A Container Hacker’s Guide to Living Off of the Land

Sometimes as a pentester you find yourself in tricky situations. Depending on the type of engagement, you might want to try to avoid making a lot of noise on the network if possible. This blog post is going to talk about two techniques to use to gather information on your target while avoiding making too …

A Container Hacker’s Guide to Living Off of the Land Read More »

The Ignorant Human: Data’s Biggest Threat

For all the money spent on expensive software solutions and expert consultation; an organization is still at a tremendous risk if it is not developing a culture of security as part of its normal business practices.  Many organizations have 24/7 teams dedicated to monitoring and incident response, but what about any organization’s weakest link? The …

The Ignorant Human: Data’s Biggest Threat Read More »

Twelve Days of XSSmas

This series of daily mini-posts, running from December 12, 2018 to December 24, 2018, is intended to provide cross-site scripting (XSS) related tips. This will range from filter-evasion and payload minification tricks, to old (but still good) classic XSS tips, to scripts that make (or contribute to) interesting proof-of-concept payloads. Day 1 When building payloads …

Twelve Days of XSSmas Read More »

Professionally Evil CISSP Certification: Breaking the Bootcamp Model

ISC2 describes the CISSP as a way to prove “you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program”.  It is one of the primary certifications used as a stepping stone in your cybersecurity career.   Traditionally, students have two different options to gain this certification; self-study or a bootcamp.  Both …

Professionally Evil CISSP Certification: Breaking the Bootcamp Model Read More »

Network Check Ups

Most people know that taking care of your personal health is important. We get regular check ups and try to keep ourselves as healthy and free of potential risks as best we can. During these check ups, a doctor will typically tell us about important health concerns, and recommendations to improve or fix any conditions …

Network Check Ups Read More »

Compliance is not Security

Many folks get confused about the difference between security and compliance. Many, especially those less technically inclined, assume that fulfilling compliance obligations sufficiently addresses security. Unfortunately, that’s not true as demonstrated by the continuing rise of security breaches each year. In this post, I’ll briefly explain the difference between security and compliance, and then outline …

Compliance is not Security Read More »

Spring Break without Breaking the Bank: Hands On Training

Over the last eight years, one of the main focuses of Secure Ideas has been education.  One responsibility we take very seriously is that of growing the skills within our clients and the public, with the objective of raising the bar in security.  This mindset and core passion of Secure Ideas is because we all …

Spring Break without Breaking the Bank: Hands On Training Read More »

Scroll to Top