Rtfm: Red Team Field Manual, 2014 – https://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504/ref=sr_1_1?dchild=1&keywords=red+team+field+manual&qid=1622069547&s=books&sr=1-1 Blue Team Field Manual (BTFM), 2017 – https://www.amazon.com/Blue-Team-Field-Manual-BTFM/dp/154101636X/ref=sr_1_4?dchild=1&keywords=red+team+field+manual&qid=1622069547&s=books&sr=1-4 The Cuckoo’s Egg, 1989 – https://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/B0845PM1M5/ref=sr_1_1?dchild=1&keywords=cuckoo%27s+egg&qid=1621902773&s=books&sr=1-1 Gray Hat Hacking: The Ethical Hacker’s Handbook, 2018 – https://www.amazon.com/Gray-Hat-Hacking-Ethical-Handbook-dp-1260108414/dp/1260108414/ref=dp_ob_title_bk
XSS Game :: Learn Cross-Site Scripting, Bug-Test Google Apps, Step 3: Profit
Here’s another Google Appspot pen-testing practice site, this one focused on XSS (Cross-Site Scripting). Oh, it’s so fun to have sites where you can rampage like Hannibal’s elephants without getting condemned to death by gladiator! “In this training program, you will learn to find and exploit XSS bugs. You’ll use this knowledge to confuse and …
Continue reading “XSS Game :: Learn Cross-Site Scripting, Bug-Test Google Apps, Step 3: Profit”
OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]
OWASP Juice Shop: Hmm, let’s see what we can hack here. This isn’t for beginners, but this realistic e-commerce site lets you root around and find things to break without the local gendarmerie knocking at your door. It’s pretty, it’s well-designed and well-coded, and it keys to the OWASP Top 10 Web Vulnerabilities (which you’d …
Continue reading “OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]”
OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]
OWASP Juice Shop: Hmm, let’s see what we can hack here. This isn’t for beginners, but this realistic e-commerce site lets you root around and find things to break without the local gendarmerie knocking at your door. It’s pretty, it’s well-designed and well-coded, and it keys to the OWASP Top 10 Web Vulnerabilities (which you’d …
Continue reading “OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]”
[ Hacking 101 ] :: VPNs
A VPN gives you some degree of confidentiality (encryption) and privacy (anonymity), and works great in a business situation where you can have end-to-end encryption. But consumer VPNs aren’t the same, because encryption isn’t end-to-end, and providers are a privacy issue. Here’s a look at different connection types from the perspective of a hacker: web …
[ Hacking 101 ] :: [ Outline ]
1. Hide Your Butt A. Hide Your MAC Address Windows In Linux i. Where to use this: Spoof (hide) your MAC address when you’re already inside a local area network (LAN). Many of your activities will be noisy, and will get logged, so you need to prevent tracing back to your computer. This is a …
[ Hacking 101 ] :: [ Introduction ]
Hacking 101: Just the Basics. Okay, I’m picking up another video series, and this time I’m working to answer the question I see on so many pentesting and CTF videos: How do you get started doing this? Watch this video and then: Assignments: Introduction (Video 1) 1. Set up at least three email/user accounts. Try …
Study Hacking With Code Red: Free Video Courses
You should try this. If you seriously want to learn hacking, you should check out EC-Council’s Code Red training site. I’ve been checking out the free-level offerings, and I’m impressed. Go here and create an account, with the usual precautions: https://codered.eccouncil.org/Home Do you use Python? (Of course you do.) Here’s a link to a course …
Continue reading “Study Hacking With Code Red: Free Video Courses”
Free Hacking Courses: Code Red
I was recently pointed to a cool learning platform for up-and-coming hackers: EC-Council’s Code Red. Some of the basic video courses that come with the free membership look good. Check it out: https://codered.eccouncil.org/Home I’d love to see your impressions, so comment below if you try it out.
[ Hacker Night School ] :: CSRF
Cross Site Request Forgery CSRF is a very specialized form of XSS. It relies on the victim being logged into a site, so the attacker can make a false request – to drain the victim’s bank account, for instance. Where to Learn First, read this OWASP presentation: http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20OWASP%20Cross-site%20Request%20Forgery%20CSRF.pdf Next, webpwnized is your friend. Watch these …