Professionally Evil Insights

Posts


Reading the Mandiant APT1 Report

Like a lot of folks, I downloaded and read through the Mandiant APT1 report as soon as I could.  It’s an excellent resource and I highly recommend...


Active Defenses?

Active defense, often mistakenly called hacking back, is a common topic thrown around the security space lately.  And I think there are a number of...


Where in the RSA is Kevin?

So RSA 2013 in San Francisco is coming up and I will be there for two different parts of the event. First, on the 24th and 25th of February, I will...


Grab a CORS Light

Many of you already know that any cross-site HTTP requests invoked from scripts running within a browser are restricted by the Same-Origin-Policy. ...


Laudanum by Example: Shell

Previously, I wrote a post providing a brief introduction to Laudanum.  If you haven’t read it, or don’t know what Laudanum is, I encourage you to...


Introduction to Laudanum

As a security consultant, there are so many scenarios that I run into every day that there is no one tool or script that solves every problem.  The...


WinPhone 7: Fiddler Setup

One of the many tasks on any penetration tester’s to-do list is to set up a web proxy for debugging applications.  Doing this for the normal browser...


Finding the Leaks

One of the common vulnerabilities we find when performing internal network penetration testing is sensitive data on open SMB file shares.  Now, by...


Spear Phishing: "You guys are Shady!"

This post is part of our Professionally Evil series of posts that discuss some of the experiences we have had as Security Consultants.  In Kevin’s...


Happy New Years!

As we finish 2012 and look forward to 2013, Secure Ideas’ staff would like to wish everyone a happy new year.  We also thought it would be fun to do...


Don’t Trust the Replacement Delivery Guy

Here at Secure Ideas we have had a ton of fun experiences during our work. When we teach or present, people often ask us to talk about the things we...