Hi, I’m Jai Minton an Information and Cyber Security Professional with an interest in both “offensive” (Penetration Testing) and “defensive” (Incident Response) security operations. My passion for information technology and security extends beyond my employment, and as such there’s a few reasons that this blog exists, in short I wanted:

  1. A place to consolidate and publish some ‘Capture The Flag’ achievements and my thought process which lead to these achievements.
  2. A place to publish some of my public research, thoughts, and learning outcomes to help others improve themselves and their processes relating to information and cyber security.
  3. To lower the barrier of entry for upcoming security professionals who are interested in breaking into the field but don’t know how.


All thoughts and opinions expressed here are my own, and may not be representative of my employer, or any other entity unless I am specifically quoting someone.

This website and content included is provided “as is”, without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and noninfringement.

Product mentions

There are many security tools, products, and services on the market today and I utilise many on a daily basis. Any mention of a particular tool, product, or service is on my own accord and is no way sponsored unless otherwise stated.

Can I contact you?

Should you need to contact me you can always do so on:

  • Twitter
  • Email: mintsec [at] outlook [dot] com

If you want to encrypt your email and send it to me, my PGP fingerprint is D9F1 397D 13A2 6192 9B01 C9C0 33A1 B659 55ED 33BF, or for those who just need the PGP Public Key

Other Work

Can I share your work?

Absolutely, provided you give attribution. Consider the work here licensed under the Creative Commons Attribution 4.0 International License.

Privacy Policy

Post April 10th 2021:

Google Analytics has been REMOVED from the website.

The website is currently still using some scripts; however none of these are designed for analysis, tracking, and advertising. Web browser performance API data is sent to Cloudflare in the form of ‘Cloudflare Web Analytics’

The only cookies used on this site are ones pushed down from the Cloudflare content delivery network. More information on possible cookies can be found here. Currently the only known cookies to be in use are as follows:

  • __cfduid: Deprecated. Was used for detecting bots. Will be removed by 10th May 2021. Only transmitted MD5 of amalgamated user data and wasn’t intended for tracking.
  • __cf_bm: Used for managing bots, short lived (only lasts up to 30 minutes after inactivity on the website). Not used for tracking.

In addition a content security policy (CSP) has always been in place to provide an added level of security in what resources can be loaded from this website. I fully respect that resources may wish to be blocked, and you are free to block any resource from being loaded, but please note it may affect certain elements of the website. I’d recommend using a browser extension such as: Ublock Origin or UMatrix to do this.

Prior to April 10th 2021:

Like almost every other website this website uses cookies and scripts; however, unlike some other websites I have no need, nor want to handle any of your personal information. My use case is purely that I’d like to know whether this blog is being utilised and how I can improve it. As such I am using Google Analytics to gather the bare minimum basic non-identifiable information of visitors to this site (through the use of googletagmanager) and I am very much about this being transparent. The information gathered includes, the following known elements, as more become apparent this will be updated:

  • Web Browser (e.g. Firefox)
  • Anonymised IP (The last octet is changed to 0)
  • Operating System (e.g. Windows, iOS)
  • Network Domain (e.g. Telstra)
  • Country (Enumerated through anonymised IP)
  • Language
  • Screen Resolution
  • Mobile Device Information (e.g. Microsoft Windows RT Tablet)
  • Referrer (e.g. LinkedIN, Reddit)

Because this is a Google service it sends information to their servers and they have their own privacy policies, information handling processes and conditions. More information can be found below.

If you do not wish for this information to be sent or received, I fully respect that and you are free to block googletagmanager.com on this website in addition to any other resources, but please note it may affect certain elements of the website. I’d recommend using a browser extension such as: Ublock Origin or UMatrix to do this; however, Google also offer their own Google Analytics ‘Opt-out Browser Add-on’ if you’d just like to block analytics scripts.