Books About Hacking

Rtfm: Red Team Field Manual, 2014 – https://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504/ref=sr_1_1?dchild=1&keywords=red+team+field+manual&qid=1622069547&s=books&sr=1-1 Blue Team Field Manual (BTFM), 2017 – https://www.amazon.com/Blue-Team-Field-Manual-BTFM/dp/154101636X/ref=sr_1_4?dchild=1&keywords=red+team+field+manual&qid=1622069547&s=books&sr=1-4 The Cuckoo’s Egg, 1989 – https://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/B0845PM1M5/ref=sr_1_1?dchild=1&keywords=cuckoo%27s+egg&qid=1621902773&s=books&sr=1-1 Gray Hat Hacking: The Ethical Hacker’s Handbook, 2018 – https://www.amazon.com/Gray-Hat-Hacking-Ethical-Handbook-dp-1260108414/dp/1260108414/ref=dp_ob_title_bk  

Gruyere :: A Cheesy Web App For Your Hacking Delectation

I’ll let them say it: “This codelab is built around Gruyere /ɡruːˈjɛər/ – a small, cheesy web application that allows its users to publish snippets of text and store assorted files. ‘Unfortunately,’ Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. …

OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]

OWASP Juice Shop: Hmm, let’s see what we can hack here. This isn’t for beginners, but this realistic e-commerce site lets you root around and find things to break without the local gendarmerie knocking at your door. It’s pretty, it’s well-designed and well-coded, and it keys to the OWASP Top 10 Web Vulnerabilities (which you’d …

[ Review ] :: EC-Council’s iLabs Platform

Glenn Norman
This entry is part 28 of 30 in the series [ Certified Ethical Hacker Training ]

I’ve been trying to bring “hacker” training to UNM for over ten years without much success. Only in the past two semesters have I been able to run an Ethical Hacking class based on the CEH, but where my past efforts didn’t bring students, the CEH did. Red Team work has long interested me, likely …

Interactions, Trust and Google Chrome: my Veracode article

Glenn Norman on Veracode

During my time as Project Manager of Hacker Highschool (2012-2016) I had the opportunity to write articles for several security publications. This article, “Interactions, Trust, and Google Chrome”, appeared on January 14, 2016, and looked at the obvious and not-so-obvious trusts we give Google and interactions we allow with them. I’m not a Google Hater; …

A fellow consultant asks me to define Pen Testing and Vuln Testing

Recently my friend and fellow IT consultant Marc Mintz (Mintz Infotech, https://mintzit.com/) asked me to clarify some of what I do for his clients. Here’s his question: *** Glenn: I don’t know if my target market really understands pen and vulnerability testing, but since they should, I’d like to have some information for them. I. …