Options

Free (for the next day or so) Burp Suite course

tedjamestedjames Member Posts: 1,179 ■■■■■■■■□□
Found this on Twitter: https://twitter.com/PeritusTraining

Go to their site to register: https://training.peritusinfosec.com/

Use the code DIWALIGIFT to get the course for free. Their Twitter post says it's free for the next 72 hours. They posted on October 16, so the code may expire today.

I can't speak for the quality of the training yet, because I haven't started it. But if it's free, what do you have to lose but a little time?

Comments

  • Options
    balancebalance Member Posts: 244 ■■■■■□□□□□
  • Options
    DZA_DZA_ Member Posts: 467 ■■■■■■■□□□
    Thanks @tedjames - I've just signed up!
  • Options
    JDMurrayJDMurray Admin Posts: 13,054 Admin
    Yep, I just enrolled too. Great find! I can't wait to review the course.
  • Options
    chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    worked for me as of 10/21/19
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • Options
    SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    Still working.. 10/21/19  .. 3h35 EST
  • Options
    yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    Wow nice! I need to learn Burp Suite on a much deeper level than I do now. I think this might cover some of the Pro modules too, but I could be wrong.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • Options
    Infosec_SamInfosec_Sam Admin Posts: 527 Admin
    Looks like they just updated the sale to be valid for the next 24h. Thanks for the callout - it doesn't get any better than free, especially for such a powerful tool! Once we get a little further in the course, we'll have to open a discussion about how it's going!
    Community Manager at Infosec!
    Who we are | What we do
  • Options
    tedjamestedjames Member Posts: 1,179 ■■■■■■■■□□
    Portswigger, the guys who invented Burp Suite, offer free training on their site: https://portswigger.net/web-security

    I think there may also be a free course or two on Udemy, maybe Cybrary, too. Also, there's tons of instruction on YouTube.
  • Options
    FluffyBunnyFluffyBunny Member Posts: 243 ■■■■■■□□□□
    Yup still free, signed up, let's see how it is.
  • Options
    JerseyPaulJerseyPaul Registered Users Posts: 1 ■■□□□□□□□□
    Still free. Thanks for the find
  • Options
    thaiguy314thaiguy314 Member Posts: 59 ■■■□□□□□□□
    yep, still works as of this morning. thanks for the find!
    Certs: CISSP, CEH, CCNA Cyber Ops, Security+
  • Options
    FluffyBunnyFluffyBunny Member Posts: 243 ■■■■■■□□□□
    Of course, one question we're not asking ourselves is this: are we being phished? :dizzy:

    Because honestly, this'd make a nice watering hole attack on unsuspecting security newbies.
  • Options
    JDMurrayJDMurray Admin Posts: 13,054 Admin
    Well, we could use this as an opportunity to do some OSINT detective work on your hypothesis: "Is Peritus Training a front for a phishing/wateringhole campaign?"

    I'll start:
    Suspicious enough to continue?

  • Options
    tedjamestedjames Member Posts: 1,179 ■■■■■■■■□□
    edited October 2019
    Of course, one question we're not asking ourselves is this: are we being phished? :dizzy:

    Because honestly, this'd make a nice watering hole attack on unsuspecting security newbies.

    That's why I use a separate, disposable, if necessary, email account for things like this. I also use it when registering for conferences. I never use my real account and definitely not my work account. I just enter the minimum including fake birthdays (if they are required) and fake phone numbers. Just get in, get what you need (the training), and get out.

    Could be that Peritus is trying to create a buzz with free training before upping prices.

    It's good that people are paying attention, though. Trust but verify.
  • Options
    Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    Still works, used fake name and disposable email and didn't agree to their promo emails. 
  • Options
    FluffyBunnyFluffyBunny Member Posts: 243 ■■■■■■□□□□
    tedjames said:
    Of course, one question we're not asking ourselves is this: are we being phished? :dizzy:

    Because honestly, this'd make a nice watering hole attack on unsuspecting security newbies.

    That's why I use a separate, disposable, if necessary, email account for things like this. I also use it when registering for conferences. 
    Ah, but are you using your usual browser and workstation? When I say watering-hole attack, I mean a situation where known security admins (us) are lured to an interesting website which runs nasty code in their browsers :) 

    Hence why I really loved a previous customer of mine, for only allowing Internet access through a seperate browser running through Citrix on a short-lifetime VM. 
  • Options
    tedjamestedjames Member Posts: 1,179 ■■■■■■■■□□
    tedjames said:
    Of course, one question we're not asking ourselves is this: are we being phished? :dizzy:

    Because honestly, this'd make a nice watering hole attack on unsuspecting security newbies.

    That's why I use a separate, disposable, if necessary, email account for things like this. I also use it when registering for conferences. 
    Ah, but are you using your usual browser and workstation? When I say watering-hole attack, I mean a situation where known security admins (us) are lured to an interesting website which runs nasty code in their browsers :) 

    Hence why I really loved a previous customer of mine, for only allowing Internet access through a seperate browser running through Citrix on a short-lifetime VM. 
    All good points! I like your level of paranoia. A friend pays his bills and does banking online using separate VMs for each account. 
  • Options
    FluffyBunnyFluffyBunny Member Posts: 243 ■■■■■■□□□□

    tedjames said:
    All good points! I like your level of paranoia. A friend pays his bills and does banking online using separate VMs for each account. 
    Oh, it's not just paranoia. It's an actual attack vector that is being used in the wild. Case in point: the targeted attacks against specific iOS users among Chinese demographics that were discovered by Google's Project Zero. Similar stuff is out there, targeted at you or me, assuming your company is an interesting enough target.
  • Options
    tedjamestedjames Member Posts: 1,179 ■■■■■■■■□□

    tedjames said:
    All good points! I like your level of paranoia. A friend pays his bills and does banking online using separate VMs for each account. 
    Oh, it's not just paranoia. It's an actual attack vector that is being used in the wild. Case in point: the targeted attacks against specific iOS users among Chinese demographics that were discovered by Google's Project Zero. Similar stuff is out there, targeted at you or me, assuming your company is an interesting enough target.
    I believe you. I know it's not really paranoia, but that's what I call it.

    Most people outside of security have told me, during discussions on rights to privacy, "What do I care? I have nothing to hide." I always tell them that, while that may be so, an attacker may be able to pivot off of them onto someone who really does have something to hide, like one of their friends or family members.
  • Options
    JDMurrayJDMurray Admin Posts: 13,054 Admin
    tedjames said:

    Most people outside of security have told me, during discussions on rights to privacy, "What do I care? I have nothing to hide."

    Whenever anyone says that to you, immediately ask them to tell you their Social Security Number.
  • Options
    Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    They'd probably tell you that before their salary or their debt amount. 
  • Options
    tedjamestedjames Member Posts: 1,179 ■■■■■■■■□□
    Danielm7 said:
    They'd probably tell you that before their salary or their debt amount. 
    You mean like this? https://www.youtube.com/watch?v=UzvPP6_LRHc
Sign In or Register to comment.