2023s
Jari-Pekka Ollikainen won my Capture the Flag. It was a hacking challenge, on the last day of my ethical hacking course. He was the first to break all eight challenges.
The game tested penetration testing skills. It included mapping the attack surface using port scanning and fuzzing, cracking password protected files and breaking web applications using multiple approaches.
J-P is also one of the authors of PhishSticks (video, git). Suffice to say: never connect an unknown USB device to your computer.
Send a secret message over untrusted Internet. Encryption prevents anyone from reading your message. Signing protects your message from modification. Public keys allow you to establish trust without meeting physically.
This article shows how you can use PGP encryption with 'gpg' tool. We'll simulate two users to make it easy to practice. PGP is well known, highly secure standard for encryption.
Alice will send a signed, encrypted message to Tero. This is the most obvious, basic use of PGP.
You can learn web penetration testing with Webgoat.
Just download the latest version, install Java with apt-get, set port and run.
Santeri shared his approach to web pen penetration testing. He visited my ethical hacking course.
Santeri's top 3 favourite vulnerabilities are
- IDOR (?id=123 => id=124, also OWASP 1.)
- Path traversal (../../../etc/passwd)
- Server Side Template Injection - My name is {{6*7}}
Web fuzzers can find unlinked, hidden directories. They can also find vulnerabilities in query parameters.
This article shows you how to install ffufme pratice target and ffuf, the leading web fuzzer.
Control 10, 100, 1000 many computers.
Or control 2071 computers, like Jussi did on a earlier course. Or handle 7 different operating systems and OS versions with a single master, like Matias.
Best instance got 5.0 / 5 feedback - all respondents gave the best grade 5. Palvelinten hallinta ici001as3a-3006.
Learn security fundamentals to understand current trends. Blockchains, TOR network and video conference encryption all stand on these fundamentals.
Excellent 4.9 out of 5 feedback.
Learn to hack computers to protect your own. In the course, you will break into target computers.
Excellent feedback, reached 5.0 out of 5.
Create your own project with your team.
You'll get the whole 10 cr to build your own project.
Previous projects: evil USB keyboard, AI log analysis, physical access control, encrypted communications with free software, machine vision... What will you build?
Learn to manage your own Linux server – in 8 weeks.
100% remote. Weekly video conference + a lot of individual work. Beginners welcome. Excellent feedback 4.8 out of 5. In Finnish.
Data security course, in English as you asked.
Understand adversarial view on security. Recognize key concepts of security. Be able to safely practice hands-on with security tools.
Develop backend websites, quickly. Django 4 cheatsheet.
Your own Python web application. From idea to production, in 8 days.
Instagram, Pintrest and Disqus use Django - the exact same framework as the course. Youtube and Facebook are built with Python.
Course completed! Feedback 5.0 (everyone gave feedback, each feedback was 5/5). Great mini-projects - I'm baffled by how much you could apply what you learned in just 7 days.
New course coming up 2024 summer! Course starts 2024-05-20 w21 Mon. Enroll in Peppi / MyNet, enrollment opens 2023-11-27 w48 Mon at 08:00. This web page is for the past course.
Web servers often have secret directories, not linked from anywhere.
You could find them by trying different paths manually: /secret, /.svn /admin. This article shows you how fuff can do this to you automatically.
For practice, I coded a target that you can run locally, without Internet. I will also tell you the solution, so you can test your environment. As bonus, there is a challenge target where you can find to solution yourself.
You can quickly publish a web page using Github. Just by clicking a couple of buttons.
This is a beginner friendly article.
Configuration management let's you control hundreds of computers. You can even configure machines that don't exist yet!
In this article, you'll use ready-made network of three virtual computers to play with Salt, a popular configuration management system.
Control 10, 100, 1000 many computers.
Or control 2071 computers, like Jussi did on a earlier course. Or handle 7 different operating systems and OS versions with a single master, like Matias.
Previous instance got excellent 5.0 / 5 feedback - all respondents gave the best grade 5. Palvelinten hallinta ici001as3a-3001.
Learn to hack computers to protect your own. In the course, you will break into target computers.
Excellent feedback, 4.9 out of 5.
This is the evaluated lab exercise for Linux Server course. Student had an empty virtual Linux installation and free use of public Internet.
Course Linux palvelimet is in Finnish, so the rest of this page is in Finnish.
Web browsing sessions can be saved as HAR files for debugging. "Save as HAR" is supported by Firefox, Chrome, OWASP ZAP and Burp.
This tool extracts HTML web pages from HAR file.
Many file formats support encryption with a password. John the Ripper can crack these passwords with dictionary attack.
This article teaches you to obtain Jumbo version and compile it. Finally, you'll test your environment by cracking a ZIP archive password. A sample password protected ZIP file is provided with this article.
Learn to manage your own Linux server – in 8 weeks.
100% remote. Three hour video conference every Tuesday and Friday. Beginners welcome. Excellent feedback 4.8 out of 5. In Finnish.
Data security course, in English as you asked.
Understand adversarial view on security. Recognize key concepts of security. Be able to safely practice hands-on with security tools.
This course finished in Spring 2023.