Sponsored by:

Pluralsight

A 54-post collection

A social engineering Play by Play on Pluralsight with Lars Klint

The other day, a hacker compromised someone’s email account. It was almost certainly a phishing attack, he probably just sent them over an email claiming to be from the victim’s organisation and then just, well, asked for their credentials. From there, the attacker wandered over to the web portal of the victim’s organisation and attempted to logon, which unfortunately for him didn’t work. No worries, they simply called up the helpdesk who kindly gave him access. So now he’s logged in to the victim’s portal and he heads over to a virtualised environment which he authenticates to using the victim’s credentials from the first step. Now...

It’s time that you – the vulnerable human – brush up on your social engineering skills with Pluralsight

We tend to get very focused on digital security controls; firewalls, antivirus, software updates and then all the usual practices I spend so much time talking to developers about, stuff like defending against SQL injection, cross site scripting and a whole raft of other attacks against systems. But the bigger risk – and it’s one that doesn’t get near as much coverage – is attacks against humans. Whereas most of the time we’re thinking about attacks against the systems, we tend to neglect weaknesses in the organic matter controlling them and as a result, social engineering attacks are enormously successful. I’ve just wrapped up Ethical Hacking: Social Engineering and when reflecting on...

Hacking Gary – a Pluralsight Play by Play

Every now and then, a Pluralsight course completely defies the odds of what I expected it to do. Now it’s not that I don’t think this latest one is a good course, rather it’s that it’s a play-by-play which effectively went like this: Pluralsight: Hey, how about you hack Gary Eimerman and we record it? Me: You had me at “hack”! And that’s about it – now it’s one of the top-rated courses in the library having been watched by thousands of people in only 5 days! All it entailed was jotting down some notes about stuff that would look good on camera and then sitting...

Get more awesome Pluralsight content than ever for zero dollars!

Pluralsight content remains enormously popular among a growing audience of technology pros not just because of the breadth of content (we’re talking about well over 4,000 courses now), but because it’s so cheap to get into. Less than a dollar a day and you’ve got access to some really top notch content that’s created by some of the best in the business then scrutinised and peer reviewed to ensure it’s right up there as the best possible training material you can find on the web. It’s amazing the lengths people will go to get their hands on Pluralsight courses… But here’s the good bit...

The piracy paradox at Udemy

My Pluralsight courses get pirated all the time. I used to have Google alerts for them but frankly, the flood of emails I’d get each day just didn’t justify the “return” I’d get by forwarding them on to the Pluralsight piracy folks. I ended up rationalising it with the tongue-in-cheek analogy that those who would seek to pirate my security content are probably more likely to do evil things with it thus causing others to realise that they need security training! Of course I hope that’s not actually the case – my courses being used for evil – but the light-hearted view of things made me a little less upset...

Hacking web servers with Pluralsight (and finding vulns in big moving things)

I did a security workshop in a faraway land recently. I’ll not say which one because I want to ensure there’s an appropriate level of anonymity for this story as it could be rather inconvenient for the subject of it otherwise. Anyway, I do my usual thing of showing attendees how to hack their own things. We do SQL injection and XSS and a whole bunch of other really hands on stuff targeted at developers. The niche I find myself filling these days is security content that talks to folks who actually build stuff and don’t live in security land where everything is, well, a little bit different. By no means do I mean...

New Pluralsight course: Ethically Hacking Web Applications (and why we keep getting hacked)

So the Ethical Hacking series marches on, this time with my third course in the series, Ethical Hacking: Hacking Web Applications. As a quick recap of why we’re doing this series, Ethical Hacking material remains the number one requested content on Pluralsight’s course suggestion list. It’s more in demand than all the new shiny Microsoft .NET bits or fancy cloud services and even more popular than JavaScript libraries! Why is it so popular? Just take a look at some of the events of last week. The big one over in the UK was TalkTalk suffering a rather nasty data breach. I found this particularly interesting because prior experience only last month had shown they...

Introducing you to browser security headers on Pluralsight

I’ve been doing this fantastic demo about browser security headers in a lot of my recent talks and workshops. It’s always a lot of fun and it’s very interactive – you can try this out for yourself right now – and it works like this: So cross site scripting (XSS) is still a big thing. Yes it’s been around for ages and yes we should be on top of it by now, but here we are. Anyway, I was at the AppSecEU conference in the Netherlands a few months ago and a local guy called Breno de Winter did a fantastic talk in which he illustrated the prevalence of XSS by showing...

Learn ethical hacking and session hijacking on Pluralsight

A couple of months ago I wrote about how fellow author Dale Meredith and myself are building out an ethical hacking series on Pluralsight and in that post I launched the first course I had written for the series on SQL injection. You can read about the ethical hacking series in that blog post and what my approach to covering the CEH syllabus has been (hint: I have my own take on it), but what I will again point out here is that this material remains by far and away the most requested content in the entire Pluralsight catalogue of course suggestions: The viewership of the ethical hacking series has absolutely exploded! All the courses we’ve created so...

Get my new Pluralsight course on CloudFlare for free!

You know how you like free stuff? And cloud? And security? Of course you do – what’s not to like?! Well because Pluralsight and CloudFlare love it, we’re making my latest course available to everyone 100% for free for the next week. This is a great course for anyone who wants a very slick way of quickly adding SSL and raft of other security features to their site with a bare minimum of effort. CloudFlare’s service gets you up and running in literally minutes and the bits I cover in this course are 100% free. That’s the CloudFlare service that’s free and the course that’s free so there&...