Pluralsight

Here's a little-known fact for folks that have only tuned in more recently: I had a life before doing security things. I know, it seems like a long time ago now, but there was a time where all the other things that go into the software development process were highly topical for me. In fact, some of the most popular content on my blog over the last 7 years has been the You're deploying it wrong series [https://www.troyhunt.com/you-deploying-it-wrong-teamcity/] where I walk through the setup of T...

I was on another whirlwind trip back in July, this time to a bunch of spots in the US which included Chicago where Pluralsight has one of their offices. The last time I was there I'd recorded a "Play by Play" course which is video recorded rather than a screen cast like so many of my others. It meant myself and someone else (in this case, Gary Eimerman [https://twitter.com/GaryEimerman] who's part of the Pluralsight team) actually sitting in front of the camera talking about security as well as...

Two of the things you'll have found me most frequently writing about on this blog are "cloud" and "security". Whilst the latter seems to have been what I've gravitated towards most in recent years, the former is something I'm very heavily involved in, particularly with my work on Have I been pwned [https://haveibeenpwned.com/] (HIBP). I'm enormously happy to see the very last course in the Ethical Hacking series [https://www.pluralsight.com/blog/tutorials/learning-path-ethical-hacking] I've been...

This was pretty big news 18 months ago: It was what greeted Sony Pictures employees [https://en.wikipedia.org/wiki/Sony_Pictures_Entertainment_hack] when they turned up to the office and switched on their machines. Machines infected with malware was one thing - a very bad thing at that - but it got much, much worse for Sony. In all, we saw about 40GB of company data walk out the proverbial door and it included everything from employee credentials to unreleased films to somewhere in the order...

I’ve just launched my latest Pluralsight course titled Ethical Hacking, Denial of Service [https://app.pluralsight.com/library/courses/ethical-hacking-denial-service/table-of-contents] but before I explain what’s in it, let’s kick off with some trivia: DDoS attacks have increased massively in size in recent years: This is from Arbor Networks’ latest Worldwide Infrastructure Security Report [https://www.arbornetworks.com/images/documents/WISR2016_EN_Web.pdf] and that was current in October wh...

The other day, a hacker compromised someone’s email account. It was almost certainly a phishing attack, he probably just sent them over an email claiming to be from the victim’s organisation and then just, well, asked for their credentials. From there, the attacker wandered over to the web portal of the victim’s organisation and attempted to logon, which unfortunately for him didn’t work. No worries, they simply called up the helpdesk who kindly gave him access. So now he’s logged in to the vict...

We tend to get very focused on digital security controls; firewalls, antivirus, software updates and then all the usual practices I spend so much time talking to developers about, stuff like defending against SQL injection, cross site scripting and a whole raft of other attacks against systems. But the bigger risk – and it’s one that doesn’t get near as much coverage – is attacks against humans. Whereas most of the time we’re thinking about attacks against the systems, we tend to neglect weaknes...

Every now and then, a Pluralsight course completely defies the odds of what I expected it to do. Now it’s not that I don’t think this latest one [https://app.pluralsight.com/library/courses/play-by-play-ethical-hacking-troy-hunt/table-of-contents] is a good course, rather it’s that it’s a play-by-play which effectively went like this: Pluralsight: Hey, how about you hack Gary Eimerman [https://twitter.com/garyeimerman] and we record it? Me: You had me at “hack”! And that’s about it – now it’...

Pluralsight content remains enormously popular among a growing audience of technology pros not just because of the breadth of content (we’re talking about well over 4,000 courses now), but because it’s so cheap to get into. Less than a dollar a day and you’ve got access to some really top notch content that’s created by some of the best in the business then scrutinised and peer reviewed to ensure it’s right up there as the best possible training material you can find on the web. It’s amazing the...

My Pluralsight courses get pirated all the time. I used to have Google alerts for them but frankly, the flood of emails I’d get each day just didn’t justify the “return” I’d get by forwarding them on to the Pluralsight piracy folks. I ended up rationalising it with the tongue-in-cheek analogy that those who would seek to pirate my security content are probably more likely to do evil things with it thus causing others to realise that they need security training! Of course I hope that’s not actual...