#ai#agents#startups
On building an AI-native company
28 April 2026
Two weeks ago I was about to hire an EA and sign three SaaS contracts. I haven't done either.
Read moreHello, I'm Paul Price
I make stuff, break stuff, and protect stuff from getting hacked.
#devsecops#ai#crowdstrike
Building CrowdStrike workflows with Claude Code skills
17 February 2025
Building CrowdStrike Falcon Fusion workflows with Claude Skills. What if you could just describe your security workflows?
Read more#devsecops
Keep it secret. Keep it ... safe?
8 February 2021
What happens after you accidentally leak secrets to a public code repository.
Read more#osint#passlo#passwords
Analysing over 1M leaked passwords from the UK's biggest companies
21 May 2020
This article was originally published via the Passlo blog, my SaaS startup. How do some of the UK’s biggest companies fair when it comes to passwords? Does…
Read more#toolkit#devsecops
Ahh shhgit!
17 October 2019
DevSecOps — the art of embedding security into the software development lifecycle — is a common and largely underestimated threat vector for many organisations…
Read more#passwords#toolkit
Effortless password audits
1 November 2018
Passwords. They are the keys to our digital kingdoms. And these days most organisations will have security controls in place, such as 2 Factor Authentication…
Read more#research
Mining Mimecast: brute forcing your way to success
15 March 2018
This article was originally published via the Schillings cyber blog, where I previously worked. Mimecast is one of the largest cloud e-mail security providers…
Read more#research#osint
Online stalking: London, Paris, New York
13 February 2018
Citymapper is a journey planning application that integrates all modes of transport (public, cycling, walking, driving) in major urban areas. Starting in London…
Read more#research
Domino's: pizza and payments
4 April 2016
Friday evening, circa 3 years ago. I’m craving an Americano with extra pineapple and hot dog stuffed crust. I fire up the Domino’s Android app, place my order…
Read more#research#iot
Owning Philips In.Sight IP cameras
30 January 2015
This is a continuation from my previous post but this time we’ll be taking a look at the device itself, the Philips In.Sight M100. The end goal is to pop a root…
Read more#research
Yoics: account takeover vulnerability
29 January 2015
Yoics market themselves as “secure cloud networking” and is a service that allows you to “Internet access (almost) anything”. Many top brands use Yoics services…
Read more#research
Moonpig vulnerability
4 January 2015
Moonpig are one of the most well known companies that sell personalised greeting cards in the UK. In 2007 they had a 90% market share and shipped nearly…
Read more#research
National Express ticket takeover
23 September 2014
National Express are one of the biggest public transport companies in the UK with a huge fleet of coaches and trains. This vulnerability discloses customers…
Read more#research
Cerberus anti-theft Android device takeover vulnerability
19 December 2013
You may or may not have heard of Cerberus, an anti-theft application for Android devices. Cerberus allows you to remotely control your device if it has been…
Read more#research
Funky Pigeon account take over
24 October 2013
If you have an account with FunkyPigeon.com then you should be extremely concerned. It is possible for an attacker to gain access to your account which can…
Read more