Brute Forcing the Change Password Feature
As a penetration tester, brute force attacks are something I test for on every application. ...
Continue Reading
GSA Database May Have Leaked Information: Kevin Johnson was Interviewed
Recently it was announced that there was a security flaw found in one of the GSA systems that could ...
Continue Reading
Hiring Philosophy and How to Get Into InfoSec
As one of the founders of Secure Ideas, I am often asked how someone gets into InfoSec and/or how ...
Continue Reading
Who are We: Kevin Johnson
So here at Secure Ideas we have decided to do a small series of posts. The purpose of these posts ...
Continue Reading
Looking for Malicious PHP Files
A while back I had to deal with a compromised web server for some folks. They had some WordPress ...
Continue Reading
Podcast Show Notes: Why are Passwords so Difficult
Kevin and James just finished up recording episode 2 of the Professionally Evil Perspective ...
Continue Reading
The Watering Hole: Is it Safe to Drink?
How many times have you been told you have a vulnerability that you just don’t understand its ...
Continue Reading
Admin Consoles, Default Creds, and Sweet Pwnage
When performing internal network penetration tests, one thing that really gets us excited is ...
Continue Reading
Decoding F5 Cookie
As a Penetration Tester, there are many different things you come across while performing a test. ...
Continue Reading
Introduction to MobiSec video
We just wanted to post a quick update to let you know about a new video. Kevin (working with James) ...
Continue Reading
Reading the Mandiant APT1 Report
Like a lot of folks, I downloaded and read through the Mandiant APT1 report as soon as I could. ...
Continue Reading