Professionally Evil Insights

Posts


Finding the Leaks

One of the common vulnerabilities we find when performing internal network penetration testing is sensitive data on open SMB file shares.  Now, by...


Spear Phishing: "You guys are Shady!"

This post is part of our Professionally Evil series of posts that discuss some of the experiences we have had as Security Consultants.  In Kevin’s...


Happy New Years!

As we finish 2012 and look forward to 2013, Secure Ideas’ staff would like to wish everyone a happy new year.  We also thought it would be fun to do...


Don’t Trust the Replacement Delivery Guy

Here at Secure Ideas we have had a ton of fun experiences during our work. When we teach or present, people often ask us to talk about the things we...


Grey Box Penetration Testing

A common question I get from potential clients is “what is grey box testing and why do we need it?”  I believe this often stems from the request for...


SH5ARK: Taking a Byte out of HTML5

The new features in HTML5 have opened a whole new world of opportunities for developers and for attackers.  Secure Ideas recognized this and  with...


How To: Encrypting Mac Mail

As a security consultant, frequently traveling, it is critical to implement security controls to protect sensitive data on my computer.  One of the...


DerbyCon Wrap Up

Its a wrap!  DerbyCon has ended for the Secure Ideas crew and we are all headed home.  While a few team members are flying out, the rest of us are...


DerbyCon Bound

So the Secure Ideas staff is pretty excited to be headed to DerbyCon even though Jason is the only one smart enough to fly there. (James, Kevin, Tony...


Testing

ViewState XSS: What's the Deal?

As penetration testers, there are many different technologies that we have to be familiar with.  The more we know and understand about a given...