Professionally Evil Insights

Welcome to the Professionally Evil Insights blog by Secure Ideas! In this digital playground, we unravel the complex world of information security with a touch of fun. Our expert-led content ranges from deep-dives into penetration testing to explorations of hardware hacking. Whether you're curious about Secure Ideas or passionate about cybersecurity, this blog is your quick, enlightening, and entertaining guide into the captivating world of information security.

Welcome aboard!

    Twelve Days of ZAPmas - Day 2 - The Edge of Tomorrow
    Twelve Days of ZAPmas - Day 2 - The Edge of Tomorrow
    Day 2 - The Edge of Tomorrow - Replaying and Tampering with Requests Fuzzing and tampering are like ...
    Continue Reading
    Twelve Days of ZAPmas - Day 1 - Setting Up ZAP
    Twelve Days of ZAPmas - Day 1 - Setting Up ZAP
    This holiday season, I’m going to run down some of the ins and outs of working with OWASP Zed ...
    Continue Reading
    Coming Soon - Twelve Days of ZAPmas
    Coming Soon - Twelve Days of ZAPmas
    In December of 2018, I published a twelve-day series of cross-site scripting tips, tricks, and ...
    Continue Reading
    JuiceShop Workshop in less than 5 minutes
    JuiceShop Workshop in less than 5 minutes
    Training  |  application security  |  OWASP  |  AWS  |  IaC  |  JuiceShop  |  Containers  |  AWS_ECS  |  workshops  |  Vagrant  |  AWS-CDK
    Have you ever deployed 10-30 containers in AWS with the single stroke of a key? (well if you don’t ...
    Continue Reading
    How to Obfuscate Strings in Rust the Easy Way Using the litcrypt Crate
    How to Obfuscate Strings in Rust the Easy Way Using the litcrypt Crate
    application security  |  programming  |  rust  |  Obfuscate  |  litcrypt
    Overview Static strings in a binary can make the life easier for reverse engineers, be those ...
    Continue Reading
    Application Security 202: Vulnerabilities Accepted
    Application Security 202: Vulnerabilities Accepted
    vul·ner·a·bil·i·ty The quality or state of being exposed to the possibility of being attacked or ...
    Continue Reading
    (Not So) Quick Bites - Episode 3 - Writing About Writer's Block
    (Not So) Quick Bites - Episode 3 - Writing About Writer's Block
    Deliverables  |  consulting  |  application security  |  Secure Ideas  |  cybersecurity  |  methodology  |  Project  |  Writing  |  Quick Bites
    So, sometimes I have a real problem with writing, specifically reports and blog posts. Somehow, ...
    Continue Reading
    Hunting Secrets
    Hunting Secrets
    Applications are hemorrhaging sensitive data. In many cases, the culprit is marketing and analytics ...
    Continue Reading
    Quick Bites Episode 2 - HTTP Security Headers and Why You NEED Them
    Quick Bites Episode 2 - HTTP Security Headers and Why You NEED Them
    Hi everybody! So, after some feedback about the last “quick” Quick Bites (thanks Josh!), I’ve ...
    Continue Reading
    Privilege Escalation via File Descriptors in Privileged Binaries
    Privilege Escalation via File Descriptors in Privileged Binaries
    Today I wanted to cover an application security topic that applies to SetUID binaries. As we all ...
    Continue Reading
    LD_PRELOAD: Making a Backdoor by Hijacking accept()
    LD_PRELOAD: Making a Backdoor by Hijacking accept()
    application security  |  professionally evil  |  Secure Ideas  |  LD_PRELOAD  |  accept  |  dup2  |  make  |  Linux  |  programming  |  Shared Objects  |  dlsym  |  shell  |  backdoor  |  rootkit  |  userland  |  ELF  |  inject  |  injection
    Today I want to continue the series on using LD_PRELOAD. In previous posts, we covered how to ...
    Continue Reading
    1 2 3

    Never miss a professionally evil update!

    Sign Up For Our Newsletter