IT Systems, Networks, Security and Education
OWASP Juice Shop: Hmm, let’s see what we can hack here. This isn’t for beginners, but this realistic e-commerce site lets you root around and find things to break without the local gendarmerie knocking at your door. It’s pretty, it’s well-designed and well-coded, and it keys to the OWASP Top 10 Web Vulnerabilities (which you’d …
Continue reading “OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]”
A VPN gives you some degree of confidentiality (encryption) and privacy (anonymity), and works great in a business situation where you can have end-to-end encryption. But consumer VPNs aren’t the same, because encryption isn’t end-to-end, and providers are a privacy issue. Here’s a look at different connection types from the perspective of a hacker: web …
OWASP supports two hackable-website packages, WebGoat and Mutillidae. “WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.” – https://github.com/WebGoat/WebGoat …
Continue reading “[ Hacker Night School ] :: WebGoat, An OWASP Hacking Practice Website”
In this second lesson in the Hiding Your Butt series for beginning hackers, you’ll learn what web proxies do, what their limits are, and how to find and set up a proxy. When to Use a Web Proxy You set up a web proxy in your browser, and it will handle traffic ONLY for that …
I’m going to take you through several different kinds of hiding and spoofing. Learn to use these to keep your hacking safe(er) and fun. The first technique is MAC address spoofing. When to use MAC spoofing Use it when you’re connected to a local area network (LAN), which means you’re inside your target’s network. This …
1. Hide Your Butt A. Hide Your MAC Address Windows In Linux i. Where to use this: Spoof (hide) your MAC address when you’re already inside a local area network (LAN). Many of your activities will be noisy, and will get logged, so you need to prevent tracing back to your computer. This is a …
Hacking 101: Just the Basics. Okay, I’m picking up another video series, and this time I’m working to answer the question I see on so many pentesting and CTF videos: How do you get started doing this? Watch this video and then: Assignments: Introduction (Video 1) 1. Set up at least three email/user accounts. Try …
One of the biggest draws on this site is my CEH course materials. These are always a work in progress; I make it a point to expand them every time I run the course. I’ve used several different texts to teach the CEH, and studied several more. And I’m wrangling for a deal between a …
Cross Site Request Forgery CSRF is a very specialized form of XSS. It relies on the victim being logged into a site, so the attacker can make a false request – to drain the victim’s bank account, for instance. Where to Learn First, read this OWASP presentation: http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20OWASP%20Cross-site%20Request%20Forgery%20CSRF.pdf Next, webpwnized is your friend. Watch these …
Javascript Javascript runs locally, in your browser. That means you can view it with your browser’s debug console, run it and tinker with it. One issue is locating the scripts your target page uses, which may be listed in META tags or called from HTML (DOM) objects. Another issue is that people hide, obfuscate and …