Books About Hacking

Rtfm: Red Team Field Manual, 2014 – https://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504/ref=sr_1_1?dchild=1&keywords=red+team+field+manual&qid=1622069547&s=books&sr=1-1 Blue Team Field Manual (BTFM), 2017 – https://www.amazon.com/Blue-Team-Field-Manual-BTFM/dp/154101636X/ref=sr_1_4?dchild=1&keywords=red+team+field+manual&qid=1622069547&s=books&sr=1-4 The Cuckoo’s Egg, 1989 – https://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/B0845PM1M5/ref=sr_1_1?dchild=1&keywords=cuckoo%27s+egg&qid=1621902773&s=books&sr=1-1 Gray Hat Hacking: The Ethical Hacker’s Handbook, 2018 – https://www.amazon.com/Gray-Hat-Hacking-Ethical-Handbook-dp-1260108414/dp/1260108414/ref=dp_ob_title_bk  

XSS Game :: Learn Cross-Site Scripting, Bug-Test Google Apps, Step 3: Profit

Here’s another Google Appspot pen-testing practice site, this one focused on XSS (Cross-Site Scripting). Oh, it’s so fun to have sites where you can rampage like Hannibal’s elephants without getting condemned to death by gladiator! “In this training program, you will learn to find and exploit XSS bugs. You’ll use this knowledge to confuse and …

OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]

OWASP Juice Shop: Hmm, let’s see what we can hack here. This isn’t for beginners, but this realistic e-commerce site lets you root around and find things to break without the local gendarmerie knocking at your door. It’s pretty, it’s well-designed and well-coded, and it keys to the OWASP Top 10 Web Vulnerabilities (which you’d …

OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]

OWASP Juice Shop: Hmm, let’s see what we can hack here. This isn’t for beginners, but this realistic e-commerce site lets you root around and find things to break without the local gendarmerie knocking at your door. It’s pretty, it’s well-designed and well-coded, and it keys to the OWASP Top 10 Web Vulnerabilities (which you’d …

[ Hacking 101 ] :: VPNs

A VPN gives you some degree of confidentiality (encryption) and privacy (anonymity), and works great in a business situation where you can have end-to-end encryption. But consumer VPNs aren’t the same, because encryption isn’t end-to-end, and providers are a privacy issue. Here’s a look at different connection types from the perspective of a hacker: web …

Study Hacking With Code Red: Free Video Courses

You should try this. If you seriously want to learn hacking, you should check out EC-Council’s Code Red training site. I’ve been checking out the free-level offerings, and I’m impressed. Go here and create an account,  with the usual precautions: https://codered.eccouncil.org/Home Do you use Python? (Of course you do.) Here’s a link to a course …

Free Hacking Courses: Code Red

I was recently pointed to a cool learning platform for up-and-coming hackers: EC-Council’s Code Red. Some of the basic video courses that come with the free membership look good. Check it out: https://codered.eccouncil.org/Home I’d love to see your impressions, so comment below if you try it out.  

[ Hacker Night School ] :: CSRF

Cross Site Request Forgery CSRF is a very specialized form of XSS. It relies on the victim being logged into a site, so the attacker can make a false request – to drain the victim’s bank account, for instance. Where to Learn First, read this OWASP presentation: http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20OWASP%20Cross-site%20Request%20Forgery%20CSRF.pdf Next, webpwnized is your friend. Watch these …