Penetration testing course: 0x02.4 Is programming important for hacking?






Long story short: yes, programming is important for being a good hacker or security professional. I’m sure you already wondered about the importance of programming if you are a beginner and if you are a professional you’ll often  shrug your shoulders when you see this question a lot or hear the answers. It’s a question that has been asked a …






New book: Beginner’s Guide to Information Security: Kickstart your security career with insight from InfoSec experts






I’m glad to announce that I am the co-author of the ebook “Beginner’s Guide to Information Security: Kickstart your security career with insight from InfoSec experts” published by Peerlyst, Inc and it is NOW available for order on Amazon! I want to personally thank Maria Behan for being an awesome editor and Limor Elbaz, Founder and Peerlyst’s CEO for coordinating …






OWASP AppSec Europe 2016 : a roundup






This year’s AppSec Europe was hosted in Rome, Italy and I decided to participate as a volunteer in order to help the OWASP organization and meet up with my friends of the Italian OWASP chapter. It was my first time at AppSec Europe and it was truly amazing. The event started with some hands on trainings running on 27th-28th-29th June …






Infosecurity Europe 2016 is approaching : what to see






WHAT Although Infosecurity Europe isn’t one of the events with the best technical talks, it is Europe’s largest information security event comprising vendors exhibitions and experts’ presentations. WHERE Infosecurity Europe will be held at Olympia London,Hammersmith Rd, London ,W14 8UX. If you are using public transports the nearest tube station is Kensington Olympia and if you prefer taking a bus the …






Cracking the infosec interview for fun and profit – how not to suck and get $$ hired $$






There are many people with different backgrounds approaching the world of Information Security and trying to land a job in this field:  software developers, sysadmins, network engineers, IT technicians, even people whose formal education and previous job don’t have anything to do with Infosec. Nowadays there aren’t strict requirements in terms of education for being an Information Security Professional, everyone …






Code elements to look for when automating exploit generation






When you test the security of an application (let’s say for finding a buffer overflow vulnerability) you can have a variety of tools at your disposal: Static code analysers: tools that allow the analysis of a program without actually executing it. They can check for Syntax errors, coding implementations that don’t adhere to the standard guidelines, security vulnerabilities. They are prone to a high number of false positive and false negative results. Normally they analyze …






ZoomEye : the CyberSpace search engine you never heard of






Everyone knows about the beloved Shodan and the new valid alternative Censys for searching IoT devices, even general newspaper wrote articles about them, but are you sure you aren’t missing anything? ZoomEye is a search engine for Cyberspace In Chinese ancient legends, there’s a famous ghost buster named Zhong Kui. Just like him, ZoomEye is created for hunting the demons in Cyberspace. …






Penetration testing course: 0x01 Introduction






I often receive messages from people asking me how to become a hacker, how to hack a website or how to become a professional penetration tester. I usually reply case by case if I’m free and if I feel the person is truly interested in the field and he’s not trying to do some illegal activities (often without the minimum …