Secure Ideas In Action!

At Secure Ideas we are a team of security and technology geeks. As such we love to give back to the community whenever we can. That's what this page is all about! Here are some of our favorites:

Twitter Feed

Keep up with what's happening at Secure Ideas by following our twitter feed:

Open Source Projects

We lead and contribute to several familiar Open Source security projects. Below are some of our favorites (click for more details):

The Samurai Web Testing Framework is a VMWare linux environment that has been pre-configured to function as a web pen-testing environment. The distribution contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

In addition to tools, the Samurai Web Testing Framework comes equipped with several vulnerable target websites. While on a host-only virtual network these provide a safe learning environment in which to practice all sorts of web penetration testing activities.

The MobiSec Mobile Testing Framework project is a Virtual Machine Linux distribution for testing mobile environments, including devices, applications, and supporting infrastructure. The purpose is to provide attackers and defenders the ability to test their mobile environments to identify design weaknesses and vulnerabilities. The MobiSec distribution provides a single environment for testers to leverage the best of all available open source mobile testing tools, as well as the ability to install additional tools and platforms, that will aid the penetration tester through the testing process as the environment is structured and organized based on an industry-proven testing framework.

Laudanum is a collection of injectable files, in multiple languages for different environments, designed for use in a penetration test when SQL injection flaws are discovered. This collection of injectable files provides functionality such as shell, DNS query, LDAP retrieval, and others.

The purpose of this Burp extension is to improve efficiency of manual parameter analysis for web penetration tests of either complex or numerous applications. This can assist in tasks such as identifying sensitive data, identifying hash algorithms, decoding parameters, and determining which parameters are reflected in the response. This extension performs an in-depth and intelligent parameter analysis of all in-scope Burp traffic. Results are displayed in an interactive table and can be sent directly to other Burp tools such as Repeater.

The CO2 Burp extension includes a variety of functionality to enhance certain web penetration test tasks, such as an interface to make interacting with SQLMap more efficient and less error-prone, various tools for generating lists of users, a Laudanum exploitation shell implementation, and even a word masher for generating passwords. CO2 is available in the BApp Store and works with both the free and pro version of Burp.

Below are other open source projects we have also worked on, including several legacy projects:

Project Summary Project Page
Sh5Ark Securing HTML5 Assessment Resource Kit - open project providing a repository of HTML5 features, proof-of-concept attack code, and filtering rules. sh5ark.secureideas.net
Weaponized Flash An open source project focused around creating Rich Internet Application (RIA) objects for use during penetration tests. Sourceforge: weaponizedflash
BASE Basic Analysis and Security Engine (BASE) is based on the code from the Analysis Console for Intrusion Databases (ACID) project. Sourceforge: secureideas
Yokoso A project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications. yokoso.secureideas.net
SecTools Collection of open source security tools that enhance the ability of people and companies to secure their environment. Sourceforge: sectools
SharePoint (SPScan) SPScan is a tool written in Ruby that enumerates a SharePoint installation gathering information about the version and installed plugins. Sourceforge: spscan

If you have suggestions or are interested in contributing to any of these projects please Email Us.

BACK TO TOP

Interviews

Kevin Johnson is interviewed about new vulnerabilities being exposed daily, and how to combat malicious attacks.

Kevin Johnson is interviewed about ransomware and future attacks to come

Kevin Johnson is interviewed about how authorities thwart terrorism in social media, and other outlets in the digital age.

Kevin Johnson is interviewed about how terrorists, specifically those that carried out the San Bernadino attacks tried to erase their digital footprint

Kevin Johnson is interviewed about protecting yourself from hackers

Kevin Johnson is interviewed about the technique and provides some insights.

Kevin Johnson is interviewed about these common flaws.

Kevin Johnson is interviewed on IT Business Edge about the need for having the good guys test your systems for security flaws.

More Interviews...
BACK TO TOP

Articles

Jason Gillam is teaching at BSides Ashville

2/24/2017
Nick Selby of Secure Ideas Response Team discusses Ransomware

Many health organizations still do not appreciate the risks they are facing from determined hackers.

Information protection relies on simple steps

Hospitals lacking cybersecurity

Cybersecurity in Hospitals

Hackers hit another hospital with ransomware, encrypt four computers

How Cybersecurity is Changing Healthcare

Healthcare enters new cybersecurity era as hacktivists, organized crime, foreign nationals take aim

Going Native? Deciding the Optimal App Approach for Smartphone eCOA

3/5/2014
Mobility bandwagon: Developing enterprise mobile applications

Eight Ways to Create Stronger Passwords and Protect your Accounts

2/4/2014
New devices, new threats: How to evaluate the devices we love

More Articles...
BACK TO TOP

Blogs & Podcasts

We are so passionate about security topics, tools, and tricks & tips, that we will often blog about them or talk about them in webcasts. Check out some of that content here:

BACK TO TOP

Testimonials

We are proud to work with each of our clients to help them improve their security posture. Here is what some of our clients have said about us:

We look forward to our continued working relationship with Secure Ideas. You guys are just so Professional......ly EVIL!!! Ha!!!

Tim Craig, VyStar Credit Union

Secure Ideas provides cost effective, highly professional solutions that have been delivered in a timely fashion year after year to Info Tech, Inc.

Aaron DeSha, InfoTech, Inc.

Kevin and Secure Ideas stay current on all the latest vulnerabilities and offer a wealth of information and experience.

Tim Donovan, Financial Network, Inc.