Free (for the next day or so) Burp Suite course

tedjamestedjames Scruffy-looking nerfherdrMember Posts: 1,156 ■■■■■■■■□□
Found this on Twitter: https://twitter.com/PeritusTraining

Go to their site to register: https://training.peritusinfosec.com/

Use the code DIWALIGIFT to get the course for free. Their Twitter post says it's free for the next 72 hours. They posted on October 16, so the code may expire today.

I can't speak for the quality of the training yet, because I haven't started it. But if it's free, what do you have to lose but a little time?

Comments

  • balancebalance MBA,CISM,CISSP,CDSPE,CASP,CEH,CSM,ITIL V3,V4 Found,Net+,Sec+,ITF+ Dallas, Fort Worth Texas Member Posts: 83 ■■■□□□□□□□
  • DZA_DZA_ Untitled. Member Posts: 438 ■■■■■■□□□□
    Thanks @tedjames - I've just signed up!
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,750 Admin
    Yep, I just enrolled too. Great find! I can't wait to review the course.
  • chrisonechrisone Senior Member Member Posts: 2,062 ■■■■■■■■■□
    worked for me as of 10/21/19
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), eLearnSecurity: IHRP (completed), eLearnSecurity: THPv2 (in-progress)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eLearnSecurity: eWPT (failed 2x, no further attempts), eLearnSecurity: eCIR (complete), eLearnSecurity: eCHTPv2
  • SteveLavoieSteveLavoie Member Posts: 826 ■■■■■■■□□□
    Still working.. 10/21/19  .. 3h35 EST
  • yoba222yoba222 Senior Member Member Posts: 1,142 ■■■■■■■■□□
    Wow nice! I need to learn Burp Suite on a much deeper level than I do now. I think this might cover some of the Pro modules too, but I could be wrong.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • Infosec_SamInfosec_Sam Security+, CCENT, ITIL Foundation, A+ Madison, WIAdmin Posts: 512 Admin
    Looks like they just updated the sale to be valid for the next 24h. Thanks for the callout - it doesn't get any better than free, especially for such a powerful tool! Once we get a little further in the course, we'll have to open a discussion about how it's going!
    Community Manager at Infosec!
    Who we are | What we do
  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,156 ■■■■■■■■□□
    Portswigger, the guys who invented Burp Suite, offer free training on their site: https://portswigger.net/web-security

    I think there may also be a free course or two on Udemy, maybe Cybrary, too. Also, there's tons of instruction on YouTube.
  • FluffyBunnyFluffyBunny CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soupMember Posts: 95 ■■■■□□□□□□
    Yup still free, signed up, let's see how it is.
    CISSP, OSCP, CEH, GCCC, RHCSA, RHCE, Pentest+, Linux+, PSM-1, alphabet soup...

    2020: Renew RHCE (with EX407), CompTIA CTT+, Autopsy forensics, Purple teaming training
  • JerseyPaulJerseyPaul Registered Users Posts: 1 ■■□□□□□□□□
    Still free. Thanks for the find
  • thaiguy314thaiguy314 Member Posts: 58 ■■■□□□□□□□
    yep, still works as of this morning. thanks for the find!
    Certs: CISSP, CEH, CCNA Cyber Ops, Security+
  • FluffyBunnyFluffyBunny CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soupMember Posts: 95 ■■■■□□□□□□
    Of course, one question we're not asking ourselves is this: are we being phished? :dizzy:

    Because honestly, this'd make a nice watering hole attack on unsuspecting security newbies.
    CISSP, OSCP, CEH, GCCC, RHCSA, RHCE, Pentest+, Linux+, PSM-1, alphabet soup...

    2020: Renew RHCE (with EX407), CompTIA CTT+, Autopsy forensics, Purple teaming training
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,750 Admin
    Well, we could use this as an opportunity to do some OSINT detective work on your hypothesis: "Is Peritus Training a front for a phishing/wateringhole campaign?"

    I'll start:
    Suspicious enough to continue?

  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,156 ■■■■■■■■□□
    edited October 2019
    Of course, one question we're not asking ourselves is this: are we being phished? :dizzy:

    Because honestly, this'd make a nice watering hole attack on unsuspecting security newbies.

    That's why I use a separate, disposable, if necessary, email account for things like this. I also use it when registering for conferences. I never use my real account and definitely not my work account. I just enter the minimum including fake birthdays (if they are required) and fake phone numbers. Just get in, get what you need (the training), and get out.

    Could be that Peritus is trying to create a buzz with free training before upping prices.

    It's good that people are paying attention, though. Trust but verify.
  • Danielm7Danielm7 Member Posts: 2,296 ■■■■■■■■□□
    Still works, used fake name and disposable email and didn't agree to their promo emails. 
  • FluffyBunnyFluffyBunny CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soupMember Posts: 95 ■■■■□□□□□□
    tedjames said:
    Of course, one question we're not asking ourselves is this: are we being phished? :dizzy:

    Because honestly, this'd make a nice watering hole attack on unsuspecting security newbies.

    That's why I use a separate, disposable, if necessary, email account for things like this. I also use it when registering for conferences. 
    Ah, but are you using your usual browser and workstation? When I say watering-hole attack, I mean a situation where known security admins (us) are lured to an interesting website which runs nasty code in their browsers :) 

    Hence why I really loved a previous customer of mine, for only allowing Internet access through a seperate browser running through Citrix on a short-lifetime VM. 
    CISSP, OSCP, CEH, GCCC, RHCSA, RHCE, Pentest+, Linux+, PSM-1, alphabet soup...

    2020: Renew RHCE (with EX407), CompTIA CTT+, Autopsy forensics, Purple teaming training
  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,156 ■■■■■■■■□□
    tedjames said:
    Of course, one question we're not asking ourselves is this: are we being phished? :dizzy:

    Because honestly, this'd make a nice watering hole attack on unsuspecting security newbies.

    That's why I use a separate, disposable, if necessary, email account for things like this. I also use it when registering for conferences. 
    Ah, but are you using your usual browser and workstation? When I say watering-hole attack, I mean a situation where known security admins (us) are lured to an interesting website which runs nasty code in their browsers :) 

    Hence why I really loved a previous customer of mine, for only allowing Internet access through a seperate browser running through Citrix on a short-lifetime VM. 
    All good points! I like your level of paranoia. A friend pays his bills and does banking online using separate VMs for each account. 
  • FluffyBunnyFluffyBunny CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soupMember Posts: 95 ■■■■□□□□□□

    tedjames said:
    All good points! I like your level of paranoia. A friend pays his bills and does banking online using separate VMs for each account. 
    Oh, it's not just paranoia. It's an actual attack vector that is being used in the wild. Case in point: the targeted attacks against specific iOS users among Chinese demographics that were discovered by Google's Project Zero. Similar stuff is out there, targeted at you or me, assuming your company is an interesting enough target.
    CISSP, OSCP, CEH, GCCC, RHCSA, RHCE, Pentest+, Linux+, PSM-1, alphabet soup...

    2020: Renew RHCE (with EX407), CompTIA CTT+, Autopsy forensics, Purple teaming training
  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,156 ■■■■■■■■□□

    tedjames said:
    All good points! I like your level of paranoia. A friend pays his bills and does banking online using separate VMs for each account. 
    Oh, it's not just paranoia. It's an actual attack vector that is being used in the wild. Case in point: the targeted attacks against specific iOS users among Chinese demographics that were discovered by Google's Project Zero. Similar stuff is out there, targeted at you or me, assuming your company is an interesting enough target.
    I believe you. I know it's not really paranoia, but that's what I call it.

    Most people outside of security have told me, during discussions on rights to privacy, "What do I care? I have nothing to hide." I always tell them that, while that may be so, an attacker may be able to pivot off of them onto someone who really does have something to hide, like one of their friends or family members.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,750 Admin
    tedjames said:

    Most people outside of security have told me, during discussions on rights to privacy, "What do I care? I have nothing to hide."

    Whenever anyone says that to you, immediately ask them to tell you their Social Security Number.
  • Danielm7Danielm7 Member Posts: 2,296 ■■■■■■■■□□
    They'd probably tell you that before their salary or their debt amount. 
  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,156 ■■■■■■■■□□
    Danielm7 said:
    They'd probably tell you that before their salary or their debt amount. 
    You mean like this? https://www.youtube.com/watch?v=UzvPP6_LRHc
Sign In or Register to comment.