Professionally Evil Insights

Welcome to the Professionally Evil Insights blog by Secure Ideas! In this digital playground, we unravel the complex world of information security with a touch of fun. Our expert-led content ranges from deep-dives into penetration testing to explorations of hardware hacking. Whether you're curious about Secure Ideas or passionate about cybersecurity, this blog is your quick, enlightening, and entertaining guide into the captivating world of information security.

Welcome aboard!

    Featured Image
    Beyond the Browser: The Questions That Expanded the Attack Surface
    penetration testing |  social engineering |  phishing |  Cyber Security Awareness
    After presenting this research at security conferences this year, I was expecting the usual post-talk questions like "what tools did you use?", "does this also work on mobile?", or a compliance officer asking if PDF forms are covered under their DLP policy. What the audience did instead was take ...
    Continue Reading

    Never miss a Professionally Evil update!

    Sign Up For Our Newsletter
    PCI-DSS 4.0.1 - Proving Security: A Penetration Testing Series
    PCI-DSS 4.0.1 - Proving Security: A Penetration Testing Series
    PCI  |  penetration testing  |  compliance  |  PCI DSS
    The Illusion of Security
    Continue Reading
    The AI Arms Race Just Went Public: What Project Glasswing Means for You
    The AI Arms Race Just Went Public: What Project Glasswing Means for You
    penetration testing  |  AI  |  Mythios  |  Anthropic AI  |  Project Glasswing
    Anthropic's announcement this week isn't just a product launch. It's a public acknowledgment that ...
    Continue Reading
    The Secret Handshake – Covertly Redirecting Mobile Traffic to a Different Backend
    The Secret Handshake – Covertly Redirecting Mobile Traffic to a Different Backend
    Normally while performing iOS or Android mobile application penetration tests, we request a custom ...
    Continue Reading
    Paths to Power in Active Directory Part 4: ESC3 – In The Name of The Crown
    Paths to Power in Active Directory Part 4: ESC3 – In The Name of The Crown
    In Part 2, ESC1 – No One, Yet Everyone, we examined a misconfiguration that allows a low-privileged ...
    Continue Reading
    Paths to Power in Active Directory Part 3: ESC2 – The Seal of Any Purpose
    Paths to Power in Active Directory Part 3: ESC2 – The Seal of Any Purpose
    “ Power in Active Directory, much like power in Westeros, often changes hands not through force, ...
    Continue Reading
    Supply Chain Security: Trust Is the New Attack Surface
    Supply Chain Security: Trust Is the New Attack Surface
    In February 2026, while participating in a panel at IT Expo, one statement kept resonating ...
    Continue Reading
    Detecting Dangling SaaS Subdomains and Real Subdomain Takeovers
    Detecting Dangling SaaS Subdomains and Real Subdomain Takeovers
    Subdomain takeover is one of those vulnerabilities that refuses to die. Every few years it gets ...
    Continue Reading
    AI Agents: Clippy With Root Access
    AI Agents: Clippy With Root Access
    There’s a new kind of software showing up in your Slack, IDE, and cloud console and it’s AI agents. ...
    Continue Reading
    Paths to Power in Active Directory Part 2: ESC1 – No One, Yet Anyone
    Paths to Power in Active Directory Part 2: ESC1 – No One, Yet Anyone
    This is the second post in this series. Part I can be found here.
    Continue Reading
    Extract Secrets from Multiple Configuration Files Using Vim
    Extract Secrets from Multiple Configuration Files Using Vim
    penetration testing  |  command line  |  red team  |  VIM
    You're SSH'd into a compromised Linux server during a penetration test. You've found the ...
    Continue Reading
    Paths to Power in Active Directory Part 1: How AD CS Misconfigurations Become the Keys to the Kingdom
    Paths to Power in Active Directory Part 1: How AD CS Misconfigurations Become the Keys to the Kingdom
    An Introduction to Active Directory Certificate Services (AD CS) I am still pretty new to ...
    Continue Reading
    Has contents: true Total pages: 3 Current page: 1
    1 2 3