Tactical Security Ops at Black Hat 2013

Kevin Johnson and John Strand recently gave a presentation at RSA 2013 titled “Tactical Sec Ops: A Guide to Precision Security Operations.”  Not surprisingly, this has been something that we’ve been talking quite a bit about internally.  So much so that Secure Ideas will be teaching Tactical Security Ops at Black Hat USA.  We initially …

Tactical Security Ops at Black Hat 2013 Read More »

Who are We: Kevin Johnson

So here at Secure Ideas we have decided to do a small series of posts.  The purpose of these posts is to provide a quick introduction to each of the consultants on staff.  Its kind of a fun and quick post. Please feel free to reach out to each of us with any comments or …

Who are We: Kevin Johnson Read More »

Admin Consoles, Default Creds, and Sweet Pwnage

When performing internal network penetration tests, one thing that really gets us excited is finding administrative consoles.  Tomcat and PHPMyAdmin are two of the most common that I’ve found from my experience.  The reason we get excited is that many of these consoles have never had the default credentials changed.  Why?  Because they’re on the …

Admin Consoles, Default Creds, and Sweet Pwnage Read More »

Podcast Show Notes: Why are Passwords so Difficult

Kevin and James just finished up recording episode 2 of the Professionally Evil Perspective podcast.   In this episode there is a brief discussion from Kevin on his experience at RSA and then we start talking about the topic of passwords.  Although we are now into 2013, passwords still are a very hot topic.  This is …

Podcast Show Notes: Why are Passwords so Difficult Read More »

Ninja Developers Webcast Trilogy Overview

Over the past three months, James Jardine and Kevin Johnson were featured in a webcast trilogy titled “Ninja Developers.”  The series was presented through the SANS Institute and an archive of each episode can be found on the SANS website (links provided below).  The purpose of the presentations is to reach out to developers and …

Ninja Developers Webcast Trilogy Overview Read More »

Decoding F5 Cookie

As a Penetration Tester, there are many different things you come across while performing a test.   The one in which I will discuss in this post is the cookies returned by the F5 BigIp Server.  These cookies are purposed for load balancing and if not properly protected, will reveal IP addresses and ports of internal …

Decoding F5 Cookie Read More »

Professionally Evil Perspective Podcast released

We just wanted to put together this quick post to let everyone know that the Professionally Evil Perspective podcast is now online at iTunes! You can subscribe at https://itunes.apple.com/us/podcast/professionally-evil-perspective/id607209968?mt=2 We look forward to hearing your feedback and suggestions for future episodes!

Introduction to MobiSec video

We just wanted to post a quick update to let you know about a new video.  Kevin (working with James) recorded a “quick” introduction to OWASP MobiSec.  This video just discusses what MobiSec is and how it works.  It also talks about some of the tools available on MobiSec.

Scroll to Top