Don't say we didn't warn you.
Okay people in New Mexico listen up: NM Workforce Solutions has 60 (that’s SIXTY) full-ride financial aid openings for students in the four central counties of NM. That means *60* people can take the full A+, Network+ and Security+ certification series *free* including a stipend for rent and fees! Somebody here should grab this. IT …
Continue reading “Get Full-Ride Financial Aid for IT Certifications in New Mexico”
You should try this. If you seriously want to learn hacking, you should check out EC-Council’s Code Red training site. I’ve been checking out the free-level offerings, and I’m impressed. Go here and create an account, with the usual precautions: https://codered.eccouncil.org/Home Do you use Python? (Of course you do.) Here’s a link to a course …
Continue reading “Study Hacking With Code Red: Free Video Courses”
I was recently pointed to a cool learning platform for up-and-coming hackers: EC-Council’s Code Red. Some of the basic video courses that come with the free membership look good. Check it out: https://codered.eccouncil.org/Home I’d love to see your impressions, so comment below if you try it out.
One of the biggest draws on this site is my CEH course materials. These are always a work in progress; I make it a point to expand them every time I run the course. I’ve used several different texts to teach the CEH, and studied several more. And I’m wrangling for a deal between a …
Does a cert make you a hacker? Depends on who you ask. Among the hacker community, a cert doesn’t get you much cred unless it’s the OSCP, which at 24 hours is the most badass test I’ve ever seen. Among recruiters and government entities, the game changes – a lot. EC-Council’s Certified Ethical Hacker (CEH) …
Cross Site Request Forgery CSRF is a very specialized form of XSS. It relies on the victim being logged into a site, so the attacker can make a false request – to drain the victim’s bank account, for instance. Where to Learn First, read this OWASP presentation: http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20OWASP%20Cross-site%20Request%20Forgery%20CSRF.pdf Next, webpwnized is your friend. Watch these …
Vulnerability A1: Injection Remember to get the OWASP Proactive Controls for Developers: https://www.owasp.org/images/b/bc/OWASP_Top_10_Proactive_Controls_V3.pdf Practice and Process Open a browser tab to: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Once you are there, do a search in the page to highlight all occurrences of injection. Scroll down to the HTML and CSS injections. Open and read those sections. See this video on …
Continue reading “[ Auditing With OWASP ] :: [ Class 2: Injection ]”