Professionally Evil Insights | application security (2)

Client Portal

Contact Us

Professionally Evil Blog

A blog by experts of penetration testing and other security assessments.

Application Security 202: Vulnerabilities Accepted

Testing | Vulnerability | Guidance | data breach | information security | penetration testing | application security | professionally evil | Secure Ideas | hacking | best practices | cybersecurity | Privilege Escalation

Application Security 202: Vulnerabilities Accepted

vul·ner·a·bil·i·ty The quality or state of being exposed to the possibility of being attacked or ...

Learn more

(Not So) Quick Bites - Episode 3 - Writing About Writer's Block

Deliverables | consulting | application security | Secure Ideas | cybersecurity | methodology | Project | Writing | Quick Bites

(Not So) Quick Bites - Episode 3 - Writing About Writer's Block

So, sometimes I have a real problem with writing, specifically reports and blog posts. Somehow, ...

Learn more

Burp Suite | application security

Hunting Secrets

Applications are hemorrhaging sensitive data. In many cases, the culprit is marketing and analytics ...

Learn more

Quick Bites Episode 2 - HTTP Security Headers and Why You NEED Them

security | application security | web application security | methodology | technology tips

Quick Bites Episode 2 - HTTP Security Headers and Why You NEED Them

Hi everybody! So, after some feedback about the last “quick” Quick Bites (thanks Josh!), I’ve ...

Learn more

Privilege Escalation via File Descriptors in Privileged Binaries

application security | professionally evil | Secure Ideas | Linux | programming | File Descriptors | SetUID | Privilege Escalation

Privilege Escalation via File Descriptors in Privileged Binaries

Today I wanted to cover an application security topic that applies to SetUID binaries. As we ...

Learn more

LD_PRELOAD: Making a Backdoor by Hijacking accept()

application security | professionally evil | Secure Ideas | LD_PRELOAD | accept | dup2 | make | Linux | programming | Shared Objects | dlsym | shell | backdoor | rootkit | userland | ELF | inject | injection

LD_PRELOAD: Making a Backdoor by Hijacking accept()

Today I want to continue the series on using LD_PRELOAD. In previous posts, we covered how to ...

Learn more

Wild West Hackin Fest 2022: The Return

Training | security | samuraiWTF | web penetration testing | information security | security awareness | application security | professionally evil | Secure Ideas | hacking | cybersecurity | pentesting | web application security | technology | security conference

Wild West Hackin Fest 2022: The Return

Man, San Diego is beautiful. I don't know exactly why John Strand and Black Hills Information ...

Learn more

Digging Between the Couch Cushions - CouchDB CVE-2021-38295 Breakdown

Vulnerability | developers | security | open source | information security | application security | hacking

Digging Between the Couch Cushions - CouchDB CVE-2021-38295 Breakdown

Introduction In this blog post we’re going to take a look at the recent CouchDB vulnerability, ...

Learn more

1 2

Never miss a professionally evil update!

Sign Up For Our Newsletter