Observations in Security

Michael Hyndman

Hello! I am Vice President of Information/Cyber Security for a global cyber safety company. I am also a bug bounty hunter and ethical hacker. This blog is a collection of my technical and social observations while navigating infosec.


Dealing with stress as a security leader

Over the last few months I’ve been asked by multiple people how I deal with stress. This is no surprise – it is well documented that Chief Information Security Officers and many other security professionals have uniquely stressful line of work. Security leaders have all kinds of challenges to deal with in the course of…

How to optimize your hacking by understanding your mind.

Over the course of my career, the limitations and capabilities of the human brain and how these impact the tasks we perform, the choices we make and our long term career trajectory has been a source of great fascination for me. When solving problems at work we rarely take a step back and consider to…

Walking the path least trodden – hacking iOS apps at scale

This is a story of how I set out to find some bounties and how I found gold, hacking iOS apps, at scale. One of the essentials qualities of a bug hunter is the ability to find exploitable vulnerabilities that others haven’t found. The ability to find bugs not discovered by others is a quality…

Bypassing 403

A few weeks ago I came across this cool “accidental” exploit vector which was documented about 8 years ago by IRCmaxwell and describes a way to trick servers (behind a reverse proxy or load balancer) into thinking a HTTP request which is ordinarily unauthorised, is actually authorised. I read the blog post while doing some…