Proxying HTTPS Traffic with Burp Suite

This is easy to fix. All we need to do is tell our browser that the Burp CA can be trusted. Because every new installation of Burp generates a different CA, this doesn’t create a risk of somebody else intercepting your traffic surreptitiously with their Burp instance. The actual steps to perform this vary slightly by operating system.

Einstein Told Us: Why User Awareness is NOT the right focus

“The definition of insanity is doing the same thing over and over again and expecting different results.” – Einstein (Well, not really!) Every day we hear another reason why user awareness (or better-named security awareness) is critical. We hear an announcement of another breach or social engineering attack. And then we get asked why security …

Einstein Told Us: Why User Awareness is NOT the right focus Read More »

Cooking up Better Security Incident Communications

I am fond of meal kits. I enjoy the entire experience: the scrolling through delicious-looking meal descriptions, the excitement of receiving a package full of ingredients, the smells while learning how to make the recipe, and of course tasting that first bite of the new things you created with your own hands. I have not …

Cooking up Better Security Incident Communications Read More »

Asset Discovery

The first step in securing any organization is to understand what you have.  Unless you have a strong understanding of the systems and services on your network, you have no hope of keeping it both secure and usable.  You could implement extremely strong controls to lock down everything, but then business operations come to a …

Asset Discovery Read More »

Insomnia plus Burp Suite icons

Getting Started API Penetration Testing with Insomnia

In our blog series on Better API Penetration Testing with Postman we discussed using Postman as the client for testing RESTful service APIs. Insomnia is an MIT-licensed open source alternative to Postman. Its commercial maintainer, Kong, is best known for their microservice API Gateway. Like Postman, Kong offers premium subscriptions for syncing and collaboration functionality. …

Getting Started API Penetration Testing with Insomnia Read More »

Using Components with Known Vulnerabilities

When an organization has a breach, you would like to imagine that the attacker crafted a new exploit, leveraging a zero-day vulnerability that no one has any protection against. However, It is far more likely that the attacker exploited well-known vulnerabilities that may have been residing within their systems for months, if not years.  Attackers …

Using Components with Known Vulnerabilities Read More »

Kubernetes Security – A Useful Bash One-Liner

Whether you’re an administrator, pentester, devop engineer, programmer, or some other IT person, chances are that you’ve heard of Kubernetes (k8s). If you’re a penetration tester like myself you may sometimes find yourself in odd situations involving k8s. One such situation is getting or being given super admin to a Kubernetes cluster, but you’re on …

Kubernetes Security – A Useful Bash One-Liner Read More »

Building Blocks: Professionally Evil Fundamentals Series

We at Secure Ideas love security education. What we enjoy even more is affordable security education. So we decided to start a Professionally Evil Fundamentals Video series. These are short definition videos related to information security and penetration testing. We believe that these videos are for anyone who wants to move into information security or …

Building Blocks: Professionally Evil Fundamentals Series Read More »

Scroll to Top