Professionally Evil Blog
A blog by experts of penetration testing and other security assessments.

Twelve Days of ZAPmas - Day 7 - API Testing with Postman and ZAP
If you’ve done any significant amount of API development, there’s a good chance you’ve used ...
Learn more

Twelve Days of ZAPMAS - Day 6 - Passive Flaw Detection and Using the HUD
One of the awesome things about a security-focused interception proxy like ZAP is its ability to ...
Learn more

Twelve Days of ZAPmas - Day 5 - Scope and Contexts
Normally I don’t like having my interception proxy hide out-of-scope traffic. Doing so creates a ...
Learn more

Twelve Days of ZAPmas - Day 4 - Fuzzing for Injection
I briefly introduced fuzzing earlier in the series, citing it as the second primitive upon which ...
Learn more

Twelve Days of ZAPmas - Day 3 - CYA (Cover Your Auth)
Access control is one of the crucial elements to application security. The vast majority of ...
Learn more

Twelve Days of ZAPmas - Day 2 - The Edge of Tomorrow
Day 2 - The Edge of Tomorrow - Replaying and Tampering with Requests Fuzzing and tampering are like ...
Learn more

Twelve Days of ZAPmas - Day 1 - Setting Up ZAP
This holiday season, I’m going to run down some of the ins and outs of working with OWASP Zed ...
Learn more

Guidance |
best practices |
Quick Bites |
Cyber |
Hygiene |
CIS Top 18 |
Blue Team
Quick Bites Ep 6 - Good Hygiene is IMPORTANT, PEOPLE!
So, I just missed a week of work because of the flu (it wasn’t COVID, I got tested). The flu SUCKS. ...
Learn more
Training |
professionally evil |
Secure Ideas |
Windows 10 |
Windows 11 |
sysadmin |
system administration |
cmd |
powershell |
firewall rules
How to iterate through advfirewall rules
There are several ways to pull firewall information from a Windows system. Today we will ...
Learn more

NMAP |
programming |
NSE
Introduction to Writing Nmap Scripting Engine (NSE) Scripts
One thing I notice a lot of people are missing in their skill set as security professionals is the ...
Learn more

hacking |
Quick Bites |
Insider Threat |
Attacks |
Halloween
Quick Bites Ep 5 - The Call Is Coming From INSIDE THE HOUSE
Man, I’ll be honest - I’m super excited to be doing a Halloween-themed blog post this year. So, ...
Learn more

Training |
professionally evil |
Secure Ideas |
technology tips and tricks |
sysadmin |
data |
data manipulation |
excel |
spreadsheet |
filtering
Working With Data: IP and Port Filtering
During our day-to-day work, there’s a lot of data that we interact with. In order to make good ...
Learn more