network security

Details, Details, Details…How Much is Enough?

So you think being a penetration tester is the coolest thing around right?  Me too..  but there is one aspect that people usually don’t think about: Report Writing.  It is one of the most important parts of an assessment because it provides the customer with data they can then use to make important decisions regarding …

Details, Details, Details…How Much is Enough? Read More »

Professionally Evil: Self Inflicted Injury at Vendor’s Request

It’s an unfortunate and still too common a vulnerability to find administrative interfaces exposed and configured with default passwords.  In some cases it doesn’t matter what else you might find like some sexy injection vulnerability;  if I can access your administrative controls and gut your infrastructure it’s game over and a resume generating event for …

Professionally Evil: Self Inflicted Injury at Vendor’s Request Read More »

SIAM: Custom Testing Machines

Secure Ideas recently made the decision to create custom machines that we could use for penetration testing engagements.  These machines, called SIAMs, are the Secure Ideas Attack Machines.  The machines are custom configured with many different tools that we use during penetration tests and also some of the more common distributions such as Kali Linux, …

SIAM: Custom Testing Machines Read More »

Scroll to Top