Episodios

  • Course 28 - Denial of Service and Elevation of Privilege | Episode 1: The Evolution of Denial of Service Attacks

    Course 28 - Denial of Service and Elevation of Privilege | Episode 1: The Evolution of Denial of Service Attacks
    Mar 25 2026
    In this lesson, you’ll learn about:
    • Denial of Service (DoS) attacks, and how they target the availability pillar of the CIA triad by exhausting critical system resources.
    • Network bandwidth exhaustion, where attackers flood infrastructure with massive traffic volumes (large or high-frequency packets) to overwhelm connectivity and block legitimate access.
    • CPU and memory exhaustion, including:
      • Fork bombs that rapidly spawn processes
      • Exploiting inefficient code (e.g., poorly written algorithms or regex causing exponential resource usage)
    • Storage-based attacks, such as:
      • Zip bombs and XML expansion attacks that inflate small files into massive data, filling disk space and crashing systems
    • Cloud resource and financial exhaustion, where attackers abuse auto-scaling environments to:
      • Trigger excessive resource allocation
      • Cause service shutdown due to budget limits or generate extreme operational costs
    • Battery drain attacks, targeting mobile and IoT devices by forcing continuous activity, leading to:
      • Rapid power depletion
      • Potential long-term hardware damage
    • Physical and accidental availability threats, recognizing that downtime can also result from:
      • Environmental events (e.g., storms, power failures)
      • Human error (e.g., spills, misconfigurations)
      • Hardware damage or infrastructure disruption
    This lesson highlights how modern DoS attacks extend beyond traditional network flooding to include computational, financial, and physical resource exhaustion, reinforcing the need for comprehensive availability protection strategies.

    You can listen and download our episodes for free on more than 10 different platforms:
    https://linktr.ee/cybercode_academy
    Más Menos
    22 m
  • Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 19: Mastering Burp Suite

    Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 19: Mastering Burp Suite
    Mar 24 2026
    In this lesson, you’ll learn about mastering Burp Suite for professional web application security testing:
    • Burp Suite Editions:
      • Community Edition
      • Professional Edition
      • Enterprise Edition
      • Installation steps, Java setup, browser proxy configuration, and installing the Burp SSL certificate for HTTPS interception
    • Core Components and Manual Testing Tools:
      • Proxy & Dashboard: Intercepting, modifying, and analyzing HTTP/S traffic
      • Intruder: Automating customized attack payloads
      • Repeater: Manually modifying and replaying individual HTTP requests
      • Decoder: Transforming encoded/hashed data formats
      • Sequencer: Analyzing randomness of session tokens
      • Comparer: Identifying subtle differences between responses (e.g., valid vs. invalid login attempts)
    • Automation and Extensibility:
      • Using the BApp Store to install extensions and plugins
      • Leveraging the built-in automated vulnerability scanner
      • Performing content discovery to uncover hidden or unlinked endpoints
    • Specialized Utilities:
      • CSRF proof-of-concept generator
      • Click Bandit for testing clickjacking
      • Burp Collaborator for detecting out-of-band vulnerabilities
    • Workflow Optimization Techniques:
      • Color-coded highlights for organizing requests
      • Renaming tabs for clarity
      • Targeted testing of nested parameters
      • Efficiency “tricks and hacks” to speed up assessments


    You can listen and download our episodes for free on more than 10 different platforms:
    https://linktr.ee/cybercode_academy
    Más Menos
    22 m
  • Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 18: Essential Firefox Extensions for Browser Customization

    Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 18: Essential Firefox Extensions for Browser Customization
    Mar 23 2026
    In this lesson, you’ll learn about key Firefox extensions that enhance productivity, privacy, and browsing customization:
    • Open Multiple URLs: Quickly launch a list of websites at once, saving time during research or testing.
    • Proxy SwitchyOmega: Simplifies managing multiple proxy profiles, allowing fast switching between networks.
    • User Agent Switcher and Manager: Spoofs browser user-agent strings to test how websites respond to different devices or browsers.
    • Cookie Quick Manager: Provides granular control over cookies, enabling easy deletion, editing, or whitelisting of specific sites.
    • Clear Browsing Data: Offers one-click removal of history, cache, cookies, and other browsing artifacts for privacy and security.


    You can listen and download our episodes for free on more than 10 different platforms:
    https://linktr.ee/cybercode_academy
    Más Menos
    17 m
  • Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 17: Common Network and Web Application Vulnerabilities

    Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 17: Common Network and Web Application Vulnerabilities
    Mar 22 2026
    In this lesson, you’ll learn about:
    • Common network “low-hanging fruit” vulnerabilities, including:
      • Anonymous FTP access
      • Guest SMB shares
      • Default credentials across services like SSH, RDP, and databases such as MySQL, PostgreSQL, and Microsoft SQL Server
      • The risks of credential reuse across multiple systems
    • Clear-text traffic risks, understanding how tools like Wireshark can reveal sensitive credentials when encryption is not enforced.
    • Injection-based web attacks, including:
      • SQL Injection (SQLi), where unsanitized input manipulates backend database queries
      • OS Command Injection, where user input is executed directly by the underlying operating system
    • File Inclusion vulnerabilities, distinguishing between:
      • Local File Inclusion (LFI)
      • Remote File Inclusion (RFI)
      • Common bypass techniques such as null byte injections and encoding tricks
    • Cross-Site Scripting (XSS) categories:
      • Reflected XSS
      • Stored XSS
      • DOM-based XSS
    • Authentication and session management flaws, including:
      • Username enumeration
      • Password spraying attacks
      • Improper reliance on cookies for authorization decisions
    • Client-side validation weaknesses, demonstrating how browser-side controls can be bypassed using interception tools like Burp Suite to manipulate parameters, hidden fields, and perform parameter pollution.
    • Additional misconfigurations and risks, such as:
      • Open redirects
      • Open mail relays
      • Logic flaws in applications, including online gaming systems


    You can listen and download our episodes for free on more than 10 different platforms:
    https://linktr.ee/cybercode_academy
    Más Menos
    16 m
  • Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 16: Web Technology Foundations: Protocols, Structure, and Scripting

    Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 16: Web Technology Foundations: Protocols, Structure, and Scripting
    Mar 21 2026
    In this lesson, you’ll learn about:
    • Core web technologies and protocols, and how they directly impact web application security and penetration testing methodologies.
    • Hypertext Transfer Protocol (HTTP) fundamentals, including:
      • Its stateless, request–response architecture
      • The evolution from HTTP/1.0 to HTTP/3
      • Common request methods such as GET and POST
      • Status code classes (1xx–5xx) and what they reveal about server behavior
    • HTTP headers and session management, understanding how cookies maintain state and how security headers help mitigate attacks:
      • Content Security Policy (CSP)
      • HTTP Strict Transport Security (HSTS)
    • Uniform Resource Identifiers (URIs), breaking down their structure to understand how resources are located and how parameters may introduce security risks.
    • HTML structure, including:
      • Tags and document layout
      • The risks of exposed HTML comments
      • Security considerations around login forms and input handling
    • CSS, and how styling integrates with page rendering without directly providing logic control.
    • Client-side and server-side scripting languages, including:
      • JavaScript for browser interactivity
      • PHP for backend processing
      • Python and PowerShell for automation, scripting, and tool development in security testing
    • Practical enumeration techniques, using tools such as:
      • Burp Suite to inspect headers and manipulate requests
      • Nmap to identify allowed HTTP methods
      • Metasploit for service interaction and validation


    You can listen and download our episodes for free on more than 10 different platforms:
    https://linktr.ee/cybercode_academy
    Más Menos
    21 m
  • Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 15: Mastering Metasploitable 2: A Comprehensive Pentesting Guide

    Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 15: Mastering Metasploitable 2: A Comprehensive Pentesting Guide
    Mar 20 2026
    In this lesson, you’ll learn about:
    • Metasploitable 2, an intentionally vulnerable Ubuntu-based virtual machine designed for safely practicing penetration testing techniques in a controlled lab.
    • Structured reconnaissance and enumeration, using tools like Nmap to identify open ports, detect service versions, and map the attack surface before attempting exploitation.
    • Service version detection and exploit matching, identifying outdated or vulnerable services such as:
      • Apache Tomcat
      • vsftpd
      • UnrealIRCd
    • Exploiting intentionally placed backdoors, understanding how misconfigured or vulnerable services can lead to immediate privileged access in lab environments.
    • Credential-based attacks, demonstrating the security risks of weak or default credentials across services like FTP, MySQL, and Tomcat Manager using modules within Metasploit.
    • Remote Code Execution (RCE) scenarios, analyzing vulnerabilities in services such as:
      • Samba (usermap_script vulnerability)
      • DistCC
      • Apache HTTP Server (PHP CGI misconfigurations)
    • Web application exploitation techniques, including:
      • Extracting sensitive server information from diagnostic pages (e.g., phpinfo)
      • Uploading malicious payloads through misconfigured management consoles to gain controlled shell access (e.g., Meterpreter sessions)
    • End-to-end penetration testing workflow, moving from reconnaissance → enumeration → exploitation → post-exploitation within a safe training environment.


    You can listen and download our episodes for free on more than 10 different platforms:
    https://linktr.ee/cybercode_academy
    Más Menos
    23 m
  • Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 14: Web Essentials: Files, Extensions, and Enumeration

    Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 14: Web Essentials: Files, Extensions, and Enumeration
    Mar 19 2026
    This episode explores the fundamental web files and extensions that are critical for both web development and security enumeration. It provides a detailed breakdown of how automated programs, such as search engine crawlers, interact with web servers and how these interactions can reveal sensitive information. Key topics include:
    • Instructional Web Files: The episode covers robots.txt, which provides instructions to web robots regarding crawl delays and indexing restrictions. It also examines sitemap.xml, which serves as a roadmap for a website to ensure search engines can find all important pages.
    • Enumeration Techniques: Guidance is provided on how to manually and automatically enumerate these files using tools like Nmap (via scripts like http-robots.txt and http-sitemap-generator) and Metasploit to discover pages that developers might not want indexed.
    • Default Pages and Information Disclosure: You will learn about common default web pages (e.g., index.html, index.php) and how identifying these files can disclose specific details about the web server to an attacker.
    • Data Handling and Extensions: The episode identifies common file extensions for compressed archives (e.g., .zip, .tar.gz) and database files (e.g., .sql, .db, .sqlite). It also provides practical instructions for using the tar command for file compression and SQLite 3 or DB Browser for SQLite for managing database content.
    • Git Fundamentals: Finally, the session introduces essential Git commands such as init, clone, commit, and push for managing code repositories.


    You can listen and download our episodes for free on more than 10 different platforms:
    https://linktr.ee/cybercode_academy
    Más Menos
    19 m
  • Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 13: Essential Web Application Penetration Testing and Scanning Tool

    Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 13: Essential Web Application Penetration Testing and Scanning Tool
    Mar 18 2026
    In this lesson, you’ll learn about:
    • Web application penetration testing workflows, focusing on discovering hidden resources, identifying vulnerabilities, and validating security weaknesses in authorized testing environments.
    • Content discovery tools, including:
      • DirBuster for dictionary-based directory and file enumeration.
      • Dirb (often referenced similarly in labs) for brute-forcing hidden paths.
    • Vulnerability scanning utilities, such as:
      • Nikto for detecting dangerous files, outdated services, and misconfigurations.
      • WPScan for auditing WordPress installations, enumerating plugins, themes, and users.
    • Exploitation and injection testing tools, including:
      • sqlmap for automating the detection and validation of SQL injection vulnerabilities.
      • Wfuzz for fuzzing parameters, brute-forcing inputs, and discovering unlinked resources.
    • Reconnaissance and surface mapping tools, such as:
      • Aquatone for generating visual attack surface maps via automated screenshots.
      • CeWL for spidering websites to create targeted wordlists for testing.
    • Practical lab application, reinforcing hands-on usage to understand how these tools complement each other during reconnaissance, enumeration, and vulnerability validation phases.


    You can listen and download our episodes for free on more than 10 different platforms:
    https://linktr.ee/cybercode_academy
    Más Menos
    19 m