Secure Ideas

05/04/2026

A long time ago, in a workshop not so far away, Doug saw a movie droid and made a decision that would change everything. 18 months of soldering, fabricating, and writing control code later. He had a fully functional droid and a skillset he never expected. The galaxy has a way of calling you to build things.

We couldn't publish a droid build on any other day. Keep your scanners on, the rest of the logs are incoming:

A cybersecurity professional builds an AI-powered Star Wars Pit Droid using an NVIDIA Jetson Orin Nano. The story behind the build, the tech, and why it matters.

05/01/2026

Offensive Security Panel 2.
Jordan Bonagura is suiting up for a practitioner-level conversation on how offensive teams approach real-world engagements. Alongside experts from Eos Cyber, Constella Intelligence, Abricto Security, and Globalwave Consulting.

Five perspectives. One mission.

Catch the panel Saturday, May 9th, 1:00 PM - 1:45 PM in the Jamaica Room at HackSpaceCon, FL. (Day 2 takes place at the Radisson Resort at the Port.)

Check the launch schedule: https://hubs.la/Q04f2zLk0

04/30/2026

Back to the Future-Proof: Preparing Now for Quantum Decryption Threats. The threat isn't waiting. Neither is Kevin Tackett.

Catch his talk Friday, May 8th, 11:00 AM - 11:50 AM in Hall 2 at HackSpaceCon, Kennedy Space Center, FL.
Check the flight plan: https://hubs.la/Q04f2fYT0

04/24/2026

Kennedy Space Center. Offensive security. Launch sequence initiated.
Kevin Tackett and Jordan Bonagura are cleared for takeoff.
Hack Space Con, May 6-9.
Full mission briefing here:
https://hubs.ly/Q04dgf5y0

04/23/2026

May is a busy month for us! The Secure Ideas team will be attending four fantastic events this month:

Hack Space Con | May 6-9 | Kennedy Space Center, FL
A dynamic conference at the intersection of cybersecurity, aerospace security, satellite technology, and national defense. Fostering partnerships while creating opportunities for students, veterans, and underrepresented communities.

Boston Cybersecurity Summit | May 6 | Boston, MA
The 11th edition of this must-attend event for CISOs and senior security leaders. Featuring actionable insights, expert panels, cutting-edge solution showcases, and high-impact networking throughout the day.

NolaCon | May 15-17 | New Orleans, LA
An infosec conference bringing speakers from across the country to share knowledge and grow community. In one of the best cities in the world to do it. It's New Orleans. Need we say more?

HackMiami 1101 | May 16 | Miami, FL
A South Florida security community event focused on pe*******on testing, AI security, OSINT, APT tactics, and more. Built by experienced practitioners for the community.

Come find us at any of these events, or visit our events page to learn more!
https://hubs.la/Q04d2NGg0

04/22/2026

A huge congratulations to Aaron Moss and Jordan Bonagura for becoming CREST certified this April! Their dedication to excellence continues to raise the bar for our team and our clients.

04/15/2026

Quantum computing isn't a future problem. The attacks are already underway.
Kevin Tackett presents tomorrow at the Southeast Cybersecurity Summit (April 16, 1:15 PM | Birmingham, AL): Back to the Future-Proof: Preparing Now for Quantum Decryption Threats.

In this talk, Kevin will break down how harvest now, decrypt later campaigns are already putting today's encrypted data at risk, and what organizations can do right now to build a realistic transition roadmap to post-quantum cryptography.

Kevin is the CEO and Founder of Secure Ideas with 30+ years in cybersecurity, a SANS course author, and creator of open-source security tools used worldwide. He's spent decades helping organizations see what's coming before it arrives.

Full Agenda: https://hubs.la/Q04cd8gd0

04/14/2026

PDFs aren't just documents. In the right hands, they're attack surfaces.

Jordan Bonagura presents tomorrow at the Southeast Cybersecurity Summit (April 15, 10:15 AM | Birmingham, AL): Bypassing Browser PDF Security: Using Embedded JavaScript Forms for Social Engineering.

In this talk, Jordan will show how embedded PDF forms and JavaScript can be used inside trusted browser environments to create convincing, in-app social engineering attacks that bypass traditional defenses.

Jordan is a Senior Security Consultant and researcher with 20+ years in infosec, experienced in pentesting, risk assessments, and real-world attack scenarios across multiple industries, and he loves sharing practical techniques that challenge how we think about security.

Full schedule:
https://hubs.la/Q04c2l_10

04/13/2026

LAST CHANCE!
Registration closes TONIGHT at 10:00 PM ET.

Join Jennifer Shannon tomorrow for API Testing: AAA and Keys are Not Just for Cars.

In 4 hours you'll learn to:
- Perform API recon and endpoint analysis
- Attack authentication schemes, OAuth, and JWTs
- Exploit insecure direct object references and privilege escalation
- Identify rate limiting and business logic flaws

Class starts Tuesday, April 14th | 12:00 – 4:00 PM ET

Enroll now before registration closes tonight: Professionally Evil API Testing: AAA and Keys are Not Just for Cars - Antisyphon Training

Link in the comments.

04/11/2026

Anthropic's announcement this week isn't just a product launch. It's a public acknowledgment that the rules of cybersecurity have fundamentally changed — and the window to respond is narrow.

Their unreleased model has already found thousands of high-severity vulnerabilities across every major OS and every major browser. Some undetected for decades.

For attackers: That capability will not stay restricted for long.
For defenders: The window between discovery and exploitation just collapsed.
For pe*******on testing: When an unreleased model surpasses all but the most skilled human researchers, the commodity layer of what we do looks very different.

Full breakdown here: https://hubs.la/Q04brGTj0

04/10/2026

Professionally Evil API Testing:

AAA and Keys Are Not Just for Cars is a live, 4-hour hands-on training covering everything from endpoint recon to exploiting authorization flaws, taught by Jennifer Shannon.

You'll walk away knowing how to:

✅ Attack API authentication schemes
✅ Test for IDORs and privilege escalation
✅ Uncover business logic and rate limiting flaws
✅ Combine tools and techniques to exploit API weaknesses

📅 April 14th, 2026 | 12–4 PM EDT | Virtual

Register before April 13th:
https://hubs.la/Q04bs3NZ0