Thursday, September 22, 2016

Bash Aliases - Why you should use them and how to make them.




I will be giving a free 30 minute Google hangout session showing people why to use bash aliases, how to make them, and some more uses for aliases that you may not have thought about.

The first 7 people to email me and who can make the Google hangout time ( I will email it to you ), will be invited to the hangout session.  Bash aliases are super useful and not hard to use, once you see how powerful they are you'll be making some of your own!

I will be showing you some of my alias so you can follow along with me, you should have a Linux or Mac.  I want everyone to participate that attends, I want you to walk away with a new skill and not just have watched me type :-)

My email is:
joshuakemp85@gmail.com




Monday, September 19, 2016

Ruby Poltergeist gem the best way to scrape data

Over the years I have used several different gems to scrape data.  My 2 favorites being:
Nokogiri and Mechanize.  Both are very similar, but recently I had a challenge that neither Nokogiri or Mechanize could handle.





Here's the situation:

I needed to make a HTTP POST, passing basic auth to a login form, then go to another URL and scrape some data.  All of this can be done using the Mechanize gem.  The problem is after making the POST the site used AUTH0 for authentication, which was implemented using Javascript.  The Javascript redirects to another URL looking for the successful login code from AUTH0.

THE PROBLEM???

Mechanize and Nokogiri don't handle Javascript.  The good news is Poltergeist can easily handle Javascript, no sweat!  After using Poltergeist one time to solve this challenge, it has become my "go to" gem for anything and everything!

Poltergeist uses PhantomJS to run as a headless browser, I can still use the awesome Ruby gem Crack gem to parse any JSON or XML.  I can't show you the exact example I was working on as I am not allowed, but I can show you something similar.

There is as an old web based game called Hyperiums II I honestly don't play the game, but my friend does :-)  This isn't a post about how to cheat the game ( although you could ),  I want you to fall in love with this gem!  Once you use it, it will become the gem you grab if you need to scrape data or have a simple task that you want to automate.  Poltergeist is my secret weapon when doing any web scraping!

Here is a sample Poltergeist script of logging into Hyperiums II and navigating to build factories.  You can modify this code to do most any small task or test that you need!

Hyperiums II script


Saturday, September 10, 2016

Mr. Kemp you have been Terminated

Mr. Kemp we have decided to terminate your position, effective immediately.  Sign these documents please, I will need your badge and computer, best of luck for your future.



There is something inside of every provider that freaks out when being let go.  As I said goodbye to my former co-workers and got into the elevator, tears started to well up in my eyes. I got home in record time, there is no traffic at 11am.

It didn't matter to me that the company had laid off 11 other people the past week because they hadn't landed any new contracts. The reason didn't matter at all.

What matters was figuring out how I was going to get my next job AND FAST!!! I had no clue this was coming. I was told I was doing a great job and wasn't even looking for other jobs.

I will spare you all the depressing details and stress I went through. What came out of the experience was 9 days after being laid off I accepted a job offer for a mid level position paying $11K more!

I went on to coach other people for the next 12 months. I helped get people hired in record time all over the U.S. 

You don't have to cry like me, you don't have to stay awake at night with heartburn and stress unable to sleep hoping to land a job.

You don't have to read the 2,000+ emails I've sent to coaching clients listening, understanding their story and situation.

I poured my heart and soul into this course. I made the course I wish I could have had when I was let go. I would have slept better. I wouldn't have felt like I aged a year in those 9 days.

If you need a tech job in the shortest amount of time possible, this is the course for you, this isn't a learn how to code course, this is a : "LET'S GET A JOB COURSE".


I hope to see you in class!

Tweet one of the course links below and like the ‘course’ Facebook page and I will personally send you a free copy of my book: “No Degree, No Problem”! The course officially launches Monday September 12 but the first few lectures are up now if you want to get a jump start! 



People will go to bootcamps and take coding tutorials BUT when they are REALLY ready to land a job this is it here: http://bit.ly/2czEzCv ( Tweet this )

Need a tech job fast? Check out @joshuakemp01 's new course. A proven method and fastest way ever developed http://bit.ly/2czEzCv ( Tweet this )

Anything worth having takes hustling and an effective roadmap. Land a dev job now: http://bit.ly/2czEzCv                          ( Tweet this ) 

Sunday, August 28, 2016

The Fastest Way to Land a Tech Job

Where have I been for the past 2 months???  Working, hustling!!!  I keep trying to stop coaching but I have a serious waiting list, and people keep emailing me!!! It was getting hard to keep up with. I still have a passion to help others land a tech job, get out of their current career and help those who have dropped out of coding bootcamps.

I decided to take everything I have learned from coaching people on how to get a: Junior Dev, Test Automation, or QA job from all around the country and condense it down into a course. I've taken what I've learned from walking people through the process of landing their first tech job. On average I would send 200 - 300 emails to each person over the course of the coaching! Instead of you having to read all those emails and try to figure out what worked, I have done it for you. In a simple at your own pace course and at a more affordable price too!

The Fastest Way to Land a Tech Job course officially launches September 12th, but I am allowing people to sign up for a pre release launch and have access to the first 4 lectures ahead of time! You can find more info about what's in the course and watch the promo video at the link above.


Saturday, June 4, 2016

How to become a hacker: Part 1

I know it's been a long time since blogging, I have been finishing up with coaching clients, working, and studying in the evenings.  I have decided to show you what I have been learning and how you can do the same if you want.

The biggest advantage I have with becoming a hacker has been having a friend ( who is a hacker ) agree to mentor me.  My end goal is to get hired as a Ethical Hacker / Pen Tester, I am not simply learning to learn.  I want to learn how to hack and be good enough to actually go out and get hired as a hacker.  I am not learning to impress anyone or look cool, the mission is:

Get good enough to land a job as a hacker.

One of the first questions my mentor asked me ( who is on a Red Team currently ) was what type of security testing / hacking do you want to get into?  He compared me wanting to become a hacker as the same as someone saying:

"I want to get into Computer Science."

That is too vague, computer science is not specific enough, you could become a programmer, you could become a test automation engineer, you could do Big Data, the possibilities are endless.  The same is true with becoming a hacker, that is too vague, you need to get clear on what you will be security testing / hacking.

I decided on web application security pen testing since I like working with web apps and am most familiar with them.  My hacking training is specifically geared toward learning web application pen testing techniques.

So the first rule to becoming a hacker is:

Get clear on what type of security testing / hacking you want to do, don't try to learn everything.

On that note, I am learning some of the lingo used by real world hackers, and have found that they actually do not like the term 'Ethical Hacker', they call themselves 'pen testers', or penetration testers' but almost never Ethical Hackers.

The next issue is where and what to start learning?

There are so many resources and places to learn you can absolutely waste your entire life trying different courses and tutorials.  Everything I am writing about is my own personal journey to becoming a web application pen tester, with that said here is the first resource that you need:

http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html


Start on lesson 16and go through lesson 19.  The other lessons are good, but I am told are over my head for now.  The hardest part of this training is the homework, reading 80 - 100 pages after each lesson takes a long time and even longer to really understand what you are reading.  The book you will need is:

Web Application Hackers Handbook.

The to learning pen testing is not simply watching a video and reading a book, pen testing is all about hands on.  You absolutely must do what the book recommends as exercises or else you will only get the theory but not the actual how to.

How to actually do the exercises?

You need a web application that you are actually allowed to pen test without going to jail or being illegal.  The solution is:

https://github.com/WebGoat/WebGoat

Web goat is the best way to actually try out all the techniques you have read about.  Watch the lesson, read the homework go through some challenges using web goats insecure web application.  This is how I am learning and will be for sometime. 


Tools:

The first thing you need to do is to only use a Virtual Box or VM for all of your testing in case something goes wrong, you can simply delete it.  I did this wrong before, trust me you need a VM.

Install Virtual Box

Install Kail:
https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/

On Kali install:

Firefox
Burp suite ( latest version )

There are more things you need to know, you will need to know how to set up a browser proxy to talk to Burp Suite so that you can test the web app.  If there is interest I will write some more posts on more specifics ( as they can be tricky when you are new to it ) if I receive enough emails.

The last thing I will say is that learning how to code was tough, getting an actual junior dev job was even harder, but none of this will be even close to how hard it will be to land an actually job as a pen tester at a company.  Companies want you to basically be able to hack an international bank and not get caught with very little supervision.  I am nowhere even remotely close to that level of skill but know I will get there eventually.  Follow along on this journey if you want me to show you the way!

Never give up, you can do it!