Rtfm: Red Team Field Manual, 2014 – https://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504/ref=sr_1_1?dchild=1&keywords=red+team+field+manual&qid=1622069547&s=books&sr=1-1 Blue Team Field Manual (BTFM), 2017 – https://www.amazon.com/Blue-Team-Field-Manual-BTFM/dp/154101636X/ref=sr_1_4?dchild=1&keywords=red+team+field+manual&qid=1622069547&s=books&sr=1-4 The Cuckoo’s Egg, 1989 – https://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/B0845PM1M5/ref=sr_1_1?dchild=1&keywords=cuckoo%27s+egg&qid=1621902773&s=books&sr=1-1 Gray Hat Hacking: The Ethical Hacker’s Handbook, 2018 – https://www.amazon.com/Gray-Hat-Hacking-Ethical-Handbook-dp-1260108414/dp/1260108414/ref=dp_ob_title_bk
[ Hacker Night School ] :: The Illustrated TLS Connection
Https://tls.ulfheim.net/ has a beautiful graphical way to see every step of setting up a TLS connection. This is porn for network geeks, but also for hackers (sometimes the same people). To paraphrase Ultra Famous Hacking God Pablos Holman, Here’s the messages between website and client to set up TLS. Every one of these is an …
Continue reading “[ Hacker Night School ] :: The Illustrated TLS Connection”
[ Hacker Night School ] :: the POODLE attack, featuring TLS Downgrade
The KBID XXX – TLS Downgrade I almost every course I teach I discuss the perils of “TLS fallback,” a fatal misconfiguration that negotiates a web server back to an old, insecure SSL/TLS version. From there it’s simple to use known exploits against the web server and boom, now it’s a Russian crimeware server. This …
Continue reading “[ Hacker Night School ] :: the POODLE attack, featuring TLS Downgrade”
Access Blocked Sites: the Holy Unblocker
A fellow teacher tells me about the “Holy Unblocker,” a proxy service that lets school kids get around their school’s web restrictions. It looks to me like it could be useful for other people, perhaps people living under regimes that want to control their access to knowledge and communications. This proxy is insidious: it uses …
[ Hacker Night School ] :: The Holy Unblocker
A fellow teacher tells me about the “Holy Unblocker,” a proxy service that lets school kids get around their school’s web restrictions. It looks to me like it could be useful for other people, perhaps people living under regimes that want to control their access to knowledge and communications. This proxy is insidious: it uses …
Continue reading “[ Hacker Night School ] :: The Holy Unblocker”
OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]
OWASP Juice Shop: Hmm, let’s see what we can hack here. This isn’t for beginners, but this realistic e-commerce site lets you root around and find things to break without the local gendarmerie knocking at your door. It’s pretty, it’s well-designed and well-coded, and it keys to the OWASP Top 10 Web Vulnerabilities (which you’d …
Continue reading “OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]”
OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]
OWASP Juice Shop: Hmm, let’s see what we can hack here. This isn’t for beginners, but this realistic e-commerce site lets you root around and find things to break without the local gendarmerie knocking at your door. It’s pretty, it’s well-designed and well-coded, and it keys to the OWASP Top 10 Web Vulnerabilities (which you’d …
Continue reading “OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]”
[ Hacking 101 ] :: VPNs
A VPN gives you some degree of confidentiality (encryption) and privacy (anonymity), and works great in a business situation where you can have end-to-end encryption. But consumer VPNs aren’t the same, because encryption isn’t end-to-end, and providers are a privacy issue. Here’s a look at different connection types from the perspective of a hacker: web …
[ Hacker Night School ] :: WebGoat, An OWASP Hacking Practice Website
OWASP supports two hackable-website packages, WebGoat and Mutillidae. “WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.” – https://github.com/WebGoat/WebGoat …
Continue reading “[ Hacker Night School ] :: WebGoat, An OWASP Hacking Practice Website”
[ Hacking 101 ] :: Web Proxies
In this second lesson in the Hiding Your Butt series for beginning hackers, you’ll learn what web proxies do, what their limits are, and how to find and set up a proxy. When to Use a Web Proxy You set up a web proxy in your browser, and it will handle traffic ONLY for that …