2021s

Red Teaming with Niklas

An APT (advanced persistent treath) is out to get you.

  • Your system, not just any system.
  • Not getting in? Try again.
  • Got in? Install backdoors and stay.

For hard targets that have done their pentests and audits, someone has to simulate APT attacks to test the defenses.

That someone is Niklas. He runs a red team in F-Secure, and has broken into many networks. And stayed there.

Niklas visits my pentest course tomorrow, w48 Tue 2021-11-30. I have some extra seats, email me to get one.

Enroll Tero's courses - Now

Update: Many courses are now fully booked, but you can join the queue. Late enrollment opens 2022-01-03 w01 Mon 08:00.

Update: Over half of the places are booked, enroll quickly!

Update: Linux palvelimet (in Finnish) is fully booked, enroll to get a good place in the queue.

Spring 2022 course enrollment opens Monday 08:00.

Update: 30% of places booked (in a couple of hours). Enrollment is open right now.

Secure your systems & learn crypto currencies!

Ilmoittaudu Teron kursseille - juuri nyt

Päivitys: Monet kurssit tulivat täyteen, kannattaa ilmoittautua jonoon. Jälki-ilmoittautuminen aukeaa 2022-01-03 w01 maanantaina kello 08:00.

Päivitys: Ilmoittautuminen auki, yli puolet paikoista varattu. Ilmoittaudu pian!

Päivitys: Linux palvelimet on täynnä, ilmoittaudu nopeasti ja saat paremman paikan jonosta.

Kevään 2022 ilmoittautuminen aukeaa maanantaina 08:00.
Päivitys: 30% paikoista varattu parissa tunnissa. Ilmoittautuminen on auki juuri nyt.

Linuxia, satojen koneiden hallintaa, murtautumista, kryptovaluuttoja...

English version available

Configuration management systems 2022

Tux the Linux penguin

Remotely control hundreds of machines, from cloud to laptop. Excellent 4.95/5 feedback, read student comments.

Linux course done, and now you want more? Your laptops keep moving around the network and go behind firewalls, but you still want to control them? You went to cloud, and have so many computers now?

Enroll Monday at 08:00 Want to study in the evening? There is a special evening version, which has some spots available.

New visitor: Juho Syrjänen, Fraktio: DevOps.

Trust to Blockchain 2022

Learn security fundamentals to understand current trends. Blockchains, TOR network and video conference encryption all stand on these fundamentals.

Enroll Monday 08:00 Enroll now, already 30% booked. 184% booked, queue started. Online, in English, in evenings, masters level. Very good 4.1 feedback

Penetration Testing Course 2022

Learn to hack computers to protect your own.

In the course, you will break into target computers.

Excellent 4.9 out of 5 feedback from previous course.

Update: New visitor: Social Engineering with Riku Juurikko, Senior Security Manager, Elisa.

Update: New visitor: Forensic Analyses with Andrej Bondarenko, CEO, Difseco.

Update: New visitor: How to become invisible with Juho Jauhainen, Lead Incident Response Investigator, Accenture.

Linux Palvelimet 2022

Tux the Linux penguin

Learn to manage your own Linux server – in 8 weeks. Remotely, in evenings.

Beginners welcome. Excellent feedback. 4.8 out of 5. Course is in Finnish, 100% remote and in evenings.

Internal Pentest vs External Penetration Test

Mika Rautio

Mika protects your payment card purchases.

At work, he has been buying external penetration testing. Now Mika is starting a team doing internal penetration testing for Poplatek (part of Nets). And tomorrow w47 Tue 2021-11-23, he will visit my ethical hacking course and tell us the lessons he has learned.

I have some extra places for those outside my course. The presentation is online and in Finnish.

Docote - Read API Documentation Offline

Command line offline document reader for programmers, devdocs.io compatible - Docoto Read API docs offline. CLI, never leave the keyboard. Free download under GPL 3.

Supports DevDocs.io compatible JSON dictionaries, including Python, Go, HTML, Postgre and many others.

Run Salt Command Locally

Control your computers with Salt

You can run Salt commands locally, and see the result immediately. This is useful for practice, testing and quick setup. The same Salt functions work in both Linux and Windows, so if you can't remember how to stop a daemon in Windows, this can help, too.

The most important state functions are pkg, file, service, user and cmd.

Python Web Service From Idea to Production

Build Python web service and publish it to the world!

Enroll 2022-03-14 w11 Mon 08:00. Last instance was fully booked on the day enrollment started.

Previous feedback was excellent 4.9 out of 5. Intensive online course 2022 w21-w22.

Penetration Testing Course

Learn to hack computers to protect your own.

Course is finished, feedback was 4.9 excellent. Thanks! Next course is Pentest 2022 spring.

In the course, you will break into target computers. Excellent feedback from 4.8 to 5.0 out of 5.

Only one seat left! Advanced course, I can usually get places to most of those who know the prerequisites well.Can't take more participants here. Next enrollment opens 2021-11-29 w48 Mon 08:00. The next course instance starts on 2022 w13.

Update: New visitor: Niklas Särökaari, F-Secure.

Update: New visitor: Mika Rautio, Senior Software Architect, Poplatek.

Can You Control Hundred Computers?

Tux the Linux penguin

Remotely control hundreds of machines, from cloud to laptop. Excellent 4.95/5 feedback, read student comments.

Linux course done, and now you want more? Your laptops keep moving around the network and go behind firewalls, but you still want to control them? You went to cloud, and have so many computers now? Palvelinten hallinta ict4tn022-3014.

Yes, you can still enroll. Yes it's popular and yes there is a queue, but I can often fit many students from the queue.

Update: New visitor: Arttu Uskali, Head of Support, Upcloud

Update: New visitor: Juho Syrjänen, Fraktio

Your Project

Create your own project with your team. Feedback 4.7 excellent.

Previous projects: evil USB keyboard, AI log analysis, physical access control, encrypted communications with free software... What will you build?

8 Week Linux Course

Tux the Linux penguin

Learn to manage your own Linux server – in 8 weeks.

Beginners welcome. Previous instance student feedback excellent 4.8 out of 5. Course is in Finnish and 100% remote. Fully booked, queue started.

Course completed! Feedback was excellent 4.8 out of 5. Read more feedback in comments.

Micro-jump - Jump to Symbol

Press F4 to jump to a symbol, such as a function or a class. Supports Python, C, Go and 40 other languages.

Are you a writer or a researcher? Micro-jump also supports Markdown, F4 shows table of contents for a jump.

My micro-jump is now an official micro-editor plugin.

Social Engineering with Riku

Riku Juurikko, the social engineer

Enter guarded buildings with social engineering. Craft the email that owns the box. Connect hostile drop boxes to target networks. Bypass two factor authentication.

Luckily for us, Riku is one of the good guys. He has helped securing companies by testing their security, with their permission. Now Riku works as a senior security manager in Elisa.

Riku gave a visiting class on social engineering on my ethical hacking course. Just like last time, audince was in awe.

Want to legally and safely try hacking? Right now, Elisa and other companies offer a security challenge.fi.

Forensic Analyses with Andrej

Andrej Bondarenko, forensic expert

Get the bad guys, and help justice do its magic.

Andrej Bondarenko shows the basics of computer forensics in my Trust to Blockchain course on w18 Monday. Andjred works as the CEO of Difseco. He has extensive experience in digital forensics, and has been an expert witness in multiple court cases.

The event is open to Haaga-Helia students and staff. The presentation is in English. Limited number seats, email me from your Haaga-Helia address to reserve a place. Trust to Blockchain participants get a place automatically.

Configuration Management Systems - Palvelinten Hallinta - Spring 2021

Tux the Linux penguin

Just write what you want (idempotency). Control almost everything with one system (single source of truth). In plain text (infrastructure as code, versionable).

Control 10 computers. Or 100. Or 1000. Or control 2071 computers, like Jussi did on a previous course. Or handle 7 different operating systems and OS versions with a single master, like Matias. Course is in Finnish.

Final Lab for Linux Server Course 2021 Spring

Create a web page that shows custommers from a database. Prepare to manage your computer from Hawaii. Add a new command "netsee" to system that shows networking information. Create user accounts for five of your colleagues.

Students of my Linux Server Course used their own blank virtual machines and public Internet to solve these questions. Time limit was about five hours, with 40 min lunch break. Could you have done it?

Don't Trust That USB

Don't connect that USB stick you found! Hostile USB can take over your computer, install malware and keyloggers.

My students are developing USB attacks and defences. They have built a cheap and customizable hostile USB device on DigiSpark development board.

Read on to see how to build a hostile USB device similar to "Rubber Ducky" or "BadUSB". And how to defend against this attack.

Python Web Service From Idea to Production

Build Python web service and publish it to the world!

New instance starting 2022 w21! Enroll 2022-03-14 w11 Mon 08:00.

Course completed! Feedback was excellent 4.9 out of 5. Thanks for taking my course!

You can read feedback in comments.

Intensive course on w21 and w22.

Enroll at 08:00 on Monday! Most seats were booked right after enrollment opened. Enrollment is open right now. Update: Only few seats left. Fully booked. Queue started, enroll quickly to get better position in the queue.

Radio Signals on Map

Where did I hear that signal? What's radio environment like in our Pasila office?

Icarus will scan radio environment using SDR (software defined radio) and display results on map. The end result is a mobile mapping device using RTL-SDR and WiFi on Kali Linux on Raspberry Pi. Icarus can be controlled remotely with a cell phone.

My students Tommi, Nikita, Elmo and Aki just started project Icarus. Project ends in May 2021.

Calendar.txt

Calendar.txt syntax.

Keep your calendar in a plain text file.

Calendar.txt is versionable, supports all operating systems and easily syncs with Android mobile phone.

Jump Plugin for Micro

Jump to any function, class or heading with F4. Go, JavaScript, Python, C... A plugin for micro editor.

And if you're writing books, Jump plugin creates a table of contents from MarkDown, and allows you to jump to headings.

Translate Offline with AI

Traslate Spanish to English with Free Offline Translator LibreTranslate.

Now you can machine translate text fully offline, with no external services.

And yes, this includes the pre-trained machine learning models, works completely offline and is even Free software. So it's an nice and private alternative to Google Translate. Works with Arabic, Chinese, French, German, Italian, Russian, Spanish, Portuguese and of course English.

Penetration Testing Course 2021 Spring

Learn to hack computers to protect your own. In the course, you will break into target computers.

Excellent feedback, last 4.9 out of 5; best 5.0 out of 5. Full five stars

Update: two guests are coming: Riku Juurikko (Social engineering) and Mika Rautio (Credit card from hell).

jQuery is Not Needed for Browser Compatibility in 2021

You can now write scripts in plain JavaScript. Jquery is mostly not needed for compatiblity.

In 2021, Microsoft desktop and server Windowses only support Internet Explorer 11 or later (Edge). This removes the need for most compatibility hacks. Firefox and Chrome have followed JavaScript standards mostly from the start.

$("h1").text("Goodbye jQuery, my favourite JS library!")

document.querySelector("h1").innerHTML = "Hello, vanilla JavaScript!"

Install Debian on Virtualbox - Updated 2023

Install Debian Linux on VirtualBox. You can play with Linux even on Windows, before you completely move to Linux.

This is a beginner friendly tutorial, with quazillion screenshots.

Pure CSS Photo Gallery

Pure CSS Photo Gallery Demo

A simple photo gallery for web. Click a thumbnail, see a big picture. Click again to see the thumbnails.

With live demo.

This is done with just CSS, no JavaScript and no external libraries. In fact, the whole HTML+CSS is less than 60 lines.