Professionally Evil Blog

A blog by experts of penetration testing and other security assessments.
    Introduction to Writing Nmap Scripting Engine (NSE) Scripts
    One thing I notice a lot of people are missing in their skill set as security professionals is the ability to write NSE scripts for Nmap.  This skill isn’t too hard to learn and by not learning it, you are leaving a lot of value on the table.  I feel like the issue though is that there isn’t a lot ...
    Continue Reading

    Never miss a Professionally Evil update!

    How to Obfuscate Strings in Rust the Easy Way Using the litcrypt Crate
    application security  |  programming  |  rust  |  Obfuscate  |  litcrypt
    Overview Static strings in a binary can make the life easier for reverse engineers, be those ...
    Continue Reading
    Privilege Escalation via File Descriptors in Privileged Binaries
        Today I wanted to cover an application security topic that applies to SetUID binaries.  As we ...
    Continue Reading
    LD_PRELOAD: Making a Backdoor by Hijacking accept()
    application security  |  professionally evil  |  Secure Ideas  |  LD_PRELOAD  |  accept  |  dup2  |  make  |  Linux  |  programming  |  Shared Objects  |  dlsym  |  shell  |  backdoor  |  rootkit  |  userland  |  ELF  |  inject  |  injection
        Today I want to continue the series on using LD_PRELOAD.  In previous posts, we covered how to ...
    Continue Reading