Professionally Evil Insights

Welcome to the Professionally Evil Insights blog by Secure Ideas! In this digital playground, we unravel the complex world of information security with a touch of fun. Our expert-led content ranges from deep-dives into penetration testing to explorations of hardware hacking. Whether you're curious about Secure Ideas or passionate about cybersecurity, this blog is your quick, enlightening, and entertaining guide into the captivating world of information security.

Welcome aboard!

    Featured Image
    Paths to Power in Active Directory Part 3: ESC2 – The Seal of Any Purpose
    penetration testing |  Active Directory |  ESC1
    “ Power in Active Directory, much like power in Westeros, often changes hands not through force, but through misplaced trust. ” ✦ Secure Ideas ✦ Expanding the Kingdom: When Trust Knows No Bounds In Part 1 of this series, An Introduction to Active Directory Certificate Services (AD CS), I introduced ...
    Continue Reading

    Never miss a Professionally Evil update!

    Sign Up For Our Newsletter
    Supply Chain Security: Trust Is the New Attack Surface
    Supply Chain Security: Trust Is the New Attack Surface
    In February 2026, while participating in a panel at IT Expo, one statement kept resonating ...
    Continue Reading
    SaaS Sprawl, Identity, and the Illusion of Control
    SaaS Sprawl, Identity, and the Illusion of Control
    While participating in the SaaS Sprawl and Shared Responsibility: Regaining Control and Assuring ...
    Continue Reading
    Detecting Dangling SaaS Subdomains and Real Subdomain Takeovers
    Detecting Dangling SaaS Subdomains and Real Subdomain Takeovers
    Subdomain takeover is one of those vulnerabilities that refuses to die. Every few years it gets ...
    Continue Reading
    AI Agents: Clippy With Root Access
    AI Agents: Clippy With Root Access
    There’s a new kind of software showing up in your Slack, IDE, and cloud console and it’s AI agents. ...
    Continue Reading
    Evaluating AI Language Tutors Through a Security Lens
    Evaluating AI Language Tutors Through a Security Lens
    Evaluating AI Language Tutors Through a Security Lens Over the past year or so, I have seen a ...
    Continue Reading
    Rolling for Resilience Part 3: Battle Prep - The Scrolls of Response
    Rolling for Resilience Part 3: Battle Prep - The Scrolls of Response
    This is the third post in this series addressing my perspective on the current state of ...
    Continue Reading
    Paths to Power in Active Directory Part 2: ESC1 – No One, Yet Anyone
    Paths to Power in Active Directory Part 2: ESC1 – No One, Yet Anyone
    This is the second post in this series. Part I can be found here.
    Continue Reading
    Extract Secrets from Multiple Configuration Files Using Vim
    Extract Secrets from Multiple Configuration Files Using Vim
    penetration testing  |  command line  |  red team  |  VIM
    You're SSH'd into a compromised Linux server during a penetration test. You've found the ...
    Continue Reading
    Paths to Power in Active Directory Part 1: How AD CS Misconfigurations Become the Keys to the Kingdom
    Paths to Power in Active Directory Part 1: How AD CS Misconfigurations Become the Keys to the Kingdom
    An Introduction to Active Directory Certificate Services (AD CS) I am still pretty new to ...
    Continue Reading
    No Broadcast Traffic? No Problem! - NetExec SMB Slinky Module
    No Broadcast Traffic? No Problem! - NetExec SMB Slinky Module
    As pentesters, tools such as Responder and Ntlmrelayx are great tools for capturing hashes or ...
    Continue Reading
    Annual Pentests Aren't Cutting It Anymore: Why Continuous Testing Beats Scrambling at Renewal Time
    Annual Pentests Aren't Cutting It Anymore: Why Continuous Testing Beats Scrambling at Renewal Time
    Let's be honest about something: if you're still relying on that once-a-year penetration test to ...
    Continue Reading
    Has contents: true Total pages: 32 Current page: 1
    1 2 3 4 5