Professionally Evil Insights

Welcome to the Professionally Evil Insights blog by Secure Ideas! In this digital playground, we unravel the complex world of information security with a touch of fun. Our expert-led content ranges from deep-dives into penetration testing to explorations of hardware hacking. Whether you're curious about Secure Ideas or passionate about cybersecurity, this blog is your quick, enlightening, and entertaining guide into the captivating world of information security.

Welcome aboard!

    Featured Image
    Paths to Power in Active Directory Part 4: ESC3 – In The Name of The Crown
    penetration testing |  Active Directory |  Privilege Escalation
    In Part 2, ESC1 – No One, Yet Everyone, we examined a misconfiguration that allows a low-privileged user to request a certificate that represents a different account. That path focused on identity control and how subject manipulation can lead to privilege escalation. In Part 3, ESC2 – The Seal of ...
    Continue Reading

    Never miss a Professionally Evil update!

    Sign Up For Our Newsletter
    Understanding MFA Fatigue Attacks
    Understanding MFA Fatigue Attacks
    Multi-factor authentication has become one of the most widely recommended controls in security. The ...
    Continue Reading
    Rolling for Resilience Part 4 - Boots in the Field: Manuals for Real-Time Action
    Rolling for Resilience Part 4 - Boots in the Field: Manuals for Real-Time Action
    This is the fourth post in this series addressing my perspective on the current state of ...
    Continue Reading
    Paths to Power in Active Directory Part 3: ESC2 – The Seal of Any Purpose
    Paths to Power in Active Directory Part 3: ESC2 – The Seal of Any Purpose
    “ Power in Active Directory, much like power in Westeros, often changes hands not through force, ...
    Continue Reading
    Supply Chain Security: Trust Is the New Attack Surface
    Supply Chain Security: Trust Is the New Attack Surface
    In February 2026, while participating in a panel at IT Expo, one statement kept resonating ...
    Continue Reading
    SaaS Sprawl, Identity, and the Illusion of Control
    SaaS Sprawl, Identity, and the Illusion of Control
    While participating in the SaaS Sprawl and Shared Responsibility: Regaining Control and Assuring ...
    Continue Reading
    Detecting Dangling SaaS Subdomains and Real Subdomain Takeovers
    Detecting Dangling SaaS Subdomains and Real Subdomain Takeovers
    Subdomain takeover is one of those vulnerabilities that refuses to die. Every few years it gets ...
    Continue Reading
    AI Agents: Clippy With Root Access
    AI Agents: Clippy With Root Access
    There’s a new kind of software showing up in your Slack, IDE, and cloud console and it’s AI agents. ...
    Continue Reading
    Evaluating AI Language Tutors Through a Security Lens
    Evaluating AI Language Tutors Through a Security Lens
    Evaluating AI Language Tutors Through a Security Lens Over the past year or so, I have seen a ...
    Continue Reading
    Rolling for Resilience Part 3: Battle Prep - The Scrolls of Response
    Rolling for Resilience Part 3: Battle Prep - The Scrolls of Response
    This is the third post in this series addressing my perspective on the current state of ...
    Continue Reading
    Paths to Power in Active Directory Part 2: ESC1 – No One, Yet Anyone
    Paths to Power in Active Directory Part 2: ESC1 – No One, Yet Anyone
    This is the second post in this series. Part I can be found here.
    Continue Reading
    Extract Secrets from Multiple Configuration Files Using Vim
    Extract Secrets from Multiple Configuration Files Using Vim
    penetration testing  |  command line  |  red team  |  VIM
    You're SSH'd into a compromised Linux server during a penetration test. You've found the ...
    Continue Reading
    Has contents: true Total pages: 32 Current page: 1
    1 2 3 4 5