Don't say we didn't warn you.
OWASP Juice Shop: Hmm, let’s see what we can hack here. This isn’t for beginners, but this realistic e-commerce site lets you root around and find things to break without the local gendarmerie knocking at your door. It’s pretty, it’s well-designed and well-coded, and it keys to the OWASP Top 10 Web Vulnerabilities (which you’d …
Continue reading “OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]”
When you say “Vulnerability Scanners” most people in our field immediately think of Nessus. But Nessus is just a commercial take-over of a previously open-source project, and the core developers don’t exactly love their work being commercialized at no benefit to them. (Don’t get me started here.) So they “forked” the project, creating the Open …
Continue reading “[ Hacker Night School ] :: Using the Greenbone Vulnerability Scanner”
A VPN gives you some degree of confidentiality (encryption) and privacy (anonymity), and works great in a business situation where you can have end-to-end encryption. But consumer VPNs aren’t the same, because encryption isn’t end-to-end, and providers are a privacy issue. Here’s a look at different connection types from the perspective of a hacker: web …
Python and bash are my two ultimate favorite languages. Both of them let you stick your hands right into the guts of the system, and both let you do really complex things simply and fast. I’ve got an Introduction to Python course over on my http://gnorman.org (white hat) website, which I built exclusively for a …
Continue reading “[ Hacker Night School ] :: Python for Malware Analysis”
In a lot of hacking examples, the instructor demonstrates a tool like BeEF that requires you to have a website to host the trapping script (for instance, acookie stealer). They’ll often use a localhost address (127.0.0.1) and effectively set a trap for themselves (it’s a demo, after all), without showing you how to use the …
Continue reading “[ Certified Ethical Hacker v10 ] :: Using ngrok to Set a Trap From Inside NAT”
OWASP supports two hackable-website packages, WebGoat and Mutillidae. “WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.” – https://github.com/WebGoat/WebGoat …
Continue reading “[ Hacker Night School ] :: WebGoat, An OWASP Hacking Practice Website”
Like Social Engineering, Physical Security is a domain that’s very lightly covered in the CEH exam. Vocabulary FRR: False Rejection Rate FAR: False Acceptance Rate CER: Crossover Error Rate Security Measures Against Physical Threats Physical Measures (locks) Technical Measures (smart cards, biometrics) Operational Measures (policies and procedures) Interesting Inside Information Attacks Cyber lock locksmith codes …
Continue reading “[ Certified Ethical Hacker v10 ] :: [ Chapter 12 ] :: Physical Security”