Over the last eight years, one of the main focuses of Secure Ideas has been education. One responsibility we take very seriously is that of growing the skills within our clients and the public, with the objective of raising the bar in security. This mindset and core passion of Secure Ideas is because we all …
Spring Break without Breaking the Bank: Hands On Training Read More »
In February of this year, Mic posted a blog discussing the future of SamuraiWTF. (You can go read it here if you don’t remember). As we discussed then, the build process that has supported this project for the last decade is WAY too difficult to maintain. So, we are changing it. We are excited …
Homelab infrastructure got you down? Well, not anymore! This is the first post of a 3-part series that will talk about how to automate your home lab, from your kali box to all your vulnerable and domain-joined test vms. It will teach you how to keep your infrastructure dynamic, idempotent, and resilient (a necessity for …
Automating Red Team Homelabs: Part 1 – Kali Automation Read More »
We are really excited to announce that SamuraiWTF 3.2 is now available publicly. This release is available at http://sourceforge.net/projects/samurai/ immediately and we hope you enjoy it. In this release we have updated a number of tools, addressed bug issues, and improved the target environments to better suit a training environment. We have also updated the …
We are really excited to announce that SamuraiWTF 3.0 is now available publicly. (We did a previous release but found some issues and so that was pulled back.) This release is available at http://sourceforge.net/projects/samurai/ immediately and we hope you enjoy it. In this release we have updated the base operating system to Ubuntu 14.04 (hence the …
Ever thought about being able to test the security of your web applications? Wanted to know how the Professionally Evil hack web services and applications? Interested in upgrading your skills around attacking modern web applications? Well now you have your chance! Secure Ideas is excited to announce the latest in our course offerings. We will be …
Professionally Evil Web Penetration Testing Class Read More »
Charlotte ISSA will be hosting a two-day Samurai-WTF (Web Testing Framework) course led by myself (Jason Gillam of Secure Ideas) January 21st and 22nd. Students will learn the latest Samurai-WTF open source tools and the latest manual techniques to perform an end-to-end penetration test. After a quick overview of pen testing methodology, the instructors will …
The first stage of almost every successful penetration test is the reconnaissance phase. During this phase of an engagement we scour publicly accessible resources for information about the target that will provide insight and direction for later phases. We look for information that was made public intentionally, and sometimes unintentionally, that tells us more about …
Burp Suite from Portswigger.net is a fantastic web app testing tool that we use regularly at Secure Ideas. Though Burp is very popular in the security industry, there are a lot of features that often get overlooked. One of these features is the “Compare Site Maps” feature. This wizard-based function compares two different site maps of a …
Comparing Authorization Levels with Burp’s Compare Site Map feature Read More »
The below video is an introduction to Burp Suite. This is the first of our videos that will teach people how to use Burp Suite and other tools the same way we do during our penetration tests. In this video we talk about the different tabs and functions available within the professional version of Burp …