Professionally Evil Blog

A blog by experts of penetration testing and other security assessments.
      The first step in securing any organization is to understand what you have.  Unless you have a strong understanding of the systems and services on your network, you have no hope of keeping it both secure and usable.  You could implement extremely strong controls to lock down everything, but then ...
    Continue Reading

    Never miss a Professionally Evil update!

    10 Tips for Engaging a Security Services Vendor
      The Information Security market brought in an estimated $167 billion in 2019 and that’s expected ...
    Continue Reading
    How to Test Your Security Controls for Small/Medium Businesses
    We often get contacted by small businesses requesting their first penetration test because of ...
    Continue Reading
    Compliance is not Security
      Many folks get confused about the difference between security and compliance. Many, especially ...
    Continue Reading
    Silencing Firefox's Chattiness for Web App Testing
      Firefox is one chatty browser! Even if you don’t actually use it for anything, it’s constantly ...
    Continue Reading
    Checking Under the Bed
    I’ve got four kids and part of their chores involve cleaning up their bedrooms. Inevitably, their ...
    Continue Reading
    These Aren't the Password Guidelines You're Looking For
      “You don’t need to see his identification.” It’s a classic line.  With a flick of the wrist old ...
    Continue Reading
    Protecting your Kids from Online Threats
    “The greatest gifts you can give your children are the roots of responsibility and the wings of ...
    Continue Reading
    Hours After The Penetration Test, This CSO Revealed Something That Will Leave You In Tears
    We all recognize clickbait when we see it. And yet thousands still click on the links. In today’s ...
    Continue Reading
    Whose Code Are You Running?
      One of my favorite ways to eat Oreo cookies is to twist the two halves apart, carefully set the ...
    Continue Reading
    We're Just Like the NSA, and Nothing Like Them
      During penetration tests, and especially scoping calls, we often get quizzed about what secret, ...
    Continue Reading
    Introduction to Metasploit Video
      The Metasploit Framework is a key resource for security assessors. Whether you’re goal is to ...
    Continue Reading