Article: Linux X86 Assembly – How To Test Custom Shellcode Using a C Payload Tester - published about 3 years ago.
Content: Overview In the last blog post in this series, we created a tool to make it easy to build our custom payloads and extract them.  However, what if we want to test them before trying to use them?  It seems like a good idea to make sure it works before you include it in an exploit.  Testing it first would at least let you know that it works and reduce troub...
Copy Link: /blog/2021/09/linux-x86-assembly-how-to-test-custom-shellcode-using-a-c-payload-tester.html   
Published: 2021 09 20 20:19:22
Received: 2021 09 20 21:06:39
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: It Was The Best Of Times, It Was The Worst Of Times…A Tale of Two Passwords - published about 3 years ago.
Content: Two of the characters in Charles Dickens’ beloved novel, A Tale of Two Cities have such similar features that their identities are swapped.  No one notices.  One escapes and reunites with his family.  The other is put to death.  Much like these characters, good and bad passwords share a lot of the same characteristics.  You really have to get to know them b...
Copy Link: /blog/2021/09/a-tale-of-two-passwords.html   
Published: 2021 09 16 03:07:31
Received: 2021 09 16 04:07:22
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: Low Hanging Fruit Ninja: Slashing the Risks of the Human Element - published over 3 years ago.
Content: A long time ago in a galaxy far, far away, I was not a Security Consultant.  I was a Chef.  And I worked as a corporate Chef for an organization that required very long, complex passwords that had to change every 90 days and could not match your last 6 passwords.  I was super busy, usually stressed, and the password expiration notice came up at the most inc...
Copy Link: /blog/2021/08/low-hanging-fruit-ninja-slashing-the-risks-of-the-human-element.html   
Published: 2021 08 20 19:19:10
Received: 2021 08 20 20:06:58
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: How to configure BurpelFish - published over 3 years ago.
Content: I recently was doing a pentest and was continuously looking up translations for words, and thought “there has to be a better way…”. That is when I landed on BurpelFish, which adds a google translate context option to your BurpSuite’s right click. When I googled “how to set up BurpelFish” I couldn’t find anything, so I figured maybe this blog post will help ...
Copy Link: /blog/2021/07/how-to-configure-burpelfish.html   
Published: 2021 07 27 16:51:21
Received: 2021 07 27 17:05:59
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: Linux X86 Assembly – How To Make Payload Extraction Easier - published over 3 years ago.
Content: Overview In the last blog post of the X86 Linux assembly series, we focused on how to make our Hello World payload friendly for use as a payload in exploits.  However, we didn’t cover how to extract the payload itself for use in exploits.  Sure you could view the Objdump output and copy each hex byte out by hand, but that would be tedious and time consum...
Copy Link: /blog/2021/07/linux-x86-assembly-how-to-make-payload-extraction-easier.html   
Published: 2021 07 26 17:23:36
Received: 2021 07 26 18:05:53
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: A New Consultant’s 1st Con – Wild West Hackin Fest – Way West 2021 - published over 3 years ago.
Content: Last month, I found myself Googling: Is weed legal in Nevada?  This was the day after arriving in Reno for Wild West Hacking Fest – Way West 2021.  I kept noticing that the hotel smelled like it from the moment we arrived. I was attending one of the first security conventions to have an in-person experience since Covid-19 shut everything down.  It was going...
Copy Link: /blog/2021/07/a-new-consultants-1st-con-wild-west-hackin-fest-way-west-2021.html   
Published: 2021 07 12 18:48:18
Received: 2021 07 12 19:05:56
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: Converting NMAP XML Files to HTML with xsltproc - published almost 4 years ago.
Content: NMAP is a wonderful network scanner and its ability to log scan data to files, specifically XML, helps quite a bit.  This enables the scan data to be parsed by other tools such as Metasploit’s db_import or even NMAP’s own Zenmap GUI.  While XML is great for parsing, it’s not really easy for humans to read.  I have found several people are unaware of the fac...
Copy Link: /blog/2021/01/converting-nmap-xml-files-to-html-with-xsltproc.html   
Published: 2021 01 14 16:30:00
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: LD_PRELOAD: How to Run Code at Load Time - published over 3 years ago.
Content:     Today I want to continue the series on using LD_PRELOAD.  In previous posts, we covered how to inject a shared object binary into a process, and use that to hijack a library function call to run our own code.  This is great when we want to overwrite the behavior of external library calls in a process, but we would have to wait for that call to happen fi...
Copy Link: /blog/2021/02/ld_preload-how-to-run-code-at-load-time.html   
Published: 2021 02 24 15:40:00
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: Three Excellent API Security Practices Most People Neglect - published over 3 years ago.
Content: We are very much in the age of APIs. From widely-used single-purpose products like Slack to cloud-based solutions like Amazon Web Services (AWS) and Microsoft Azure, APIs are used to drive business processes in all kinds of industries, every day. For tech companies, whether you’re doing a monolithic back-end, containerized microservices, or serverless archi...
Copy Link: /blog/2021/04/three-excellent-api-security-practices-most-people-neglect.html   
Published: 2021 04 15 14:00:36
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: A Hacker’s Tour of the X86 CPU Architecture - published over 3 years ago.
Content: Overview The Intel x86 CPU architecture is one of the most prolific CPU architectures for desktops, laptops, and servers.  While other architectures exist and are even taking some market share with mobile devices such as smartphones and even Apple begin including its ARM M1 chip in newer Macbooks and Mac Mini, this one still stands as the default CPU arc...
Copy Link: /blog/2021/04/a-hackers-tour-of-the-x86-cpu-architecture.html   
Published: 2021 04 20 15:15:43
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: Linux X86 Assembly – How to Build a Hello World Program in NASM - published over 3 years ago.
Content: Overview A processor understands bytecode instructions specific to that architecture.  We as humans use mnemonics to make building these instructions easier than remembering a bunch of binary codes.  These mnemonics are known as assembly instructions.  This is one of the lowest levels of programming that can be done.  This programming is a bit of a lost ...
Copy Link: /blog/2021/05/linux-x86-assembly-how-to-build-a-hello-world-program-in-nasm.html   
Published: 2021 05 04 14:55:33
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: AppSec Cheat Code: Shift Left, Shift Right, Up, Down & Start - published over 3 years ago.
Content: Seamless and unobtrusive security is the future. We are huge advocates of shifting left and moving security testing earlier in the development process. Leif Dreizler wrote a great article suggesting that not only do we need to shift security left, but shift engineering right. I agree, but why stop there. We all need to cultivate a culture of consistent coll...
Copy Link: /blog/2021/05/appsec-cheat-code-shift-left-shift-right-up-down-start.html   
Published: 2021 05 04 14:57:50
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: Linux X86 Assembly – How to Build a Hello World Program in GAS - published over 3 years ago.
Content: Overview In the last tutorial, we covered how to build a 32-bit x86 Hello World program in NASM.  Today, we will cover how to do the same thing, but this time using the GAS toolchain instead.  This will allow us to review the differences in the source code syntax and structure, as well as the difference in the build process. Prerequisite Knowledge ...
Copy Link: /blog/2021/05/linux-x86-assembly-how-to-build-a-hello-world-program-in-gas.html   
Published: 2021 05 11 16:18:46
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: Run as Admin: Executive Order on Cybersecurity - published over 3 years ago.
Content: On May 12, 2021, President Biden issued an executive order on cybersecurity. This new order combines many trends we’re already seeing in the Fortune 500 and brings them into the public sector as well. President Trump issued similar executive orders including one in 2017,  another in 2018, two in 2019 and three in 2020, but we will cover those at a different...
Copy Link: /blog/2021/05/run-as-admin-executive-order-on-cybersecurity.html   
Published: 2021 05 14 15:44:34
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: The Best Way to Capture Traffic in 2021 - published over 3 years ago.
Content: There are times when you need to capture some network traffic.  Maybe you’re troubleshooting a communication issue or maybe you’re doing something a little more suspect on a penetration test (looking for that clear text communication floating on the network to a host).  On top of needing a capture, you may not want to install a third party capture tool like...
Copy Link: /blog/2021/05/the-best-way-to-capture-traffic-in-2021.html   
Published: 2021 05 25 16:21:04
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security

Article: Linux X86 Assembly – How to Make Our Hello World Usable as an Exploit Payload - published over 3 years ago.
Content: Overview In the last two tutorials, we built a Hello World program in NASM and GAS for x86 assembly.  While this can help us learn x86 assembly, it isn’t viable as a payload for use in exploits in its current form.  Today’s blog will look into what those issues are, how they impact the code’s use as a payload, and what we can do to address those issues. ...
Copy Link: /blog/2021/06/linux-x86-assembly-how-to-make-our-hello-world-usable-as-an-exploit-payload.html   
Published: 2021 06 01 14:13:33
Received: 2021 06 06 09:04:36
Feed: Secure Ideas: Professionally Evil!
Source: Secure Ideas: Professionally Evil!
Category: Cyber Security
Topic: Cyber Security