Hi, I’m Jai Minton an Information and Cyber Security Professional with an interest in both “offensive” (Penetration Testing) and “defensive” (Digital Forensics and Incident Response) security operations. My passion for information technology and security extends beyond my employment, and as such there’s a few reasons that this blog exists, in short I wanted:
- A place to consolidate and publish some ‘Capture The Flag’ achievements and my thought process which lead to these achievements.
- A place to publish some of my public research, thoughts, and learning outcomes to help others improve themselves, their knowledge, and their processes relating to information and cyber security.
- To lower the barrier of entry for upcoming security professionals who are interested in breaking into the field but don’t know how.
If I can help you learn something in minutes or hours which took me days, weeks, or even months to learn, then this website has been a success.
Why should I listen to you?
I don’t ‘specialise’ in just a single area of information security, nor would I consider myself (or practically anyone else for that matter) an ‘expert’ in everything related to security. I have; however, worked and researched in a number of different areas depending on my role, responsibilities, and what I find interesting at any given time.
In my professional career and my spare time I’ve:
- Worked for both the public and private sector
- Undertaken multiple successful penetration tests achieving the goals based on the scope of tests conducted
- Worked in internal security roles and collaborated to share research findings with relevant Cyber Security Centre/CERT authorities globally
- Worked in a managed service capacity to protect multiple Fortune 500, and Fortune 100 companies
- Researched and documented new and emerging threats within the Cyber Security industry
- Reported newly discovered (including critical) vulnerabilities to companies
- Had my research findings included in recognised industry courses such as SANS FOR500 (Windows Forensic Analysis)
- Been on the Academic Advisory Board of the Security Blue Team, ‘Blue Team Level 2 (BTL2)’ certification
- Contributed to ubiquitous industry frameworks including the MITRE ATT&CK framework and Living Off The Land Binaries and Scripts (LOLBAS) project
- Spoken at a number of industry events and conferences including but not limited to AdelaideSEC (AISA), RooCon (Google), CyberXCHANGE (CyberCX), and SecTalks.
Some recommendations, comments, or citations of my work:
- Twitter / X
- Bleeping Computer
- Bleeping Computer 2
- The Hacker News
- MITRE ATT&CK
- LOLBAS Project
An online search may also yield other results.
Some CTF Achievements:
- DFIR Netwars Continuous 2 - Top 3% globally
- 🏆 SANS Holiday Hack Challenge 2022 - Tied Best Technical Answer Winner: Write-up
- Core Netwars Continuous 2 - Top 1% globally
- 🏆 SANS Holiday Hack Challenge 2021 - Most Creative Prize Winner: Write-up
- SANS Holiday Hack Challenge 2020 - Honorable Mention: Write-up
- SANS Holiday Hack Challenge 2019 - Super Honorable Mention: Write-up
- DEFCON DFIR CTF 2019 - 2nd person to complete all challenges
- SANS Holiday Hack Challenge 2018 - Super Honorable Mention: Write-up
In addition this website and what it entails has been used in a number of industries and verticals, both public and private sector which includes:
- Law Enforcement
- Network Providers
- Energy and Gas
Despite the above I strongly believe that the only way for this industry to be successful and thrive is collaboration and knowledge sharing wherever possible, and so I often seek validation and feedback from others who specialise in a particular area. It’s entirely up to you who you follow, listen to, or collaborate with in this industry.
All thoughts and opinions expressed here are my own, and may not be representative of my employer, or any other entity unless I am specifically quoting someone.
This website and content included is provided “as is”, without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and noninfringement.
There are many security tools, products, and services on the market today and I utilise many on a daily basis. Any mention of a particular tool, product, or service is on my own accord and is no way sponsored unless otherwise stated.
Can I contact you?
Should you need to contact me you can always do so on:
- Email: mintsec [at] outlook [dot] com
If you want to encrypt your email and send it to me, my PGP fingerprint is D9F1 397D 13A2 6192 9B01 C9C0 33A1 B659 55ED 33BF, or for those who just need the PGP Public Key
Note: You don’t have permission to add this email to your CRM mailing lists, and I don’t do sponsored/guest articles or the like, they’re spammy and rubbish. See here
Can I share your work?
Absolutely, provided you give attribution. Consider the work here licensed under the Creative Commons Attribution 4.0 International License.
Can I support or donate?
Collaboration and knowledge sharing is a great way to help support this work, and even just letting me know how much it helps is always appreciated. I don’t do “sponsored posts” or “advertisements”, I don’t get any financial benefit to mention products, and the website is being run at an expense every single year.
If you find this material useful and feel like buying me a coffee, or helping to contribute to domain registration and hosting fees, please feel free to do so, but don’t feel obliged.
For those who wish to donate, know that any contribution is greatly appreciated. When you donate you’re playing a part in supporting the hundreds, if not thousands of hours that have gone into experimenting, researching, and developing content to give back to the community completely free of charge. There’s time, frustration, blood, sweat, and tears which has been put in to create content, and this time could have otherwise been spent away from the computer with loved ones. Although it may not be obvious, the content on this site is the result of knowledge sharing as much as it is from trying and failing over many years. When you contribute you’re playing a part in helping myself as much as everyone else who has benefited from this content. You’re helping people all around the world not only stay safe and secure, but also develop themselves and their career, and for that you have my thanks.
The website is currently using some scripts; however none of these are specifically designed for tracking and advertising. Web browser performance API data is sent to Cloudflare in the form of ‘Cloudflare Web Analytics’. You can safely block cloudflareinsights.com to prevent this and still retain functionality of the website.
The only cookies used on this site are pushed down from the Cloudflare content delivery network. More information on possible cookies can be found here. The only known cookie to be in use is as follows:
- __cf_bm: Used for managing bots, short lived (only lasts up to 30 minutes after inactivity on the website). Not used for tracking.
Because the website is built and hosted on Github Pages, Github itself logs each visitor IP address for their own security purposes and this is unfortunately not something I can control. More information can be found on Github Pages Data Collection
The website makes use of fonts pushed down from fontawesome.com, this can be blocked at the expense of some visual aspects to the website.
In addition to all of this a content security policy (CSP) has always been in place to provide an added level of security in what resources can be loaded from this website. I fully respect that resources may wish to be blocked, and you are free to block any resource from being loaded, but please note it may affect certain elements of the website. I’d recommend using a browser extension such as: Ublock Origin or UMatrix to do this, or more broadly DuckDuckGo Privacy Essentials for specifically targeting trackers.