OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]

This entry is part 3 of 5 in the series [ Sites Where You Can Hack ]

OWASP Juice Shop: Hmm, let’s see what we can hack here. This isn’t for beginners, but this realistic e-commerce site lets you root around and find things to break without the local gendarmerie knocking at your door. It’s pretty, it’s well-designed and well-coded, and it keys to the OWASP Top 10 Web Vulnerabilities (which you’d …

[ Hacker Night School ] :: Using the Greenbone Vulnerability Scanner

This entry is part 28 of 32 in the series [ Hacker Night School ]

When you say “Vulnerability Scanners” most people in our field immediately think of Nessus. But Nessus is just a commercial take-over of a previously open-source project, and the core developers don’t exactly love their work being commercialized at no benefit to them. (Don’t get me started here.) So they “forked” the project, creating the Open …

[ Hacking 101 ] :: VPNs

This entry is part 11 of 11 in the series [ Hacking 101 ]

A VPN gives you some degree of confidentiality (encryption) and privacy (anonymity), and works great in a business situation where you can have end-to-end encryption. But consumer VPNs aren’t the same, because encryption isn’t end-to-end, and providers are a privacy issue. Here’s a look at different connection types from the perspective of a hacker: web …

[ Hacker Night School ] :: Python for Malware Analysis

This entry is part 26 of 32 in the series [ Hacker Night School ]

Python and bash are my two ultimate favorite languages. Both of them let you stick your hands right into the guts of the system, and both let you do really complex things simply and fast. I’ve got an Introduction to Python course over on my http://gnorman.org (white hat) website, which I built exclusively for a …

[ Certified Ethical Hacker v10 ] :: Using ngrok to Set a Trap From Inside NAT

This entry is part 29 of 29 in the series [ Certified Ethical Hacker Training ]

In a lot of hacking examples, the instructor demonstrates a tool like BeEF that requires you to have a website to host the trapping script (for instance, acookie stealer). They’ll often use a localhost address (127.0.0.1) and effectively set a trap for themselves (it’s a demo, after all), without showing you how to use the …

[ Hacker Night School ] :: WebGoat, An OWASP Hacking Practice Website

This entry is part 25 of 32 in the series [ Hacker Night School ]

OWASP supports two hackable-website packages, WebGoat and Mutillidae. “WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.” – https://github.com/WebGoat/WebGoat …

[ Certified Ethical Hacker v10 ] :: [ Chapter 12 ] :: Physical Security

This entry is part 24 of 29 in the series [ Certified Ethical Hacker Training ]

Like Social Engineering, Physical Security is a domain that’s very lightly covered in the CEH exam. Vocabulary FRR: False Rejection Rate FAR: False Acceptance Rate CER: Crossover Error Rate Security Measures Against Physical Threats Physical Measures (locks) Technical Measures (smart cards, biometrics) Operational Measures (policies and procedures) Interesting Inside Information Attacks Cyber lock locksmith codes …