About - Jai Minton

About Me

Hi, I’m Jai Minton an Information and Cyber Security Professional with an interest in both “offensive” (Penetration Testing) and “defensive” (Digital Forensics and Incident Response) security operations. My passion for information technology and security extends beyond my employment, and as such there’s a few reasons that this blog exists, in short I wanted:

1. A place to consolidate and publish some ‘Capture The Flag’ achievements and my thought process which lead to these achievements.
2. A place to publish some of my public research, thoughts, and learning outcomes to help others improve themselves, their knowledge, and their processes relating to information and cyber security.
3. To lower the barrier of entry for upcoming security professionals who are interested in breaking into the field but don’t know how.

If I can help you learn something in minutes or hours which took me days, weeks, or even months to learn, then this website has been a success.

Why should I listen to you?

I don’t ‘specialise’ in just a single area of information security, nor would I consider myself (or practically anyone else for that matter) an ‘expert’ in everything related to security. I have; however, worked and researched in a number of different areas depending on my role, responsibilities, and what I find interesting at any given time.

In my professional career and my spare time I’ve:

• Worked for both the public and private sector
• Undertaken multiple successful penetration tests achieving the goals based on the scope of tests conducted
• Worked in internal security roles and collaborated to share research findings with relevant Cyber Security Centre/CERT authorities globally
• Worked in a managed service capacity to protect multiple Fortune 500, and Fortune 100 companies
• Researched and documented new and emerging threats within the Cyber Security industry
• Reported newly discovered (including critical) vulnerabilities to companies
• Had my research findings included in recognised industry courses such as SANS FOR500 (Windows Forensic Analysis)
• Been on the Academic Advisory Board of the Security Blue Team, ‘Blue Team Level 2 (BTL2)’ certification
• Contributed to ubiquitous industry frameworks including the MITRE ATT&CK framework and Living Off The Land Binaries and Scripts (LOLBAS) project
• Spoken at a number of industry events and conferences including but not limited to AdelaideSEC (AISA), RooCon (Google), CyberXCHANGE (CyberCX), BSides Adelaide (BSides) and SecTalks.

Some recommendations, comments, or citations of my work:

• Twitter / X
• Bleeping Computer
• Bleeping Computer 2
• Splunk
• BlackBerry
• Malpedia
• The Hacker News
• MITRE ATT&CK
• LOLBAS Project

An online search may also yield other results.

Some CTF Achievements:

• ⭐🏆⭐ SANS Holiday Hack Challenge 2023 - Best Overall Answer Grand Prize Winner: Write-up
• DFIR Netwars Continuous 2 - Top 3% globally
• 🏆 SANS Holiday Hack Challenge 2022 - Tied Best Technical Answer Winner: Write-up
• Core Netwars Continuous 2 - Top 1% globally
• 🏆 SANS Holiday Hack Challenge 2021 - Most Creative Prize Winner: Write-up
• SANS Holiday Hack Challenge 2020 - Honorable Mention: Write-up
• SANS Holiday Hack Challenge 2019 - Super Honorable Mention: Write-up
• DEFCON DFIR CTF 2019 - 2nd person to complete all challenges
• SANS Holiday Hack Challenge 2018 - Super Honorable Mention: Write-up

In addition this website and what it entails has been used in a number of industries and verticals, both public and private sector which includes:

• Telecommunications
• Academia
• Law Enforcement
• Network Providers
• Defence
• Healthcare
• Energy and Gas
• Government
• Services
• Technology

Despite the above I strongly believe that the only way for this industry to be successful and thrive is collaboration and knowledge sharing wherever possible, and so I often seek validation and feedback from others who specialise in a particular area. It’s entirely up to you who you follow, listen to, or collaborate with in this industry.

Disclaimer

All thoughts and opinions expressed here are my own, and may not be representative of my employer, or any other entity unless I am specifically quoting someone.

This website and content included is provided “as is”, without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and noninfringement.

Product mentions

There are many security tools, products, and services on the market today and I utilise many on a daily basis. Any mention of a particular tool, product, or service is on my own accord and is no way sponsored unless otherwise stated.

Can I contact you?

Should you need to contact me you can always do so on:

• Twitter / X
• Mastodon - Infosec Exchange
• Github
• YouTube

Other Work

• Open Bug Bounty
• Hack The Box

Can I share your work?

Absolutely, provided you give attribution. Consider the work here licensed under the Creative Commons Attribution 4.0 International License.

Can I support or donate?

Collaboration and knowledge sharing is a great way to help support this work, and even just letting me know how much it helps is always appreciated. I don’t do “sponsored posts” or “advertisements”, I don’t get any financial benefit to mention products, and the website is being run at an expense every single year.

If you find this material useful and feel like buying me a coffee, or helping to contribute to domain registration and hosting fees, please feel free to do so, but don’t feel obliged.

For those who wish to donate, know that any contribution is greatly appreciated. When you donate you’re playing a part in supporting the hundreds, if not thousands of hours that have gone into experimenting, researching, and developing content to give back to the community completely free of charge. There’s time, frustration, blood, sweat, and tears which has been put in to create content, and this time could have otherwise been spent away from the computer with loved ones. Although it may not be obvious, the content on this site is the result of knowledge sharing as much as it is from trying and failing over many years. When you contribute you’re playing a part in helping myself as much as everyone else who has benefited from this content. You’re helping people all around the world not only stay safe and secure, but also develop themselves and their career, and for that you have my thanks.

Privacy Policy

The website is currently using some scripts; however none of these are specifically designed for tracking and advertising. Web browser performance API data is sent to Cloudflare in the form of ‘Cloudflare Web Analytics’. You can safely block cloudflareinsights.com to prevent this and still retain functionality of the website.

The only cookies used on this site are pushed down from the Cloudflare content delivery network. More information on possible cookies can be found here. The only known cookie to be in use is as follows:

• __cf_bm: Used for managing bots, short lived (only lasts up to 30 minutes after inactivity on the website). Not used for tracking.

Because the website is built and hosted on Github Pages, Github itself logs each visitor IP address for their own security purposes and this is unfortunately not something I can control. More information can be found on Github Pages Data Collection

The website makes use of fonts pushed down from fontawesome.com, this can be blocked at the expense of some visual aspects to the website.

In addition to all of this a content security policy (CSP) has always been in place to provide an added level of security in what resources can be loaded from this website. I fully respect that resources may wish to be blocked, and you are free to block any resource from being loaded, but please note it may affect certain elements of the website. I’d recommend using a browser extension such as: Ublock Origin or UMatrix to do this, or more broadly DuckDuckGo Privacy Essentials for specifically targeting trackers.