Ochaun Marshall

Professionally Evil Insights

Penetration testing is a race against the clock. Often, we only have a few days to examine all the functionality of a web application or an API. That is why we spend a lot of time refining and modifying our pentesting workflow to shave off any inefficiencies. This process often ... Read More

For the past three months thousands of people have been protesting in the United States due to the deaths of George Floyd, Breonna Taylor, Tony McDade, and others. Many of the protesters are posting, recording, and streaming live while demonstrating. This begs the question… How do I protect myself online ... Read More

When an organization has a breach, you would like to imagine that the attacker crafted a new exploit, leveraging a zero-day vulnerability that no one has any protection against. However, It is far more likely that the attacker exploited well-known vulnerabilities that may have been residing within their systems for ... Read More

If you have been following along with us, you know how to set up a Windows 10 Virtual Machine (VM) for web app pentesting. But now we have run into another problem. Let’s say that same client throws in a Windows 10 desktop app in scope. (You know, cause last ... Read More

When a client calls us to pentest a web application that is only available in Internet Explorer. I cringe. I don’t know if it’s flashbacks from the countless hours spent getting a website compatible with IE, or the trauma from bad UX growing up. Just mentioning the browser leaves a ... Read More

TL;DR – This is a free tool that helps solve one of the biggest security problems when working in AWS. Turn it on. Turn it on now! Instructions are here. AWS misconfigurations are costly and difficult problems to solve. A lot of what goes wrong in with S3 and IAM ... Read More

If you needed yet another reason to be paranoid about your personal information being exposed, the recent Capital One breach should be sufficient nightmare fuel for you. This is even more supporting evidence that your SSN isn’t secret anymore. Sensitive information of over 100 million people was exposed during this ... Read More

After nine tutorials, sixteen posts on stack overflow, and several hours or workweeks of effort you’ve finally done it. You’ve finally got something in Amazon Web Services (AWS) to work as expected. It could have been something as simple as a static hosted site, or as complicated as a massive ... Read More

We are excited to announce the launch of the new Secure Ideas website. It is located at the same url: https://www.secureideas.com. We hope you like our new look, designed to help you learn more about us and find the services that you need. Our performant site is compatible with tablets ... Read More

Secure Ideas is currently working on a revamp and redesign of our website and client portal, to promote a better user experience for our clients. Since a lot of our infrastructure is in AWS, we started to consider Cognito for authentication. On paper it seems to have a lot of ... Read More