Professionally Evil Fundamentals: Introduction

Linux X86 Assembly – How To Test Custom Shellcode Using a C Payload Tester

Overview In the last blog post in this series, we created a tool to make it easy to build our custom payloads and extract them.  However, what if we want to test ...

It Was The Best Of Times, It Was The Worst Of Times…A Tale of Two Passwords

Two of the characters in Charles Dickens’ beloved novel, A Tale of Two Cities have such similar features that their identities are swapped.  No one notices.  One escapes and reunites with his ...
Professionally Evil Fundamentals: Introduction

Linux X86 Assembly – How to Make Our Hello World Usable as an Exploit Payload

Overview In the last two tutorials, we built a Hello World program in NASM and GAS for x86 assembly.  While this can help us learn x86 assembly, it isn’t viable as a ...
Professionally Evil Fundamentals: Introduction

Linux X86 Assembly – How to Build a Hello World Program in NASM

Overview A processor understands bytecode instructions specific to that architecture.  We as humans use mnemonics to make building these instructions easier than remembering a bunch of binary codes.  These mnemonics are known ...
Professionally Evil Fundamentals: Introduction

A Hacker’s Tour of the X86 CPU Architecture

Overview The Intel x86 CPU architecture is one of the most prolific CPU architectures for desktops, laptops, and servers.  While other architectures exist and are even taking some market share with mobile ...
Professionally Evil Fundamentals: Introduction

LD_PRELOAD: How to Run Code at Load Time

    Today I want to continue the series on using LD_PRELOAD.  In previous posts, we covered how to inject a shared object binary into a process, and use that to hijack a library ...
Android Virtual Device for a Mobile PenTest

How to configure Android (Virtual) for Mobile PenTest

This post is about setting up an Android Virtual Machine (AVD) for a mobile application penetration test ...
Professionally Evil Fundamentals - Encryption

Encryption – CISSP Domain 3

We’re circling back to some more CISSP-related materials. Today’s topic will be encryption, which can be found in CISSP Domain 3. By its very nature, encryption is meant to hide the meaning ...
Professionally Evil Fundamentals Encoding

Encoding – CISSP Domain 3

Today we’re going to take a quick look at encoding, as covered in Domain 3 of the CISSP common body of knowledge (CBK). There is often some confusion between encoding and encryption, ...

Workplace Surveillance, Apple and Google Contact Tracing Tech, Virtual Cybersecurity Conferences

In episode 119 for May 4th 2020: The use of thermal cameras and other technology to monitor the workplace for COVID-19, more details about Apple and Google’s contact tracing framework, and are ...