Professionally Evil Blog

A blog by experts of penetration testing and other security assessments.
    Understanding Server-Side Template Injection (SSTI)
    Web applications play a vital role in delivering dynamic content to users. To achieve this, developers often utilize server-side templates, which provide a powerful and consistent way to generate dynamic web pages. However, along with this power comes the risk of Server-Side Template Injection ...
    Continue Reading

    Never miss a Professionally Evil update!

    Introducing SamuraiWTF 5.3: A Powerhouse for Web App Pen Testing
    Testing  |  Training  |  samuraiWTF  |  web penetration testing  |  application security  |  professionally evil  |  Secure Ideas  |  hacking  |  OWASP  |  Project
    We are thrilled to announce the release of SamuraiWTF (Web Training Framework) version 5.3! This ...
    Continue Reading
    Introducing BILE - Groundbreaking Classification for Web App
    As a seasoned web application penetration tester, I've always felt that there should be a more ...
    Continue Reading
    Hardware Hacking: Interfacing to UART with Your Computer
    hacking  |  hardware  |  UART
    In my previous article, we covered identification and mapping of the UART interface.  In that ...
    Continue Reading
    Hardware Hacking: Finding UART Pinouts on PCBs
    hacking  |  hardware  |  UART
    In my previous article, we started to explore the Universal Asynchronous Receiver/Transmitter ...
    Continue Reading
    Hardware Hacking: Introduction to the UART Interface
    hacking  |  IoT  |  hardware  |  UART
    I wanted to provide some information about hardware and firmware hacking in our blogs.  To get the ...
    Continue Reading
    Introducing PETaaS: Professionally Evil Testing as a Service
    We're thrilled to announce the launch of our latest offering: Professionally Evil Testing as a ...
    Continue Reading
    Ace CISSP Exam Prep with ChatGPT: Your AI Study Buddy
    Are you preparing for the CISSP exam or any other exam that requires a deep understanding of ...
    Continue Reading
    NMAP NSE Scripting By Example: Wordpress Version Detection
    NMAP  |  version  |  NSE  |  Detection  |  WordPress
    In my last blog post, I gave a high-level introduction to the Nmap Scripting Engine (NSE).  In this ...
    Continue Reading
    Why we ditched LastPass
    LastPass is a very popular password management service with both personal and business solutions. ...
    Continue Reading
    Is the CISSP Mentorship for me?
    Training  |  CISSP
    “Knowledge is power.” That quote has been said more times than you can count because it’s true. The ...
    Continue Reading
    What happened to CVE-2022-23529? And what can we learn from it?
    If you saw the disclosure notice for the flaw CVE-2022-23529, it would have been presented as a ...
    Continue Reading