Free (for the next day or so) Burp Suite course

tedjamestedjames Scruffy-looking nerfherdrPosts: 1,054Member ■■■■■■■□□□
Found this on Twitter: https://twitter.com/PeritusTraining

Go to their site to register: https://training.peritusinfosec.com/

Use the code DIWALIGIFT to get the course for free. Their Twitter post says it's free for the next 72 hours. They posted on October 16, so the code may expire today.

I can't speak for the quality of the training yet, because I haven't started it. But if it's free, what do you have to lose but a little time?

Comments

  • balancebalance MBA,CISM,CISSP,CASP,CEH,CSM,ITIL V3 Found,Net+,Sec+ Dallas, Fort Worth Texas Posts: 39Member ■■■□□□□□□□
  • DZA_DZA_ Untitled. Posts: 394Member ■■■■■□□□□□
    Thanks @tedjames - I've just signed up!
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,476Admin Admin
    Yep, I just enrolled too. Great find! I can't wait to review the course.
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,886Member ■■■■■■■■□□
    worked for me as of 10/21/19
    2019 Goals:
    Certs: Certified Red Team Professional - Pentester Academy (passed!), Azure Fundamentals AZ-900 (passed!), Azure Security Engineer Associate AZ-500 (in-progress)
    2020 Goals:
    Certs: AZ-500, MS-500, Pentester Academy - PACES, Varonis Certified Admin (in-progress)
  • SteveLavoieSteveLavoie Posts: 663Member ■■■■■□□□□□
    Still working.. 10/21/19  .. 3h35 EST
  • yoba222yoba222 Posts: 1,055Member ■■■■■■■□□□
    Wow nice! I need to learn Burp Suite on a much deeper level than I do now. I think this might cover some of the Pro modules too, but I could be wrong.
    2017: GCIH | LFCS
    2018: CySA+ | PenTest+ |CCNA CyberOps
    2019: VHL 20 boxes
    2020: OSCP | CISSP
  • Infosec_SamInfosec_Sam Security+, CCENT, ITIL Foundation, A+ Madison, WIPosts: 384Admin Admin
    Looks like they just updated the sale to be valid for the next 24h. Thanks for the callout - it doesn't get any better than free, especially for such a powerful tool! Once we get a little further in the course, we'll have to open a discussion about how it's going!
    Community Manager at Infosec!
    Who we are | What we do
  • tedjamestedjames Scruffy-looking nerfherdr Posts: 1,054Member ■■■■■■■□□□
    Portswigger, the guys who invented Burp Suite, offer free training on their site: https://portswigger.net/web-security

    I think there may also be a free course or two on Udemy, maybe Cybrary, too. Also, there's tons of instruction on YouTube.
  • FluffyBunnyFluffyBunny CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soup CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soupPosts: 75Member ■■■□□□□□□□
    Yup still free, signed up, let's see how it is.
    CISSP, OSCP, CEH, GCCC, RHCSA, RHCE, Pentest+, Linux+, PSM-1, alphabet soup...

    2019: Renew RHCE (with EX407) , CompTIA CySA+ , PTA CRTP , SANS SEC566 (GCCC)
  • JerseyPaulJerseyPaul Posts: 1Registered Users ■■□□□□□□□□
    Still free. Thanks for the find
  • thaiguy314thaiguy314 Posts: 57Member ■■■□□□□□□□
    yep, still works as of this morning. thanks for the find!
    Certs: CISSP, CEH, CCNA Cyber Ops, Security+
  • FluffyBunnyFluffyBunny CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soup CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soupPosts: 75Member ■■■□□□□□□□
    Of course, one question we're not asking ourselves is this: are we being phished? :dizzy:

    Because honestly, this'd make a nice watering hole attack on unsuspecting security newbies.
    CISSP, OSCP, CEH, GCCC, RHCSA, RHCE, Pentest+, Linux+, PSM-1, alphabet soup...

    2019: Renew RHCE (with EX407) , CompTIA CySA+ , PTA CRTP , SANS SEC566 (GCCC)
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,476Admin Admin
    Well, we could use this as an opportunity to do some OSINT detective work on your hypothesis: "Is Peritus Training a front for a phishing/wateringhole campaign?"

    I'll start:
    Suspicious enough to continue?

  • tedjamestedjames Scruffy-looking nerfherdr Posts: 1,054Member ■■■■■■■□□□
    edited October 27
    Of course, one question we're not asking ourselves is this: are we being phished? :dizzy:

    Because honestly, this'd make a nice watering hole attack on unsuspecting security newbies.

    That's why I use a separate, disposable, if necessary, email account for things like this. I also use it when registering for conferences. I never use my real account and definitely not my work account. I just enter the minimum including fake birthdays (if they are required) and fake phone numbers. Just get in, get what you need (the training), and get out.

    Could be that Peritus is trying to create a buzz with free training before upping prices.

    It's good that people are paying attention, though. Trust but verify.
  • Danielm7Danielm7 Posts: 2,268Member ■■■■■■■■□□
    Still works, used fake name and disposable email and didn't agree to their promo emails. 
  • FluffyBunnyFluffyBunny CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soup CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soupPosts: 75Member ■■■□□□□□□□
    tedjames said:
    Of course, one question we're not asking ourselves is this: are we being phished? :dizzy:

    Because honestly, this'd make a nice watering hole attack on unsuspecting security newbies.

    That's why I use a separate, disposable, if necessary, email account for things like this. I also use it when registering for conferences. 
    Ah, but are you using your usual browser and workstation? When I say watering-hole attack, I mean a situation where known security admins (us) are lured to an interesting website which runs nasty code in their browsers :) 

    Hence why I really loved a previous customer of mine, for only allowing Internet access through a seperate browser running through Citrix on a short-lifetime VM. 
    CISSP, OSCP, CEH, GCCC, RHCSA, RHCE, Pentest+, Linux+, PSM-1, alphabet soup...

    2019: Renew RHCE (with EX407) , CompTIA CySA+ , PTA CRTP , SANS SEC566 (GCCC)
  • tedjamestedjames Scruffy-looking nerfherdr Posts: 1,054Member ■■■■■■■□□□
    tedjames said:
    Of course, one question we're not asking ourselves is this: are we being phished? :dizzy:

    Because honestly, this'd make a nice watering hole attack on unsuspecting security newbies.

    That's why I use a separate, disposable, if necessary, email account for things like this. I also use it when registering for conferences. 
    Ah, but are you using your usual browser and workstation? When I say watering-hole attack, I mean a situation where known security admins (us) are lured to an interesting website which runs nasty code in their browsers :) 

    Hence why I really loved a previous customer of mine, for only allowing Internet access through a seperate browser running through Citrix on a short-lifetime VM. 
    All good points! I like your level of paranoia. A friend pays his bills and does banking online using separate VMs for each account. 
  • FluffyBunnyFluffyBunny CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soup CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soupPosts: 75Member ■■■□□□□□□□

    tedjames said:
    All good points! I like your level of paranoia. A friend pays his bills and does banking online using separate VMs for each account. 
    Oh, it's not just paranoia. It's an actual attack vector that is being used in the wild. Case in point: the targeted attacks against specific iOS users among Chinese demographics that were discovered by Google's Project Zero. Similar stuff is out there, targeted at you or me, assuming your company is an interesting enough target.
    CISSP, OSCP, CEH, GCCC, RHCSA, RHCE, Pentest+, Linux+, PSM-1, alphabet soup...

    2019: Renew RHCE (with EX407) , CompTIA CySA+ , PTA CRTP , SANS SEC566 (GCCC)
  • tedjamestedjames Scruffy-looking nerfherdr Posts: 1,054Member ■■■■■■■□□□

    tedjames said:
    All good points! I like your level of paranoia. A friend pays his bills and does banking online using separate VMs for each account. 
    Oh, it's not just paranoia. It's an actual attack vector that is being used in the wild. Case in point: the targeted attacks against specific iOS users among Chinese demographics that were discovered by Google's Project Zero. Similar stuff is out there, targeted at you or me, assuming your company is an interesting enough target.
    I believe you. I know it's not really paranoia, but that's what I call it.

    Most people outside of security have told me, during discussions on rights to privacy, "What do I care? I have nothing to hide." I always tell them that, while that may be so, an attacker may be able to pivot off of them onto someone who really does have something to hide, like one of their friends or family members.
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,476Admin Admin
    tedjames said:

    Most people outside of security have told me, during discussions on rights to privacy, "What do I care? I have nothing to hide."

    Whenever anyone says that to you, immediately ask them to tell you their Social Security Number.
  • Danielm7Danielm7 Posts: 2,268Member ■■■■■■■■□□
    They'd probably tell you that before their salary or their debt amount. 
  • tedjamestedjames Scruffy-looking nerfherdr Posts: 1,054Member ■■■■■■■□□□
    Danielm7 said:
    They'd probably tell you that before their salary or their debt amount. 
    You mean like this? https://www.youtube.com/watch?v=UzvPP6_LRHc
Sign In or Register to comment.