Professionally Evil Insights
Welcome to the Professionally Evil Insights blog by Secure Ideas! In this digital playground, we unravel the complex world of information security with a touch of fun. Our expert-led content ranges from deep-dives into penetration testing to explorations of hardware hacking. Whether you're curious about Secure Ideas or passionate about cybersecurity, this blog is your quick, enlightening, and entertaining guide into the captivating world of information security.
Welcome aboard!
What happened to CVE-2022-23529? And what can we learn from it?
If you saw the disclosure notice for the flaw CVE-2022-23529, it would have been presented as a remote code execution flaw (via JWT secret poisoning) in the jwt.verify method of a main Node.js package for working with JSON Web Tokens (JWTs). The package in question is Auth0’s node_jsonwebtoken ...
Continue Reading
Never miss a Professionally Evil update!
Application Security 202: Vulnerabilities Accepted
Testing |
Vulnerability |
Guidance |
data breach |
information security |
penetration testing |
application security |
professionally evil |
Secure Ideas |
hacking |
best practices |
cybersecurity |
Privilege Escalation
vul·ner·a·bil·i·ty The quality or state of being exposed to the possibility of being attacked or ...
Continue Reading
Quick Bites - Finding Open Windows File Shares
Vulnerability |
network |
Secure Ideas |
hacking |
network security |
Windows |
scanning |
methodology |
how-to |
Free
Hi there, ladies and gentlemen! My name is Aaron Moss, and welcome to the first edition of Quick ...
Continue Reading
Digging Between the Couch Cushions - CouchDB CVE-2021-38295 Breakdown
Vulnerability |
developers |
security |
open source |
information security |
application security |
hacking
Introduction In this blog post we’re going to take a look at the recent CouchDB vulnerability, ...
Continue Reading