Pluralsight

Two of the things you'll have found me most frequently writing about on this blog are "cloud" and "security". Whilst the latter seems to have been what I've gravitated towards most in recent years, the former is something I'm very heavily involved in, particularly with my work on Have I been pwned (HIBP). I'm enormously happy to see the very last course in the Ethical Hacking series I've been building out with Pluralsight now complete with the 8th and final one being Ethical Hacking: Cloud Computing. Overwhelmingly excited. Ecstatic! I'll come back to why I'm so happy that the entire thing has now been wrapped up, but let me start with my favourite cloud question of all: Is "the cloud"...

This was pretty big news 18 months ago: It was what greeted Sony Pictures employees when they turned up to the office and switched on their machines. Machines infected with malware was one thing - a very bad thing at that - but it got much, much worse for Sony. In all, we saw about 40GB of company data walk out the proverbial door and it included everything from employee credentials to unreleased films to somewhere in the order of 170,000 corporate emails. It was all bad news, but those emails in particular made things especially awkward on the company because it involved such embarrassing exchanges as execs making racist comments about Obama. (Side note: think just for one...

I’ve just launched my latest Pluralsight course titled Ethical Hacking, Denial of Service but before I explain what’s in it, let’s kick off with some trivia: DDoS attacks have increased massively in size in recent years: This is from Arbor Networks’ latest Worldwide Infrastructure Security Report and that was current in October when the study was done. Now, it’s not so current: By the time you read this, we may well be at 700 or 800 or who knows where because the trend is very consistently “up and to the right”, as they say. But it’s not just the scale of the attacks which is alarming, it&...

The other day, a hacker compromised someone’s email account. It was almost certainly a phishing attack, he probably just sent them over an email claiming to be from the victim’s organisation and then just, well, asked for their credentials. From there, the attacker wandered over to the web portal of the victim’s organisation and attempted to logon, which unfortunately for him didn’t work. No worries, they simply called up the helpdesk who kindly gave him access. So now he’s logged in to the victim’s portal and he heads over to a virtualised environment which he authenticates to using the victim’s credentials from the first step. Now...

We tend to get very focused on digital security controls; firewalls, antivirus, software updates and then all the usual practices I spend so much time talking to developers about, stuff like defending against SQL injection, cross site scripting and a whole raft of other attacks against systems. But the bigger risk – and it’s one that doesn’t get near as much coverage – is attacks against humans. Whereas most of the time we’re thinking about attacks against the systems, we tend to neglect weaknesses in the organic matter controlling them and as a result, social engineering attacks are enormously successful. I’ve just wrapped up Ethical Hacking: Social Engineering and when reflecting on...

Every now and then, a Pluralsight course completely defies the odds of what I expected it to do. Now it’s not that I don’t think this latest one is a good course, rather it’s that it’s a play-by-play which effectively went like this: Pluralsight: Hey, how about you hack Gary Eimerman and we record it? Me: You had me at “hack”! And that’s about it – now it’s one of the top-rated courses in the library having been watched by thousands of people in only 5 days! All it entailed was jotting down some notes about stuff that would look good on camera and then sitting...

Pluralsight content remains enormously popular among a growing audience of technology pros not just because of the breadth of content (we’re talking about well over 4,000 courses now), but because it’s so cheap to get into. Less than a dollar a day and you’ve got access to some really top notch content that’s created by some of the best in the business then scrutinised and peer reviewed to ensure it’s right up there as the best possible training material you can find on the web. It’s amazing the lengths people will go to get their hands on Pluralsight courses… But here’s the good bit...

My Pluralsight courses get pirated all the time. I used to have Google alerts for them but frankly, the flood of emails I’d get each day just didn’t justify the “return” I’d get by forwarding them on to the Pluralsight piracy folks. I ended up rationalising it with the tongue-in-cheek analogy that those who would seek to pirate my security content are probably more likely to do evil things with it thus causing others to realise that they need security training! Of course I hope that’s not actually the case – my courses being used for evil – but the light-hearted view of things made me a little less upset...

I did a security workshop in a faraway land recently. I’ll not say which one because I want to ensure there’s an appropriate level of anonymity for this story as it could be rather inconvenient for the subject of it otherwise. Anyway, I do my usual thing of showing attendees how to hack their own things. We do SQL injection and XSS and a whole bunch of other really hands on stuff targeted at developers. The niche I find myself filling these days is security content that talks to folks who actually build stuff and don’t live in security land where everything is, well, a little bit different. By no means do I mean...

So the Ethical Hacking series marches on, this time with my third course in the series, Ethical Hacking: Hacking Web Applications. As a quick recap of why we’re doing this series, Ethical Hacking material remains the number one requested content on Pluralsight’s course suggestion list. It’s more in demand than all the new shiny Microsoft .NET bits or fancy cloud services and even more popular than JavaScript libraries! Why is it so popular? Just take a look at some of the events of last week. The big one over in the UK was TalkTalk suffering a rather nasty data breach. I found this particularly interesting because prior experience only last month had shown they...