Start your career in IT security

CTF as Training for Bug Bounty

From 16/07/2016 until 14/08/2016 I will be participating in the Palo Alto CTF. I doubt any money will be won by yours truly, but I do not doubt I will learn an absolute ton. Several colleagues are quite leet, and I’m sure they will sort most of this out themselves....

read more

What is malware?

Big bad scary malware. How do you explain malware to people who are not really into security? Let’s try. I will use simple analogies and language, yet will still try to go into some detail, so you can help people you know and love (and work for) understand the idea...

read more

Infosec Summer Reading List

Every now and then I wonder what to write about. When I don’t really know what to write about, I decide to read. Lately, I’ve been reading a mixture of science fiction and security books. In this quick post, I am going to give four recommendations. These are not...

read more

Consider an apprenticeship in cyber security

Are you cut out of University? Writing this feels wrong. I have spent most of my life in formal schooling. I started elementary at 7 and stayed until I was 25. Then I spend an extra year when I was 30. I like school. I am good at it. I was definitely cut out of it. I...

read more

Moving from the bones to the brains

I'll call this a personal post. I generally hate personal posts, because they take too long to create, are a bit 'me-me-me', and aren't evergreen. That introduction to web hacking series I made is, hopefully, evergreen. Some of those opinion pieces are also evergreen....

read more

What do hackers look like?

This is fun. This is a fun piece that I'm writing to force myself back into the habit. Work is busy, as is your work, I am sure. If you are a newbie, then your study is busy. If it's not, you aren't trying hard enough or your life is busy and you don't have the time...

read more

IoT and Privacy

There is a lot to consider with IoT. A lot of cool security stuff doesn't focus on privacy or ethics or any of that. A lot of sexy security is all hackery smackery. But in organisations and governments, most of the security team is doing back-end, boring security....

read more

Cross Site Scripting

Our next attack will be a cross-site scripting attack. This is an attack against the browser of anyone who visits a particular page. Instead of attacking a hidden database, you'll be attack future visits to the webpage. A cross-site scripting attack is when attackers...

read more

Introduction to SQL Injection

Our first exploit is a SQL injection. SQL injections attack poorly designed databases, forcing them to run code they didn't intend to run. Websites present information. When a website needs to present different information in different situations, it will pull that...

read more

Brute Force Dictionary Attacks on WordPress

Wordpress is a fantastic tool. But if proper security is not enforced, breaking into a Wordpress site can be dreadfully easy. Proper security involves strong passwords (for the user) and strong login protection (for the site owner). A brute force password attack is a...

read more

How to install WordPress on Kali Linux

Wordpress is one of the most commonly used content management systems in the world. If you run your own website or blog, chances are high that you run Wordpress. Let's install Wordpress onto our local machine. Wordpress is a free content management system available at...

read more

Installing WebGoat

Our lesson begins with the installation of a vulnerable web server. Web Goat was developed by Owasp to help students like you learn about web security. OWASP is "the free and open software security community." This organisation operates to help guide software...

read more

Installing Kali Linux

Kali Linux by Offensive Security is a fully-featured penetration testing Linux distribution. It is used by both amateur and professional security researchers, pen testers, and investigators. This lesson will set you up with a robust toolkit as you begin your web...

read more

Web Hacking Setup and Plan

Our web hacking plan is simple. We will focus on accessibility and safety. Every tool you use will be free and every action you take will be safe for your machine and your network. This entire course needs to be accessible and safe. There is no point in you trying to...

read more

The Hacker Methodology

The hacker methodology is the step-by-step process you will follow throughout your penetration testing. Before you learn how to identify and exploit vulnerabilities, you will need to have a clear picture of the process as a whole. This lesson clarifies that picture....

read more

Introduction to Web Hacking

There are phenomenal web hacking courses, from SANS to Defensive Security. There are a ton of excellent, free resources, from StackExchange to SecurityTube. But by being too technical or too expensive, these resources make it difficult for newbies and the curious. But...

read more

Penetration Testing vs Vulnerability Scanning

Getting a job in infosec is not that hard. What is hard is knowing what you want to do with your career. I recently expressed interest in a particular job. It had to do with running a SOC, which I've never done but find fascinating. During the conversation, I was...

read more

What is a proxy and why should you use one

Everyone should explore the internet through a proxy, from individuals at home to employees at an enterprise. A proxy, like in the English language, acts as an intermediary between a user (you) and the big bad web (your host). If you are visiting a website like ESPN,...

read more

Infosec Assessment Centre Strategy and Preparation

In the last 3 years I’ve attended over 6 assessment centres. Sometimes as an applicant and others as an assessor. I’ve done these at consulting firms, large IT firms, and financial services firms. All of these have been for graduates in infosec or cyber security....

read more

Avoid this beginner mistake

I was having lunch recently with a group of new security folk at the office. I was lamenting my inability to create revolutionary products. Wouldn’t it be awesome, I said, if only I had invented, developed, marketed, and sold Oracle, cloud, any sort of crypto, or...

read more

Hard Work and the Cyber Security Career

I find the idea of hard and smart work fascinating. In the last few years I've met hundreds of infosec professionals at various levels of their career. In the network space, there are a lot of grey tops. When I find mentors or discuss careers, I sometimes make the...

read more

Security Study: Risk Calculations

Risk is an integral part of security management. Whenever a business makes decisions, those are caveated through risk. When you are studying for security exams, you will be required to understand some of the key risk calculations that are used when defining risk. This...

read more

Security Study: Risk mitigation strategies

Whether you are taking your CISM, CISM, Security+ or an MSc, you will be questioned about risk mitigation strategies. Risk is a one billion dollar elephant in every room. It seems like every action, programme, project, or idea must be measured against risk. What is...

read more