Gruyere :: A Cheesy Web App For Your Hacking Delectation

I’ll let them say it: “This codelab is built around Gruyere /ɡruːˈjɛər/ – a small, cheesy web application that allows its users to publish snippets of text and store assorted files. ‘Unfortunately,’ Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. …

Gruyere :: A Cheesy Web App For Your Hacking Delectation

This entry is part 4 of 5 in the series [ Sites Where You Can Hack ]

I’ll let them say it: “This codelab is built around Gruyere /ɡruːˈjɛər/ – a small, cheesy web application that allows its users to publish snippets of text and store assorted files. ‘Unfortunately,’ Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. …

OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]

OWASP Juice Shop: Hmm, let’s see what we can hack here. This isn’t for beginners, but this realistic e-commerce site lets you root around and find things to break without the local gendarmerie knocking at your door. It’s pretty, it’s well-designed and well-coded, and it keys to the OWASP Top 10 Web Vulnerabilities (which you’d …

OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]

This entry is part 3 of 5 in the series [ Sites Where You Can Hack ]

OWASP Juice Shop: Hmm, let’s see what we can hack here. This isn’t for beginners, but this realistic e-commerce site lets you root around and find things to break without the local gendarmerie knocking at your door. It’s pretty, it’s well-designed and well-coded, and it keys to the OWASP Top 10 Web Vulnerabilities (which you’d …

[ Hacker Night School ] :: Using the Greenbone Vulnerability Scanner

This entry is part 28 of 32 in the series [ Hacker Night School ]

When you say “Vulnerability Scanners” most people in our field immediately think of Nessus. But Nessus is just a commercial take-over of a previously open-source project, and the core developers don’t exactly love their work being commercialized at no benefit to them. (Don’t get me started here.) So they “forked” the project, creating the Open …

[ Hacking 101 ] :: VPNs

This entry is part 11 of 11 in the series [ Hacking 101 ]

A VPN gives you some degree of confidentiality (encryption) and privacy (anonymity), and works great in a business situation where you can have end-to-end encryption. But consumer VPNs aren’t the same, because encryption isn’t end-to-end, and providers are a privacy issue. Here’s a look at different connection types from the perspective of a hacker: web …

[ Hacker Night School ] :: WebGoat, An OWASP Hacking Practice Website

This entry is part 25 of 32 in the series [ Hacker Night School ]

OWASP supports two hackable-website packages, WebGoat and Mutillidae. “WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.” – https://github.com/WebGoat/WebGoat …

[ Hacker Night School ] :: A Memory Forensics with Volatility Writeup

This entry is part 18 of 32 in the series [ Hacker Night School ]

I’ve spoken in many classes about the process of dumping memory with DumpIt, then analysis with Volatility (preinstalled on the SIFT Workstation, a VM distro you should definitely explore). Meet LeetDev.net and their CTF Archives. Here’s a link to the CTF list page; click the Volatility graphic to go to the article, fortunately in English. …

[ Hacking 101 ] :: Mac Spoofing

This entry is part 8 of 11 in the series [ Hacking 101 ]

I’m going to take you through several different kinds of hiding and spoofing. Learn to use these to keep your hacking safe(er) and fun. The first technique is MAC address spoofing. When to use MAC spoofing Use it when you’re connected to a local area network (LAN), which means you’re inside your target’s network. This …