Professionally Evil Insights

AppSec Cheat Code: Shift Left, Shift Right, Up, Down & Start

Seamless and unobtrusive security is the future. We are huge advocates of shifting left and moving security testing earlier in the development...

Ochaun Marshall May 4, 2021

A Hacker’s Tour of the X86 CPU Architecture

Overview The Intel x86 CPU architecture is one of the most prolific CPU architectures for desktops, laptops, and servers. While other architectures...

Travis Phillips Apr 20, 2021

Three Excellent API Security Practices Most People Neglect

We are very much in the age of APIs. From widely-used single-purpose products like Slack to cloud-based solutions like Amazon Web Services (AWS) and...

Mic Whitehorn-Gillam Apr 15, 2021

LD_PRELOAD: How to Run Code at Load Time

Today I want to continue the series on using LD_PRELOAD. In previous posts, we covered how to inject a shared object binary into a process, and...

Travis Phillips Feb 24, 2021

Announcing Burp Co2!

This is for those of you who do web pen testing with Portswigger’s Burp proxy tool! Over the past couple of months I have been using my Java skills...

Jason Gillam Feb 12, 2021

Converting NMAP XML Files to HTML with xsltproc

NMAP is a wonderful network scanner and its ability to log scan data to files, specifically XML, helps quite a bit. This enables the scan data to be...

Travis Phillips Jan 14, 2021

Solving the November 13th Detective Nevil Mystery Challenge

Overview Each week on Friday, we post a social media challenge known as “Detective Nevil Mystery Challenge”. On November 13th of 2020, we released a...

Travis Phillips Dec 3, 2020

3 Reasons to Pentest with Brave

Penetration testing is a race against the clock. Often, we only have a few days to examine all the functionality of a web application or an API. That...

Ochaun Marshall Nov 30, 2020

Not-So-Random: Using LD_PRELOAD to Hijack the rand() Function

Today I wanted to continue the series on using LD_PRELOAD. In today’s post we are going to use LD_PRELOAD to hijack the rand() function in a...

Travis Phillips Oct 29, 2020

Boolean Math (NOT Logic) – CISSP Domain 3

Hello everyone. We’ve got another Boolean math session lined up for you today. This time we’re going to take a quick look at the NOT logic and...

Bill McCauley Oct 22, 2020

The Death and Rebirth of Musashi.js OR How I turned personal failure into better teaching tools.

A little background… As I stood in front of a class of developers trying to explain cross-origin resource sharing (CORS), I knew I wasn’t conveying...

Mic Whitehorn-Gillam Oct 20, 2020

Boolean Math (XOR Logic) – CISSP Domain 3

Hello everyone. We’ve got another Boolean math session to look over today. Our focus this time will be on the XOR logic. The XOR stands for...

Bill McCauley Oct 15, 2020

1 2 3

... 28