Hot Topics

Syndicated Blog

Professionally Evil Insights
by Secure Ideas, LLC
https://blog.secureideas.com
Professionally Evil Fundamentals: Introduction

Linux X86 Assembly – How To Test Custom Shellcode Using a C Payload Tester

| | ALSR, analysis, Application Security, architecture, ASM, cpu, debugging, DEP, function, gas, getpagesize, Hello World, Linux, mprotect, payload, Penetration Testing, pointers, Professionally Evil, programming, Reverse Engineering, Secure Ideas, shellcode, stub, syscalls, testing, training, x86
Overview In the last blog post in this series, we created a tool to make it easy to build our custom payloads and extract them.  However, what if we want to test ...
Professionally Evil Insights

It Was The Best Of Times, It Was The Worst Of Times…A Tale of Two Passwords

| | Best Practices, Information Security, Password Security, Professionally Evil, Secure Ideas, security, Security Awareness, web app security
Two of the characters in Charles Dickens’ beloved novel, A Tale of Two Cities have such similar features that their identities are swapped.  No one notices.  One escapes and reunites with his ...
Professionally Evil Insights

Low Hanging Fruit Ninja: Slashing the Risks of the Human Element

| | Best Practices, Business, Human Element, Password, Password Security, Penetration Testing, Phishing, Privacy & Personal Security, removable media, security, social engineering, social networking, threats, training, wif-fi
A long time ago in a galaxy far, far away, I was not a Security Consultant.  I was a Chef.  And I worked as a corporate Chef for an organization that required ...
Professionally Evil Insights
How to configure BurpelFish

How to configure BurpelFish

| | Application Security, Burp Extensions, Burp Suite, Penetration Testing, pentesting, translation, web app security, web application pentesting, Web Application Security, web penetration testing
I recently was doing a pentest and was continuously looking up translations for words, and thought “there has to be a better way…”. That is when I landed on BurpelFish, which adds ...
Professionally Evil Insights
A New Consultant’s 1st Con – Wild West Hackin Fest – Way West 2021

A New Consultant’s 1st Con – Wild West Hackin Fest – Way West 2021

| | 2021, conference, consultants first con, current-events, Cybersecurity, Penetration Testing, Red Team, Reviews, sdr, security, swag, training, way west, wild west hacking fest, wwhf
Last month, I found myself Googling: Is weed legal in Nevada?  This was the day after arriving in Reno for Wild West Hacking Fest – Way West 2021.  I kept noticing that ...
Professionally Evil Insights
Professionally Evil Fundamentals: Introduction

Linux X86 Assembly – How to Make Our Hello World Usable as an Exploit Payload

| | analysis, Application Security, architecture, ASM, call, cpu, exit, gas, Hello World, int, jmp, Linux, mov, objdump, optimize, payload, Penetration Testing, PoP, Professionally Evil, programming, push, Registers, Reverse Engineering, Secure Ideas, shellcode, syscalls, training, write, x86, xchg, xor
Overview In the last two tutorials, we built a Hello World program in NASM and GAS for x86 assembly.  While this can help us learn x86 assembly, it isn’t viable as a ...
Professionally Evil Insights
Beyond Shell - Webcast

The Best Way to Capture Traffic in 2021

| | capture dns traffic, capture traffic windows 10, capture traffic without wireshark, capturing network traffic, how to capture network traffic, Linux, Microsoft Message Analyzer alternative, microsoft message analyzer replacement, netmon alternative, network, Penetration Testing, tcdump in windows, tcpdump on windows, Windows
There are times when you need to capture some network traffic.  Maybe you’re troubleshooting a communication issue or maybe you’re doing something a little more suspect on a penetration test (looking for ...
Professionally Evil Insights
President Biden Delivers Remarks on the Colonial Pipeline Incident

Run as Admin: Executive Order on Cybersecurity

| | current-events, executive order cybersecurity, executive order cybersecurity 2020, executive order cybersecurity 2021, executive order improving critical infrastructure cybersecurity, executive order on cybersecurity, executive order promoting private sector cybersecurity information sharing, president cybersecurity executive order, presidential executive order cybersecurity, white house executive order cybersecurity framework
On May 12, 2021, President Biden issued an executive order on cybersecurity. This new order combines many trends we’re already seeing in the Fortune 500 and bringing that into the public sector ...
Professionally Evil Insights
Professionally Evil Fundamentals: Introduction

Linux X86 Assembly – How to Build a Hello World Program in GAS

| | Penetration Testing
Overview In the last tutorial, we covered how to build a 32-bit x86 Hello World program in NASM.  Today, we will cover how to do the same thing, but this time using ...
Professionally Evil Insights
Ochaun Marshall -- Securing Web applications in AWS

AppSec Cheat Code: Shift Left, Shift Right, Up, Down & Start

| | Application Security, AppSec, left shift vs right shift, shift left application security, shift left devops, shift left security, shift left testing, shift right security, Web Application Security
Seamless and unobtrusive security is the future. We are huge advocates of shifting left and moving security testing earlier in the development process. Leif Dreizler wrote a great article suggesting that not ...
Professionally Evil Insights
Load more