Reading the Mandiant APT1 Report
Like a lot of folks, I downloaded and read through the Mandiant APT1 report as soon as I could. It’s an excellent resource and I highly recommend...
Professionally Evil Insights
Search for keywords or individual blog posts
Posts
Active Defenses?
Active defense, often mistakenly called hacking back, is a common topic thrown around the security space lately. And I think there are a number of...
Where in the RSA is Kevin?
So RSA 2013 in San Francisco is coming up and I will be there for two different parts of the event. First, on the 24th and 25th of February, I will...
Grab a CORS Light
Many of you already know that any cross-site HTTP requests invoked from scripts running within a browser are restricted by the Same-Origin-Policy. ...
Laudanum by Example: Shell
Previously, I wrote a post providing a brief introduction to Laudanum. If you haven’t read it, or don’t know what Laudanum is, I encourage you to...
Introduction to Laudanum
As a security consultant, there are so many scenarios that I run into every day that there is no one tool or script that solves every problem. The...
Hi, I'm with IT and I'm Here to Steal From You
Beware of the Unknown IT Grunt I decided to continue on with the same theme as Kevin’s post about the delivery guy. Secure Ideas was recently asked...
WinPhone 7: Fiddler Setup
One of the many tasks on any penetration tester’s to-do list is to set up a web proxy for debugging applications. Doing this for the normal browser...
Finding the Leaks
One of the common vulnerabilities we find when performing internal network penetration testing is sensitive data on open SMB file shares. Now, by...
Spear Phishing: "You guys are Shady!"
This post is part of our Professionally Evil series of posts that discuss some of the experiences we have had as Security Consultants. In Kevin’s...
Happy New Years!
As we finish 2012 and look forward to 2013, Secure Ideas’ staff would like to wish everyone a happy new year. We also thought it would be fun to do...
Don’t Trust the Replacement Delivery Guy
Here at Secure Ideas we have had a ton of fun experiences during our work. When we teach or present, people often ask us to talk about the things we...