CyberCode Academy

By CyberCode Academy

Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity.
🎧 Each course is divided into a series of short, focused episodes that take you from beginner to ad... more

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about CyberCode Academy:

How many episodes does CyberCode Academy have?

The podcast currently has 211 episodes available.

CyberCode Academy episodes:

March 19, 2026Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 14: Web Essentials: Files, Extensions, and Enumeration
This episode explores the fundamental web files and extensions that are critical for both web development and security enumeration. It provides a detailed breakdown of how automated programs, such as search engine crawlers, interact with web servers and how these interactions can reveal sensitive information. Key topics include:
Instructional Web Files: The episode covers robots.txt, which provides instructions to web robots regarding crawl delays and indexing restrictions. It also examines sitemap.xml, which serves as a roadmap for a website to ensure search engines can find all important pages.
Enumeration Techniques: Guidance is provided on how to manually and automatically enumerate these files using tools like Nmap (via scripts like http-robots.txt and http-sitemap-generator) and Metasploit to discover pages that developers might not want indexed.
Default Pages and Information Disclosure: You will learn about common default web pages (e.g., index.html, index.php) and how identifying these files can disclose specific details about the web server to an attacker.
Data Handling and Extensions: The episode identifies common file extensions for compressed archives (e.g., .zip, .tar.gz) and database files (e.g., .sql, .db, .sqlite). It also provides practical instructions for using the tar command for file compression and SQLite 3 or DB Browser for SQLite for managing database content.
Git Fundamentals: Finally, the session introduces essential Git commands such as init, clone, commit, and push for managing code repositories.

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
20min
March 18, 2026Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 13: Essential Web Application Penetration Testing and Scanning Tool
In this lesson, you’ll learn about:
Web application penetration testing workflows, focusing on discovering hidden resources, identifying vulnerabilities, and validating security weaknesses in authorized testing environments.
Content discovery tools, including:
DirBuster for dictionary-based directory and file enumeration.
Dirb (often referenced similarly in labs) for brute-forcing hidden paths.
Vulnerability scanning utilities, such as:
Nikto for detecting dangerous files, outdated services, and misconfigurations.
WPScan for auditing WordPress installations, enumerating plugins, themes, and users.
Exploitation and injection testing tools, including:
sqlmap for automating the detection and validation of SQL injection vulnerabilities.
Wfuzz for fuzzing parameters, brute-forcing inputs, and discovering unlinked resources.
Reconnaissance and surface mapping tools, such as:
Aquatone for generating visual attack surface maps via automated screenshots.
CeWL for spidering websites to create targeted wordlists for testing.
Practical lab application, reinforcing hands-on usage to understand how these tools complement each other during reconnaissance, enumeration, and vulnerability validation phases.

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
20min
March 17, 2026Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 12: Introduction to Banner Grabbing and Service Fingerprinting
In this lesson, you’ll learn about:
Banner grabbing (service fingerprinting), a technique used to identify open ports, running services, and version information exposed by a target system.
How service banners work, understanding that many network services return text-based responses revealing software type, version numbers, and sometimes operating system details.
Active vs. passive banner grabbing, including:
Active methods — directly sending crafted requests to a target host.
Passive methods — analyzing intercepted traffic or publicly available cached responses without directly interacting with the host.
Command-line banner grabbing tools, such as:
curl -I and wget -S for retrieving HTTP header information.
telnet and netcat (nc) for manually connecting to service ports (e.g., FTP on port 21) to retrieve version details.
Automated scanning utilities, including:
Nikto for identifying web server vulnerabilities and misconfigurations.
Nmap using the -sV flag to detect and display service versions across discovered ports.
Web proxy inspection, using Burp Suite to analyze HTTP responses and identify server technologies (e.g., Apache, Microsoft IIS) and application frameworks.
Practical lab application, reinforcing how banner data supports vulnerability research, exploit selection, and broader network security assessments.

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
23min
March 16, 2026Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 11: OSINT, Reconnaissance, and Scanning: Foundations and Tools
In this lesson, you’ll learn about:
The early phases of a penetration test, focusing on intelligence gathering, infrastructure mapping, and active scanning techniques.
Open Source Intelligence (OSINT), collecting actionable data from publicly available sources without directly interacting with the target system.
Google hacking (dorking), using advanced search operators like site:, filetype:, and intitle: to uncover exposed files, misconfigurations, and sensitive information.
The Google Hacking Database (GHDB), a curated repository of search queries used by security researchers to identify common web exposure issues.
Reconnaissance techniques, including:
Identifying authorized IP address ranges to stay within legal testing scope
Domain and subdomain enumeration using tools like dig and DNS reconnaissance utilities
Email enumeration from public sources to assess potential social engineering vectors
Scanning methodologies, transitioning from passive discovery to active probing through:
Host discovery
Port scanning
Service enumeration
Vulnerability identification
Key industry tools used during scanning, including:
Nmap for network and port mapping
Nessus and OpenVAS for vulnerability assessments
Burp Suite and OWASP ZAP for web application testing
Metasploit for controlled exploitation and post-enumeration validation

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
19min
March 15, 2026Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 10: OWASP Fundamentals: Top 10 Vulnerabilities and Web Security
In this lesson, you’ll learn about:
Open Web Application Security Project (OWASP), an open community focused on improving software security through standards, tools, and best practices.
The OWASP Top 10, a widely recognized awareness document outlining the most critical web application security risks.
Common web application vulnerabilities, including:
Injection flaws (e.g., SQL injection)
Broken authentication mechanisms
Sensitive data exposure
Security misconfigurations
Insufficient logging and monitoring
OWASP’s web application security testing framework, providing structured guidance for evaluating application security posture.
Key testing domains, such as:
Identity and authentication management
Session management controls
Input validation and sanitization
Business logic testing
Real-world attack scenarios, including identifying weak cryptographic implementations and bypassing flawed authorization mechanisms.
Practical mitigation strategies, helping organizations proactively detect, understand, and remediate vulnerabilities in modern web applications and APIs.

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
26min
March 14, 2026Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 9: Tools and Techniques for Concealing Information
In this lesson, you’ll learn about:
Steganography fundamentals, the practice of concealing information inside other media files such as images, audio, or video without visibly altering the carrier file.
Manual hiding techniques, including simple visual tricks like matching font color to background color and appending hidden data to files using command-line utilities.
Least Significant Bit (LSB) steganography, an advanced method that embeds hidden data within the smallest bits of image pixels, making changes imperceptible to the human eye.
Using Steghide, a command-line utility for embedding and extracting hidden messages from image and audio files with passphrase protection.
Analyzing metadata with ExifTool, which allows investigators to view and modify file metadata such as author details, timestamps, and embedded information.
Discovering hidden text with the strings command, a utility that extracts readable character sequences from binary files to uncover embedded messages or hard-coded credentials.
Command-line file manipulation techniques, including concatenating files in Linux (cat) or Windows (copy /b) to append hidden data within another file’s raw structure.
Practical lab application, reinforcing detection and extraction techniques through hands-on exercises involving metadata inspection, hidden message embedding, and forensic discovery methods.

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
18min
March 13, 2026Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 8: Cryptography Fundamentals: Encoding and Ciphers
In this lesson, you’ll learn about:
Data Representation and Encoding:
ASCII: Uses 128 unique values to represent text characters in computing.
Base64: Encodes binary data into text form for safe transfer across text-only channels like email or HTML.
Numerical Systems in Computing:
Binary (Base 2): Uses 0 and 1, fundamental to machine operations.
Decimal (Base 10): Standard human-readable numbering.
Hexadecimal (Base 16): Uses 0–9 and A–F, commonly used in memory addresses and color codes.
Octal (Base 8): Uses digits 0–7, occasionally used in file permissions and legacy systems.
Classic Substitution Ciphers:
Caesar Cipher / Shift Cipher: Rotates letters by a fixed number of positions.
ROT Variants:
ROT13: Shifts letters by 13 positions.
ROT5: Shifts numbers.
ROT18: Combination of ROT13 for letters and ROT5 for numbers.
ROT47: Extends rotation to letters, numbers, and keyboard symbols across ASCII.

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
21min
March 12, 2026Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 7: Tradecraft: The Methods and Tools of Modern Espionage
In this lesson, you’ll learn about:
Tradecraft Fundamentals: The structured set of tools, techniques, and methods used in modern intelligence gathering and espionage.
Key Categories of Tradecraft:
Agent Handling: Managing human assets for intelligence collection.
Analytic Tradecraft: Techniques for correlating, validating, and interpreting collected intelligence.
Black Bag Operations: Covert entries into buildings to obtain information or plant surveillance without detection.
Technical and Physical Methods:
Concealment Devices & Dead Drops: Securely hiding or transferring items between operatives.
Cryptography & Steganography: Encrypting or embedding messages within other files to prevent interception.
False Flag Operations: Performing actions designed to appear as though executed by another entity.
Tempest: Exploiting unintended radio or electrical emissions from devices to gather intelligence.
Good vs. Bad Tradecraft:
Bad Tradecraft: Unencrypted communication, obvious patterns, and high-risk “fast and loud” methods that are easily detected.
Good Tradecraft: Emphasizes stealth, patience, and the use of custom, untraceable tools and infrastructure for low-profile, high-security operations.

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
22min
March 11, 2026Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 6: Penetration Testing Lifecycle: From Scoping to Reporting
In this lesson, you’ll learn about:
The structured penetration testing lifecycle, a professional methodology that simulates real-world attacks while delivering measurable value to an organization.
Pre-engagement interactions, including:
Defining scope and boundaries
Establishing timelines
Securing written authorization
Formalizing the Rules of Engagement (ROE) and Statement of Work (SOW) to ensure legal and operational clarity
Intelligence gathering and reconnaissance, leveraging Open Source Intelligence (OSINT) and both passive and active footprinting techniques to map infrastructure and identify external exposure.
Threat modeling, analyzing high-value assets, identifying potential internal and external threat actors, and prioritizing the most likely and impactful attack paths.
Vulnerability analysis, combining automated scanning and manual validation to identify weaknesses, correlate findings, and map realistic exploitation paths.
Controlled exploitation, focusing on precision-driven access attempts rather than disruptive tactics, often requiring carefully selected or customized techniques to bypass layered defenses.
Post-exploitation activities, including:
Assessing the value of compromised systems
Demonstrating potential impact through controlled data access
Pivoting within the network (if in scope)
Performing full cleanup to remove tools, accounts, and artifacts created during testing
Professional reporting, often the most critical deliverable:
An Executive Summary translating technical risk into business impact
A Technical Report detailing vulnerabilities, proof of concept, risk ratings, and clear remediation guidance

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
20min
March 10, 2026Course 27 - Hacking Web Applications, Penetration Testing, CTF | Episode 5: Penetration Testing Terminology and Core Security Concepts
In this lesson, you’ll learn about:
Core penetration testing terminology, including the difference between a vulnerability (a weakness in a system) and an exploit (the method used to leverage that weakness).
Payload concepts, understanding how attackers deliver custom code to a target system after successful exploitation.
Shellcode fundamentals, the low-level assembly instructions often embedded within exploits to execute specific actions on a compromised machine.
Shell types and communication methods, including:
Reverse shells, where the target initiates a connection back to the tester’s listener.
Bind shells, where the target opens a listening port and the tester connects directly.
Web shells, typically deployed through vulnerable web applications.
Interpreter shells, providing command execution through scripting environments.
Zero-day vulnerabilities, defined as previously unknown security flaws that are exploited before developers can release a patch or mitigation.
The CIA triad, the foundational security model emphasizing:
Confidentiality – preventing unauthorized data disclosure
Integrity – ensuring data remains accurate and unaltered
Availability – maintaining reliable system and data access

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
...more
19min

FAQs about CyberCode Academy:

How many episodes does CyberCode Academy have?

The podcast currently has 211 episodes available.