Hacking

Professionally Evil Training: Tactical Burp Suite Webinar

Tactical Burp Suite Webinar Secure Ideas is excited to announce its latest upcoming online training.  We will be offering a two-hour session exploring Burp Suite and its use in a web application penetration test.  Kevin Johnson and James Jardine will explore the various features of Burp Suite, focused on how we use the system during …

Professionally Evil Training: Tactical Burp Suite Webinar Read More »

Industry Issues: New Vulnerabilities and Marketing Problems

As a consultant, I spend a lot of my time working with organizations and staff to help them improve their security.  I do this via a number of methods including consulting, penetration testing, training, and other services.  But the foundation of what I do is explain the what, why, and how of information security.  And …

Industry Issues: New Vulnerabilities and Marketing Problems Read More »

Comparing Authorization Levels with Burp’s Compare Site Map feature

Burp Suite from Portswigger.net is a fantastic web app testing tool that we use regularly at Secure Ideas. Though Burp is very popular in the security industry, there are a lot of features that often get overlooked. One of these features is the “Compare Site Maps” feature. This wizard-based function compares two different site maps of a …

Comparing Authorization Levels with Burp’s Compare Site Map feature Read More »

Defending Against Pass-the-Hash (PtH) Attacks

Pass-the-Hash (PtH) attacks have become probably the most common form of credential attacks used in the hacking community. Especially in  Microsoft Windows environments, PtH tools are so popular and easy to use, that many attackers no longer even bother to crack passwords anymore. Why waste the time when an administrator’s hash is just as convenient, …

Defending Against Pass-the-Hash (PtH) Attacks Read More »

Professionally Evil Toolkit – BozoCrack

This week I’ve been teaching a class on web app security for developers and I remembered a fun little script that I thought I’d share here.  That script is BozoCrack, written by Juuso Salonen.  I’d give my description of what this tool does, but I’ll use Juuso’s words from his GitHub page instead.  It’s pretty classic. …

Professionally Evil Toolkit – BozoCrack Read More »

Getting Started with BeEF: The Browser Exploitation Framework

This post is the first in a series on Getting Started with information security tools. For more posts in this series, check out the Getting Started label on this post.  BeEF, the Browser Exploitation Framework, is a testing tool designed to enable penetration testers to launch client-side attacks against target browsers. By using techniques similar …

Getting Started with BeEF: The Browser Exploitation Framework Read More »

Scroll to Top