Professionally Evil Insights

Welcome to the Professionally Evil Insights blog by Secure Ideas! In this digital playground, we unravel the complex world of information security with a touch of fun. Our expert-led content ranges from deep-dives into penetration testing to explorations of hardware hacking. Whether you're curious about Secure Ideas or passionate about cybersecurity, this blog is your quick, enlightening, and entertaining guide into the captivating world of information security.

Welcome aboard!

    Featured Image
    What Is a SIAM and Why Is One Showing Up at Your Office?
    FAQ |  penetration testing |  network security |  Remote Testing
    If you've scheduled an internal penetration test with Secure Ideas, we've likely asked you to either plug in a small device or spin up a virtual machine on your network. You will hear us refer to that device as a SIAM, or the Secure Ideas Attack Machine. Understandably, some clients want to know ...
    Continue Reading

    Never miss a Professionally Evil update!

    Sign Up For Our Newsletter
    Paths to Power in Active Directory Part 5: ESC6 - Under a False Sigil
    Paths to Power in Active Directory Part 5: ESC6 - Under a False Sigil
    In Part 3, ESC2: The Seal of Any Purpose, we shifted from identity to capability. Instead of ...
    Continue Reading
    Beyond the Browser: The Questions That Expanded the Attack Surface
    Beyond the Browser: The Questions That Expanded the Attack Surface
    After presenting this research at security conferences this year, I was expecting the usual ...
    Continue Reading
    PCI-DSS 4.0.1 - Proving Security: A Penetration Testing Series
    PCI-DSS 4.0.1 - Proving Security: A Penetration Testing Series
    PCI  |  penetration testing  |  compliance  |  PCI DSS
    The Illusion of Security
    Continue Reading
    The AI Arms Race Just Went Public: What Project Glasswing Means for You
    The AI Arms Race Just Went Public: What Project Glasswing Means for You
    penetration testing  |  AI  |  Mythios  |  Anthropic AI  |  Project Glasswing
    Anthropic's announcement this week isn't just a product launch. It's a public acknowledgment that ...
    Continue Reading
    The Secret Handshake – Covertly Redirecting Mobile Traffic to a Different Backend
    The Secret Handshake – Covertly Redirecting Mobile Traffic to a Different Backend
    Normally while performing iOS or Android mobile application penetration tests, we request a custom ...
    Continue Reading
    Paths to Power in Active Directory Part 4: ESC3 – In The Name of The Crown
    Paths to Power in Active Directory Part 4: ESC3 – In The Name of The Crown
    In Part 2, ESC1: No One, Yet Everyone, we examined a misconfiguration that allows a low-privileged ...
    Continue Reading
    Paths to Power in Active Directory Part 3: ESC2 – The Seal of Any Purpose
    Paths to Power in Active Directory Part 3: ESC2 – The Seal of Any Purpose
    " Power in Active Directory, much like power in Westeros, often changes hands not through force, ...
    Continue Reading
    Supply Chain Security: Trust Is the New Attack Surface
    Supply Chain Security: Trust Is the New Attack Surface
    In February 2026, while participating in a panel at IT Expo, one statement kept resonating ...
    Continue Reading
    Detecting Dangling SaaS Subdomains and Real Subdomain Takeovers
    Detecting Dangling SaaS Subdomains and Real Subdomain Takeovers
    Subdomain takeover is one of those vulnerabilities that refuses to die. Every few years it gets ...
    Continue Reading
    AI Agents: Clippy With Root Access
    AI Agents: Clippy With Root Access
    There’s a new kind of software showing up in your Slack, IDE, and cloud console and it’s AI agents. ...
    Continue Reading
    Paths to Power in Active Directory Part 2: ESC1 – No One, Yet Anyone
    Paths to Power in Active Directory Part 2: ESC1 – No One, Yet Anyone
    This is the second post in this series. Part 1 can be found here.
    Continue Reading
    Has contents: true Total pages: 4 Current page: 1
    1 2 3 4