Cybersecurity] One Time Code Bypass With An Inverted Brute-Force Attack

[Lifestyle] "Alexa, Put The Kids to Bed and Make Them Sleep"

[Cybersecurity] Why You Should Never Trust a Free Proxy Server

[Cybersecurity] How Phishing Websites Use Captcha to Fool Browsers and People

[Cybersecurity] Phishing Email to Company Devastating Ransomware in 5 Hours

[OSINT] How An Investigator Can Find Your Location From One Photograph

[Cybersecurity] Phishing with Worms - The Greatest Password Theft I've Ever Seen

[Learning] Five Life Lessons Learned by Learning to Cook

[Cybersecurity] Why Hackers Love User Accounts and How They Hack Them

[Cybersecurity] How to Sell Counterfeit Cash on Instagram in 7 Easy Steps

[startup] How I Built And Launched A Web App In Under 8 Hours

[Cybersecurity] Threat Intelligence and Why Nobody Hacked My Hackable Website

[Cybersecurity] 3 Tips To Run The Best Phishing Tests In The World

[Cybersecurity] Why More Than Half of Email Phishing Leaks Happen on Mobile Devices

[Cybersecurity] What Happened When I Leaked My Server Password on GitHub.com

[Cybersecurity] Save and Search Your Web Traffic Forever with elasticArchive for Mitmproxy

[Cybersecurity] Bug Bounty Hunting Tips #6 — Simplify

[Newsletter] Bug Bounty Tips #5, Half-Life Alyx, Everyone works from home, and more...

[Cybersecurity] Bug Bounty Hunting Tips #5 — Aim to Become World-Class in Your Niche

[Cybersecurity] Bug Bounty Tips #4, Covid-19 phishing, and more

[Cybersecurity] Bug Bounty Hunting Tips #4 — Develop a Process and Follow It

[Lifestyle] Why I Admire the Vanlife Man Camped Outside McDonald's

[Cybersecurity] How Will I Recover from Ransomware?

[Cybersecurity] Gaining Lateral Movement with SSH Password Sniffing

[Cybersecurity] How To Prevent Cloud Cost-Skimming Fraud

[Cybersecurity] Inside a Real SMS Phishing Attack (Smishing)

[Cybersecurity] How to Run a Phishing Simulation Test

[Cybersecurity] 9 Things I've Learned Writing Phishing Emails

[Cybersecurity] How to Define Vulnerability Testing Scope

[Cybersecurity] Dynamically create a phishing page based on the HTTP referer header

[Cybersecurity] Enforcing better Active Directory passwords (Password audit part 3)

[Cybersecurity] Cracking Active Directory passwords (Password audit part 2)

[Cybersecurity] Brute force attack your own users (Password audit part 1)

[Cybersecurity] Bug Bounty Hunting Tips #3 — Kicking S3 Buckets

[Cybersecurity] Bug Bounty Hunting Tips #2 —Target their mobile apps (Android Edition)

[Cybersecurity] Bug Bounty Hunting Tips #1— Always Read the Source Code