Reading the Mandiant APT1 Report
Like a lot of folks, I downloaded and read through the Mandiant APT1 report as soon as I could. It’s an excellent resource and I highly recommend...
Like a lot of folks, I downloaded and read through the Mandiant APT1 report as soon as I could. It’s an excellent resource and I highly recommend...
Active defense, often mistakenly called hacking back, is a common topic thrown around the security space lately. And I think there are a number of...
So RSA 2013 in San Francisco is coming up and I will be there for two different parts of the event. First, on the 24th and 25th of February, I will...
Many of you already know that any cross-site HTTP requests invoked from scripts running within a browser are restricted by the Same-Origin-Policy. ...
Previously, I wrote a post providing a brief introduction to Laudanum. If you haven’t read it, or don’t know what Laudanum is, I encourage you to...
As a security consultant, there are so many scenarios that I run into every day that there is no one tool or script that solves every problem. The...
Beware of the Unknown IT Grunt I decided to continue on with the same theme as Kevin’s post about the delivery guy. Secure Ideas was recently asked...
One of the many tasks on any penetration tester’s to-do list is to set up a web proxy for debugging applications. Doing this for the normal browser...
One of the common vulnerabilities we find when performing internal network penetration testing is sensitive data on open SMB file shares. Now, by...
This post is part of our Professionally Evil series of posts that discuss some of the experiences we have had as Security Consultants. In Kevin’s...
As we finish 2012 and look forward to 2013, Secure Ideas’ staff would like to wish everyone a happy new year. We also thought it would be fun to do...
Here at Secure Ideas we have had a ton of fun experiences during our work. When we teach or present, people often ask us to talk about the things we...