Professionally Evil Insights

Welcome to the Professionally Evil Insights blog by Secure Ideas! In this digital playground, we unravel the complex world of information security with a touch of fun. Our expert-led content ranges from deep-dives into penetration testing to explorations of hardware hacking. Whether you're curious about Secure Ideas or passionate about cybersecurity, this blog is your quick, enlightening, and entertaining guide into the captivating world of information security.

Welcome aboard!

    QB 10 – Half Shells and Full Shells
    I wanted to share a really cool technique that I found out about recently. Now I will say this is probably more useful to other pentesters than anyone else, but I love sharing information like this when I get a chance. I learned about this technique when working through a retired HackTheBox (HTB) ...
    Continue Reading

    Never miss a Professionally Evil update!

    Intro to NMAP
    My journey into cybersecurity has been anything but easy. This field offers a wide range of ...
    Continue Reading
    What does PCI require for Developer Training?
    Training  |  PCI  |  developers  |  application security  |  appsec
    The Payment Card Industry Security Standards Council (PCI SSC) defines compliance standards for all ...
    Continue Reading
    Mitigating Exploitation Risks in Active Directory Certificate Services
    A recent pentest of an Active Directory environment turned into a struggle to uncover an avenue for ...
    Continue Reading
    Everything You Need To Know About The Nist Cybersecurity Framework 2.0
    best practices  |  cybersecurity  |  government  |  CSF  |  cybersecurity standards  |  framework  |  NIST  |  profiles  |  tiers
    This week NIST released the highly anticipated update to the Cybersecurity Framework (CSF). Here’s ...
    Continue Reading
    Quick Bites 9 – Adventuring into the Unknown: The Hacker Subculture
    One of the really cool things about being a hacker is that we get to discover new things. It’s kind ...
    Continue Reading
    The reason I stopped using Postman for API Pentests
    I’ve been a proponent of Postman for a number of years. I’ve written and spoken about using it in ...
    Continue Reading
    Exploring Sentry Safe Exploit on the Flipper Zero with Logic Analyzer
    hacking  |  hardware  |  flipper zero  |  sentry  |  safe  |  logic analyzer
    Overview I recently had a friend that wanted to learn how to use a logic analyzer. Given the number ...
    Continue Reading
    Webcast: Minor Flaws, Cumulative Risks
    Cyber  |  webcast
    Imagine unraveling a classic whodunit murder mystery, where every subtle clue—a misplaced glove, a ...
    Continue Reading
    Mission Imfuzzable: How to Fuzz Web Apps you can't Intercept
    Introduction Fuzzing is a critical technique for finding vulnerabilities in web applications by ...
    Continue Reading