Best of CybersecurityJanuary 2025

  1. 1
    Video
    Avatar of davidbombalDavid Bombal·1y

    FREE Ethical Hacking course (70 hours & includes Kali Linux labs)

    Cisco is offering a free 70-hour ethical hacking course through its Networking Academy, which includes hands-on labs using Kali Linux. The course aims to bridge the growing gap in the cybersecurity workforce by providing practical skills and knowledge. It covers topics such as penetration testing, social engineering attacks, and reconnaissance with tools like nmap and the Social Engineering Toolkit. Although the course is free, obtaining the certification costs $100.

  2. 2
    Video
    Avatar of youtubeYouTube·1y

    How to Learn Hacking (2025) - a Practical Guide

    Learning hacking requires persistence and a strong foundation. Start with networking basics, using tools like Cisco Packet Tracer and TryHackMe. Master tools such as Wireshark and platforms like Ubuntu and Kali Linux. Experiment with tools like Nmap and Burp Suite, and learn programming basics with Python and Bash scripting. Build a virtual lab for practical experience, use platforms like Hack The Box, and engage with the community for support. Cyberflow’s Academy offers structured, step-by-step guides and a supportive community for aspiring hackers.

  3. 3
    Video
    Avatar of mentaloutlawMental Outlaw·1y

    Arti - The Future Of The Dark Web

    Ry is a project that aims to rewrite Tor's anonymity protocols in Rust, potentially replacing the current C implementation due to its memory safety and multi-threading capabilities. This rewrite is expected to solve existing performance and security issues, making the Tor network faster and safer. The post includes a demonstration of using Ry as a Tor proxy and discusses the benefits and concerns of transitioning to Rust.

  4. 4
    Video
    Avatar of networkchuckNetworkChuck·1y

    Hacker's Roadmap 2025 (how to get started in IT)

    The post provides a comprehensive roadmap for individuals looking to start a career in IT in 2025, emphasizing foundational skills and certifications without the need for a college degree. It highlights the importance of applying for IT jobs immediately, acquiring certifications like CompTIA A+, Security+, and the CCNA, and the significance of learning Linux and Python. Additionally, it discusses building a home lab to apply practical skills, and the potential of transitioning into cybersecurity, specifically ethical hacking.

  5. 5
    Video
    Avatar of programmingwithmoshProgramming with Mosh·1y

    The Complete Cybersecurity Roadmap: Land a Cybersecurity Job in 10 Months

    Learn the essential skills and certifications needed to land your first cybersecurity job. The roadmap includes building a strong IT foundation, understanding networking, mastering operating systems like Windows and Linux, and learning basic coding with languages like Python. Certifications such as CompTIA A+, Network+, Security+, and others are also recommended. Consistent study of 3 to 5 hours a day can prepare you for an entry-level role in about 7 to 10 months.

  6. 6
    Video
    Avatar of davidbombalDavid Bombal·1y

    2025 Ethical Hacker Roadmap with lots of free training (NOT Sponsored)

    The post provides a detailed 2025 roadmap for becoming an ethical hacker, including guidance on foundational IT skills, network and Linux knowledge, programming basics, and cybersecurity principles. It suggests free and paid resources for learning, emphasizes the importance of hands-on experience, and addresses certifications and career progression. The roadmap also highlights the growing role of AI in ethical hacking while reassuring readers about the job security within this field.

  7. 7
    Article
    Avatar of techcentralTechCentral·1y

    Social media is killing democracy

    Pedro Sánchez, the Prime Minister of Spain, addressed the World Economic Forum in Davos, criticizing the negative impact of social media on democratic societies. He highlighted how social media's anonymity facilitates misinformation, hate speech, and cyber harassment. He proposed three measures to counter these issues: eliminating anonymity, making social media algorithms transparent, and holding social media CEOs accountable for compliance with laws. Sánchez called for a united effort to return social media to its original purpose of fostering democracy and societal engagement.

  8. 8
    Video
    Avatar of youtubeYouTube·1y

    OSINT 2025: How to Gather All the Info You’ll Ever Need on Anyone.

    Open-Source Intelligence (OSINT) involves gathering publicly accessible information from sources like social media, websites, and public databases. Key OSINT tools include Google Dorking, theHarvester, ExifTool, Photon, Sherlock, Maltego, and Shodan, which help uncover patterns, track behaviors, and identify vulnerabilities. Ethical and legal use of these tools is paramount for research, cybersecurity, or investigations.

  9. 9
    Video
    Avatar of mentaloutlawMental Outlaw·1y

    How Hackers Take Over Computers With Reverse Shells

    Hackers often use reverse shells to gain control over target computers. This post shows how a reverse shell works using a Windows 11 virtual machine and a Kali Linux system. Despite robust antivirus measures, the reverse shell bypasses Windows Defender and other security tools. Through a detailed breakdown of the malicious code, the post explains how hackers can execute commands and take control of victim machines. It also illustrates how easily such malware can be created and deployed, highlighting the limitations of traditional antivirus solutions.

  10. 10
    Video
    Avatar of davidbombalDavid Bombal·1y

    How To Learn AI in 2025 (If I Started Over)

    Phishing detection, despite the existence of advanced AI models, still poses challenges. Learning multiple topics, like AI and cybersecurity, is recommended as it provides broader insights. The focus in AI has shifted from merely expanding language models to incorporating data for improved accuracy. However, large language models can still be easily confused. Beginners should start with introductory courses, practice hands-on tasks, and understand machine learning fundamentals. The rapid evolution in AI technology offers a chance for continuous learning. Privacy concerns, especially in platforms using AI, remain significant.

  11. 11
    Article
    Avatar of csoonlineCSO Online·1y

    7 top cybersecurity projects for 2025

    As cybersecurity challenges persist, ensuring robust security measures for AI deployments, third-party risk management, asset visibility, and compliance are crucial. Adopting methods like trust-by-design and integrated cyber-storage can enhance resilience and mitigate potential risks in 2025.

  12. 12
    Article
    Avatar of systemweaknessSystem Weakness·1y

    Basics of cryptography ( Part1 )

    Cryptography converts readable text into unreadable ciphertext using encryption methods. Three main types include symmetric encryption (same key for encryption/decryption), asymmetric encryption (public/private key pairs), and hashing (one-way transformation for data integrity). Practical examples and websites for implementing these methods are provided.

  13. 13
    Video
    Avatar of lowlevellearningLow Level Learning·1y

    firewall backdoor exposes 500,000 passwords (illegal?)

    A new hacking group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 Fortigate devices on the dark web. This incident highlights critical vulnerabilities in Fortinet's Next Generation Firewalls (NGFW) that have gone unpatched. The flaws allow hackers to add SSH keys and exploit weaknesses to gain unauthorized access, exacerbated by outdated firmware and improper input validation. Firewall owners are strongly urged to update their firmware and change their passwords to mitigate potential threats.

  14. 14
    Article
    Avatar of devtoDEV·1y

    How to Get Started with Bash Scripting for Automation

    Bash scripting is a powerful tool for automation, especially beneficial for cybersecurity tasks. It allows for efficient handling of repetitive tasks, offers flexibility by interacting with various tools, and provides low-level control over the operating system. Basic knowledge of Bash syntax, setting up a Linux environment, creating simple automation scripts, and best practices are essential for effective scripting. Real-world applications include automated network scans, log monitoring, and backup management. Resources like books, online courses, and practice platforms can further enhance your scripting skills.

  15. 15
    Article
    Avatar of codigeeCodigee·1y

    How you could order anything in McDonald for $0.01 (India)

    A researcher found a vulnerability in McDonald's India online ordering system that allowed menu items to be ordered for just $0.01. By manipulating the HTTP request during the cart update step, the researcher added a new field with a gross price value, which was accepted by the system. This exploit, known as a mass assignment vulnerability, was reported and patched. The researcher was rewarded with a $240 Amazon gift card.

  16. 16
    Article
    Avatar of codigeeCodigee·1y

    Does the NSA build secret backdoors in the new encryption standards? No. In the past? Yes

    In the late 1990s and early 2000s, the NSA was found to have inserted a compromised pseudorandom number generator (PRNG) called Dual_EC_DRBG into cryptographic standards, which could potentially provide backdoor access to encrypted communications. The revelation caused significant distrust in the NSA and prompted the cryptographic community to be highly vigilant against such tampering. Today, the NSA cannot interfere in the same way due to the community's heightened awareness and scrutiny of new cryptographic standards.

  17. 17
    Article
    Avatar of thnThe Hacker News·1y

    WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables

    New credit card skimmer malware targets WordPress e-commerce checkout pages by injecting malicious JavaScript into database tables, making it hard to detect. The malware activates on checkout pages, creating fake forms or hijacking existing ones to steal payment information. The stolen data is then encoded and sent to an attacker-controlled server. Recent discoveries also highlight phishing email campaigns targeting PayPal users and a novel technique called transaction simulation spoofing used to steal cryptocurrency.

  18. 18
    Video
    Avatar of davesgarageDave's Garage·1y

    Password Cracking 101: From DES to ZIP

    Dave, a retired operating systems engineer from Microsoft, demonstrates various password-cracking techniques. He shows how to break into Unix systems, deep crack DES, use John the Ripper, and decrypt encrypted ZIP files. The post highlights the evolution of password security, the importance of using complex, non-dictionary passwords, and the effectiveness of modern tools in testing and verifying security. Understanding these methods is crucial for creating and maintaining secure systems.

  19. 19
    Article
    Avatar of infosecwriteupsInfoSec Write-ups·1y

    BugBounty — Mastering the Basics (along with Resources)[Part-3]

    Bug Bounty Hunting requires the use of various security tools to find vulnerabilities in software, web, and mobile applications. Key tools include BurpSuite, ZAP, and Caido for application security testing, as well as a range of tools for subdomain enumeration like Sublist3r and Amass. The post also highlights tools for port scanning, screenshots, content discovery, and specific technologies such as Wappalyzer.

See all Cybersecurity archives