I’m Craig Hays, a writer, musician, academic researcher, failed skydiver, movie producer, FinTech startup to £105m-acquisition veteran, public speaker, and maker of things.
Right now I’m focusing my attention on cybersecurity and helping people and organisations defer inevitable cyber-attacks such as ransomware, data theft, and cyber-enabled fraud for as long as possible.
In The Press
RE: Human Layer Security Podcast – Episode 7 – “How to Hack a Human” with Craig Hays, Ethical Hacker
Craig Hays – Open-Source intelligence (OSINT) in Cyber Security #Cyberfest21 [1:52:22 onwards]
CISOOnline.com
How Corporate Data and Secretes Leak from GitHub Repositories
Research Papers
How to Hack a Human, Tessian.com, (January 2021)
What happened when I leaked my server password on Github.com, CraigHays.com, (June 2020)
Bypassing internet service provider traffic shaping with peer-to-peer file sharing through deliberate false positives, IEEE/IET Communications, Volume: 5 Issue: 11 (August 2011)
I’m also the curator of:
- The Bug Bounty Toolkit
- The OSINT Toolkit
[Cybersecurity Transformation] Cybersecurity Transformation Roadmap Checklist
[Cybersecurity Tutorials] BeyondTrust Privileged Remote Access - Ultimate Deployment Guide
[Cybersecurity Tutorials] Nmap OS Detection: Easy, Fast, and Powerful Examples [How To Guide]
[Cybersecurity Principles] Vulnerability Scanning vs Penetration Testing: Why Both are Important
[Cybersecurity Tutorials] Microsoft LAPS: Setup, Install, Use, And Secure With Multi-Factor Authentication
[Cybersecurity] CyberFest21
[Bug Bounty Hunting] How I Bought a £240.00 Annual Subscription for Bargain £0.01
[Bug Bounty Hunting] Pre-Account Takeover by Reversing a Weak Email Verification Token Algorithm
[Bug Bounty Hunting] Cracking Encrypted Credit Card Numbers Exposed By API
[Bug Bounty Hunting] One Time Code Bypass With An Inverted Brute-Force Attack
[Lifestyle] "Alexa, Put The Kids to Bed and Make Them Sleep"
[Cybersecurity Research] Why You Should Never Trust a Free Proxy Server
[Cybersecurity Research] How Phishing Websites Use Captcha to Fool Browsers and People
[Cybersecurity Research] Phishing Email to Company Devastating Ransomware in 5 Hours
[OSINT] How An Investigator Can Find Your Location From One Photograph
[Cybersecurity Research] Phishing with Worms - The Greatest Password Theft I've Ever Seen
[Learning] Five Life Lessons Learned by Learning to Cook
[Cybersecurity] Why Hackers Love User Accounts and How They Hack Them
[Cybersecurity] How to Sell Counterfeit Cash on Instagram in 7 Easy Steps
[startup] How I Built And Launched A Web App In Under 8 Hours
[Cybersecurity Research] Threat Intelligence and Why Nobody Hacked My Hackable Website
[Cybersecurity] 3 Tips To Run The Best Phishing Tests In The World
[Cybersecurity Research] Why More Than Half of Email Phishing Leaks Happen on Mobile Devices
[Cybersecurity Research] What Happened When I Leaked My Server Password on GitHub.com
[Cybersecurity] Save and Search Your Web Traffic Forever with elasticArchive for Mitmproxy
[Bug Bounty Hunting] Bug Bounty Hunting Tips #6 — Simplify
[Newsletter] Bug Bounty Tips #5, Half-Life Alyx, Everyone works from home, and more...
[Bug Bounty Hunting] Bug Bounty Hunting Tips #5 — Aim to Become World-Class in Your Niche
[Bug Bounty Hunting] Bug Bounty Tips #4, Covid-19 phishing, and more
[Cybersecurity] Bug Bounty Hunting Tips #4 — Develop a Process and Follow It
[Lifestyle] Why I Admire the Vanlife Man Camped Outside McDonald's
[Cybersecurity] How Will I Recover from Ransomware?
[Cybersecurity] Gaining Lateral Movement with SSH Password Sniffing
[Cybersecurity] How To Prevent Cloud Cost-Skimming Fraud
[Cybersecurity Research] Inside a Real SMS Phishing Attack (Smishing)
[Cybersecurity] How to Run a Phishing Simulation Test
[Cybersecurity Skills] 9 Things I've Learned Writing Phishing Emails
[Cybersecurity] How to Define Vulnerability Testing Scope
[Cybersecurity Tutorials] Dynamically create a phishing page based on the HTTP referer header
[Cybersecurity Tutorials] Enforcing better Active Directory passwords (Password audit part 3)
[Cybersecurity Tutorials] Cracking Active Directory passwords (Password audit part 2)
[Cybersecurity Tutorials] Brute force attack your own users (Password audit part 1)
[Bug Bounty Hunting] Bug Bounty Hunting Tips #3 — Kicking S3 Buckets
[Bug Bounty Hunting] Bug Bounty Hunting Tips #2 —Target their mobile apps (Android Edition)
[Bug Bounty Hunting] Bug Bounty Hunting Tips #1— Always Read the Source Code