CyberCode Academy

CyberCode Academy
  • 0,0 (0)
  • KHÓA HỌC
  • HẰNG NGÀY

Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity. 🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time. From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning. Study anywhere, anytime — and level up your skills with CyberCode Academy. 🚀 Learn. Code. Secure. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

  1. Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 17: Common Network and Web Application Vulnerabilities

    12 GIỜ TRƯỚC

    Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 17: Common Network and Web Application Vulnerabilities

    In this lesson, you’ll learn about: Common network “low-hanging fruit” vulnerabilities, including:Anonymous FTP accessGuest SMB sharesDefault credentials across services like SSH, RDP, and databases such as MySQL, PostgreSQL, and Microsoft SQL ServerThe risks of credential reuse across multiple systemsClear-text traffic risks, understanding how tools like Wireshark can reveal sensitive credentials when encryption is not enforced.Injection-based web attacks, including:SQL Injection (SQLi), where unsanitized input manipulates backend database queriesOS Command Injection, where user input is executed directly by the underlying operating systemFile Inclusion vulnerabilities, distinguishing between:Local File Inclusion (LFI)Remote File Inclusion (RFI)Common bypass techniques such as null byte injections and encoding tricksCross-Site Scripting (XSS) categories:Reflected XSSStored XSSDOM-based XSSAuthentication and session management flaws, including:Username enumerationPassword spraying attacksImproper reliance on cookies for authorization decisionsClient-side validation weaknesses, demonstrating how browser-side controls can be bypassed using interception tools like Burp Suite to manipulate parameters, hidden fields, and perform parameter pollution.Additional misconfigurations and risks, such as:Open redirectsOpen mail relaysLogic flaws in applications, including online gaming systems You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    16 phút
  2. Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 16: Web Technology Foundations: Protocols, Structure, and Scripting

    1 NGÀY TRƯỚC

    Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 16: Web Technology Foundations: Protocols, Structure, and Scripting

    In this lesson, you’ll learn about: Core web technologies and protocols, and how they directly impact web application security and penetration testing methodologies.Hypertext Transfer Protocol (HTTP) fundamentals, including:Its stateless, request–response architectureThe evolution from HTTP/1.0 to HTTP/3Common request methods such as GET and POSTStatus code classes (1xx–5xx) and what they reveal about server behaviorHTTP headers and session management, understanding how cookies maintain state and how security headers help mitigate attacks:Content Security Policy (CSP)HTTP Strict Transport Security (HSTS)Uniform Resource Identifiers (URIs), breaking down their structure to understand how resources are located and how parameters may introduce security risks.HTML structure, including:Tags and document layoutThe risks of exposed HTML commentsSecurity considerations around login forms and input handlingCSS, and how styling integrates with page rendering without directly providing logic control.Client-side and server-side scripting languages, including:JavaScript for browser interactivityPHP for backend processingPython and PowerShell for automation, scripting, and tool development in security testingPractical enumeration techniques, using tools such as:Burp Suite to inspect headers and manipulate requestsNmap to identify allowed HTTP methodsMetasploit for service interaction and validation You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    21 phút
  3. Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 15: Mastering Metasploitable 2: A Comprehensive Pentesting Guide

    2 NGÀY TRƯỚC

    Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 15: Mastering Metasploitable 2: A Comprehensive Pentesting Guide

    In this lesson, you’ll learn about: Metasploitable 2, an intentionally vulnerable Ubuntu-based virtual machine designed for safely practicing penetration testing techniques in a controlled lab.Structured reconnaissance and enumeration, using tools like Nmap to identify open ports, detect service versions, and map the attack surface before attempting exploitation.Service version detection and exploit matching, identifying outdated or vulnerable services such as:Apache TomcatvsftpdUnrealIRCdExploiting intentionally placed backdoors, understanding how misconfigured or vulnerable services can lead to immediate privileged access in lab environments.Credential-based attacks, demonstrating the security risks of weak or default credentials across services like FTP, MySQL, and Tomcat Manager using modules within Metasploit.Remote Code Execution (RCE) scenarios, analyzing vulnerabilities in services such as:Samba (usermap_script vulnerability)DistCCApache HTTP Server (PHP CGI misconfigurations)Web application exploitation techniques, including:Extracting sensitive server information from diagnostic pages (e.g., phpinfo)Uploading malicious payloads through misconfigured management consoles to gain controlled shell access (e.g., Meterpreter sessions)End-to-end penetration testing workflow, moving from reconnaissance → enumeration → exploitation → post-exploitation within a safe training environment. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    23 phút
  4. Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 14: Web Essentials: Files, Extensions, and Enumeration

    3 NGÀY TRƯỚC

    Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 14: Web Essentials: Files, Extensions, and Enumeration

    This episode explores the fundamental web files and extensions that are critical for both web development and security enumeration. It provides a detailed breakdown of how automated programs, such as search engine crawlers, interact with web servers and how these interactions can reveal sensitive information. Key topics include: Instructional Web Files: The episode covers robots.txt, which provides instructions to web robots regarding crawl delays and indexing restrictions. It also examines sitemap.xml, which serves as a roadmap for a website to ensure search engines can find all important pages.Enumeration Techniques: Guidance is provided on how to manually and automatically enumerate these files using tools like Nmap (via scripts like http-robots.txt and http-sitemap-generator) and Metasploit to discover pages that developers might not want indexed.Default Pages and Information Disclosure: You will learn about common default web pages (e.g., index.html, index.php) and how identifying these files can disclose specific details about the web server to an attacker.Data Handling and Extensions: The episode identifies common file extensions for compressed archives (e.g., .zip, .tar.gz) and database files (e.g., .sql, .db, .sqlite). It also provides practical instructions for using the tar command for file compression and SQLite 3 or DB Browser for SQLite for managing database content.Git Fundamentals: Finally, the session introduces essential Git commands such as init, clone, commit, and push for managing code repositories. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    19 phút
  5. Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 13: Essential Web Application Penetration Testing and Scanning Tool

    4 NGÀY TRƯỚC

    Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 13: Essential Web Application Penetration Testing and Scanning Tool

    In this lesson, you’ll learn about: Web application penetration testing workflows, focusing on discovering hidden resources, identifying vulnerabilities, and validating security weaknesses in authorized testing environments.Content discovery tools, including:DirBuster for dictionary-based directory and file enumeration.Dirb (often referenced similarly in labs) for brute-forcing hidden paths.Vulnerability scanning utilities, such as:Nikto for detecting dangerous files, outdated services, and misconfigurations.WPScan for auditing WordPress installations, enumerating plugins, themes, and users.Exploitation and injection testing tools, including:sqlmap for automating the detection and validation of SQL injection vulnerabilities.Wfuzz for fuzzing parameters, brute-forcing inputs, and discovering unlinked resources.Reconnaissance and surface mapping tools, such as:Aquatone for generating visual attack surface maps via automated screenshots.CeWL for spidering websites to create targeted wordlists for testing.Practical lab application, reinforcing hands-on usage to understand how these tools complement each other during reconnaissance, enumeration, and vulnerability validation phases. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    19 phút
  6. Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 12: Introduction to Banner Grabbing and Service Fingerprinting

    5 NGÀY TRƯỚC

    Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 12: Introduction to Banner Grabbing and Service Fingerprinting

    In this lesson, you’ll learn about: Banner grabbing (service fingerprinting), a technique used to identify open ports, running services, and version information exposed by a target system.How service banners work, understanding that many network services return text-based responses revealing software type, version numbers, and sometimes operating system details.Active vs. passive banner grabbing, including:Active methods — directly sending crafted requests to a target host.Passive methods — analyzing intercepted traffic or publicly available cached responses without directly interacting with the host.Command-line banner grabbing tools, such as:curl -I and wget -S for retrieving HTTP header information.telnet and netcat (nc) for manually connecting to service ports (e.g., FTP on port 21) to retrieve version details.Automated scanning utilities, including:Nikto for identifying web server vulnerabilities and misconfigurations.Nmap using the -sV flag to detect and display service versions across discovered ports.Web proxy inspection, using Burp Suite to analyze HTTP responses and identify server technologies (e.g., Apache, Microsoft IIS) and application frameworks.Practical lab application, reinforcing how banner data supports vulnerability research, exploit selection, and broader network security assessments. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    22 phút
  7. Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 11: OSINT, Reconnaissance, and Scanning: Foundations and Tools

    6 NGÀY TRƯỚC

    Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 11: OSINT, Reconnaissance, and Scanning: Foundations and Tools

    In this lesson, you’ll learn about: The early phases of a penetration test, focusing on intelligence gathering, infrastructure mapping, and active scanning techniques.Open Source Intelligence (OSINT), collecting actionable data from publicly available sources without directly interacting with the target system.Google hacking (dorking), using advanced search operators like site:, filetype:, and intitle: to uncover exposed files, misconfigurations, and sensitive information.The Google Hacking Database (GHDB), a curated repository of search queries used by security researchers to identify common web exposure issues.Reconnaissance techniques, including:Identifying authorized IP address ranges to stay within legal testing scopeDomain and subdomain enumeration using tools like dig and DNS reconnaissance utilitiesEmail enumeration from public sources to assess potential social engineering vectorsScanning methodologies, transitioning from passive discovery to active probing through:Host discoveryPort scanningService enumerationVulnerability identificationKey industry tools used during scanning, including:Nmap for network and port mappingNessus and OpenVAS for vulnerability assessmentsBurp Suite and OWASP ZAP for web application testingMetasploit for controlled exploitation and post-enumeration validation You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    19 phút
  8. Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 10: OWASP Fundamentals: Top 10 Vulnerabilities and Web Security

    15 THG 3

    Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 10: OWASP Fundamentals: Top 10 Vulnerabilities and Web Security

    In this lesson, you’ll learn about: Open Web Application Security Project (OWASP), an open community focused on improving software security through standards, tools, and best practices.The OWASP Top 10, a widely recognized awareness document outlining the most critical web application security risks.Common web application vulnerabilities, including:Injection flaws (e.g., SQL injection)Broken authentication mechanismsSensitive data exposureSecurity misconfigurationsInsufficient logging and monitoringOWASP’s web application security testing framework, providing structured guidance for evaluating application security posture.Key testing domains, such as:Identity and authentication managementSession management controlsInput validation and sanitizationBusiness logic testingReal-world attack scenarios, including identifying weak cryptographic implementations and bypassing flawed authorization mechanisms.Practical mitigation strategies, helping organizations proactively detect, understand, and remediate vulnerabilities in modern web applications and APIs. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

    26 phút
Xem tất cả (184)

Giới Thiệu

Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity. 🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time. From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning. Study anywhere, anytime — and level up your skills with CyberCode Academy. 🚀 Learn. Code. Secure. You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy

Thông Tin

  • Nhà sáng tạo
    CyberCode Academy
  • Năm hoạt động
    2025 - 2026
  • Tập
    184
  • Xếp hạng
    Sạch
  • Bản quyền
    © Copyright CyberCode Academy
  • Trang web chương trình
    CyberCode Academy

Có Thể Bạn Cũng Thích