Rtfm: Red Team Field Manual, 2014 – https://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504/ref=sr_1_1?dchild=1&keywords=red+team+field+manual&qid=1622069547&s=books&sr=1-1 Blue Team Field Manual (BTFM), 2017 – https://www.amazon.com/Blue-Team-Field-Manual-BTFM/dp/154101636X/ref=sr_1_4?dchild=1&keywords=red+team+field+manual&qid=1622069547&s=books&sr=1-4 The Cuckoo’s Egg, 1989 – https://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/B0845PM1M5/ref=sr_1_1?dchild=1&keywords=cuckoo%27s+egg&qid=1621902773&s=books&sr=1-1 Gray Hat Hacking: The Ethical Hacker’s Handbook, 2018 – https://www.amazon.com/Gray-Hat-Hacking-Ethical-Handbook-dp-1260108414/dp/1260108414/ref=dp_ob_title_bk
Access Blocked Sites: the Holy Unblocker
A fellow teacher tells me about the “Holy Unblocker,” a proxy service that lets school kids get around their school’s web restrictions. It looks to me like it could be useful for other people, perhaps people living under regimes that want to control their access to knowledge and communications. This proxy is insidious: it uses …
Gruyere :: A Cheesy Web App For Your Hacking Delectation
I’ll let them say it: “This codelab is built around Gruyere /ɡruːˈjɛər/ – a small, cheesy web application that allows its users to publish snippets of text and store assorted files. ‘Unfortunately,’ Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. …
Continue reading “Gruyere :: A Cheesy Web App For Your Hacking Delectation”
OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]
OWASP Juice Shop: Hmm, let’s see what we can hack here. This isn’t for beginners, but this realistic e-commerce site lets you root around and find things to break without the local gendarmerie knocking at your door. It’s pretty, it’s well-designed and well-coded, and it keys to the OWASP Top 10 Web Vulnerabilities (which you’d …
Continue reading “OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]”
[ Review ] :: EC-Council’s iLabs Platform
I’ve been trying to bring “hacker” training to UNM for over ten years without much success. Only in the past two semesters have I been able to run an Ethical Hacking class based on the CEH, but where my past efforts didn’t bring students, the CEH did. Red Team work has long interested me, likely …
Continue reading “[ Review ] :: EC-Council’s iLabs Platform”
Interactions, Trust and Google Chrome: my Veracode article
During my time as Project Manager of Hacker Highschool (2012-2016) I had the opportunity to write articles for several security publications. This article, “Interactions, Trust, and Google Chrome”, appeared on January 14, 2016, and looked at the obvious and not-so-obvious trusts we give Google and interactions we allow with them. I’m not a Google Hater; …
Continue reading “Interactions, Trust and Google Chrome: my Veracode article”
A fellow consultant asks me to define Pen Testing and Vuln Testing
Recently my friend and fellow IT consultant Marc Mintz (Mintz Infotech, https://mintzit.com/) asked me to clarify some of what I do for his clients. Here’s his question: *** Glenn: I don’t know if my target market really understands pen and vulnerability testing, but since they should, I’d like to have some information for them. I. …
Continue reading “A fellow consultant asks me to define Pen Testing and Vuln Testing”
[ Hacking Tools ] : sqlmap
sqlmap (yes, all lower-case) is a “Automatic SQL injection and database takeover tool” and a great example for my students of the goodies on GitHub. On the hacking side, this impressive tool wraps a lot of functionality into one package. From their website: sqlmap is an open source penetration testing tool that automates the process …
“High School Hackers”
“High School Hackers is an all-inclusive group (this includes all 5th graders and middle schoolers!) Non-HSers are welcome to join us and see what we’re up to!” This is a MeetUp event in Pennsylvania and “This meetup requires acceptance into PennApps or MHacks, but will be livestreamed online for those who can’t make it.” Again, …
“HackThis: The Hackers Playground”
“Want to learn about hacking and network security? Discover how hacks, dumps and defacements are performed and secure your website against hackers with HackThis!!” https://www.hackthis.co.uk/ ***