Professionally Evil Insights

Welcome to the Professionally Evil Insights blog by Secure Ideas! In this digital playground, we unravel the complex world of information security with a touch of fun. Our expert-led content ranges from deep-dives into penetration testing to explorations of hardware hacking. Whether you're curious about Secure Ideas or passionate about cybersecurity, this blog is your quick, enlightening, and entertaining guide into the captivating world of information security.

Welcome aboard!

    Featured Image
    Paths to Power in Active Directory Part 6: ESC8 - The Coerced Crown
    penetration testing |  Active Directory |  Privilege Escalation
    In Part 5, ESC6 - Under a False Sigil, the focus shifted to identity interpretation. The attack path no longer depended on how certificates were requested, but on how the domain controller resolved identity during authentication. ESC8 moves beyond both request and interpretation, shifting the focus ...
    Continue Reading

    Never miss a Professionally Evil update!

    Sign Up For Our Newsletter
    "It's a Dangerous Business, Going Out Your Door" - Why the Cybersecurity Community Needs a Fellowship
    On June 11th, I delivered the keynote at WISCON 2026, the inaugural Wisconsin Information Security ...
    Continue Reading
    No Hash? No Problem! - ASERepCatcher
    No Hash? No Problem! - ASERepCatcher
    Intro: Credentials Are Currency In penetration testing, credentials are like currency. It doesn't ...
    Continue Reading
    The AI Brain: Teaching the Droid to See (AI Pit Droid pt. 2)
    The AI Brain: Teaching the Droid to See (AI Pit Droid pt. 2)
    Robotics  |  Star Wars  |  MediaPipe  |  YOLOv8  |  Gesture Recognition  |  AI Pit Droid
    Blog 2 of 4: Vision, Detection and the Pivot That Changed Everything
    Continue Reading
    What Is a SIAM and Why Is One Showing Up at Your Office?
    What Is a SIAM and Why Is One Showing Up at Your Office?
    If you've scheduled an internal penetration test with Secure Ideas, we've likely asked you to ...
    Continue Reading
    Paths to Power in Active Directory Part 5: ESC6 - Under a False Sigil
    Paths to Power in Active Directory Part 5: ESC6 - Under a False Sigil
    In Part 3, ESC2: The Seal of Any Purpose, we shifted from identity to capability. Instead of ...
    Continue Reading
    Encrypting a Flash Drive in Linux using LUKS
    Encrypting a Flash Drive in Linux using LUKS
    encryption  |  Linux  |  Disk Encryption  |  LUKS  |  flash drive
    Portable devices that store information are both a wonderful convenience and a data security ...
    Continue Reading
    Beyond the Browser: The Questions That Expanded the Attack Surface
    Beyond the Browser: The Questions That Expanded the Attack Surface
    After presenting this research at security conferences this year, I was expecting the usual ...
    Continue Reading
    I Built the Droid I Was Looking For (AI Pit Droid pt. 1)
    I Built the Droid I Was Looking For (AI Pit Droid pt. 1)
    Maker Faire  |  3D Printing  |  Robotics  |  Edge Computing  |  Star Wars  |  AI Pit Droid
    Blog 1 of 4: Introduction
    Continue Reading
    GLBA Breach Notifications: Is Your Incident Response Program Built for It?
    GLBA Breach Notifications: Is Your Incident Response Program Built for It?
    Most security and compliance conversations about the Gramm-Leach-Bliley Act (GLBA) focus on the ...
    Continue Reading
    PCI-DSS 4.0.1 - Proving Security: A Penetration Testing Series
    PCI-DSS 4.0.1 - Proving Security: A Penetration Testing Series
    PCI  |  penetration testing  |  compliance  |  PCI DSS
    The Illusion of Security
    Continue Reading
    Rolling for Resilience Part 5 - Side Quests: Not Every Member of the Party Swings a Sword!
    Rolling for Resilience Part 5 - Side Quests: Not Every Member of the Party Swings a Sword!
    This is the fifth post in this series addressing my perspective on the current state of ...
    Continue Reading
    Has contents: true Total pages: 33 Current page: 1
    1 2 3 4 5