Professionally Evil Insights

Welcome to the Professionally Evil Insights blog by Secure Ideas! In this digital playground, we unravel the complex world of information security with a touch of fun. Our expert-led content ranges from deep-dives into penetration testing to explorations of hardware hacking. Whether you're curious about Secure Ideas or passionate about cybersecurity, this blog is your quick, enlightening, and entertaining guide into the captivating world of information security.

Welcome aboard!

    Paths to Power in Active Directory Part 6: ESC8 - The Coerced Crown
    In Part 5, ESC6 - Under a False Sigil, the focus shifted to identity interpretation. The attack path no longer depended on how certificates were requested, but on how the domain controller resolved identity during authentication. ESC8 moves beyond both request and interpretation, shifting the focus ...
    Continue Reading

    Never miss a Professionally Evil update!

    Paths to Power in Active Directory Part 5: ESC6 - Under a False Sigil
    In Part 3, ESC2: The Seal of Any Purpose, we shifted from identity to capability. Instead of ...
    Continue Reading
    Paths to Power in Active Directory Part 4: ESC3 – In The Name of The Crown
    In Part 2, ESC1: No One, Yet Everyone, we examined a misconfiguration that allows a low-privileged ...
    Continue Reading
    Application Security 202: Vulnerabilities Accepted
    vul·ner·a·bil·i·ty The quality or state of being exposed to the possibility of being attacked or ...
    Continue Reading
    Privilege Escalation via File Descriptors in Privileged Binaries
    Today I wanted to cover an application security topic that applies to SetUID binaries. As we all ...
    Continue Reading
    Has contents: true Total pages: 1 Current page: 1