6 minute read.

Black Friday for Security Professionals

zi and Specter


The Deal - Annual subscription at 40% off ($179 for standard, $269 for premium)

zi - PluralSight is an online learning platform providing courses about software development, system administration, and general technology. My primary use for it has been while working as a consultant, while I've got plenty of security background, I don't always know the intimate details about a particular technology stack. I would turn to Pluralsight to get up-to-speed on a particular topic before an engagement on a new tech stack. The information certainly is available through some Google searches, the conviennce of having everything readily available and there being some baseline standards upheld by PluralSight's instructors did make it a handy tool. I wouldn't consider it a worthwhile investment if you're looking to learn about security, they are lacking in quality security courses, and those that exist are not really worth it in my opinion.

Specter - A lot of PluralSight's security content is focused on web app hacking or network security. While there are a few courses that focus on binary, they're few and far between, and I wouldn't say the subscription is worth it for that alone. Even at the 40% off discount, I'd recommend using the trial to make sure there's enough courses you find interesting before committing to a subscription.

O'Reilly Online Learning

The Deal - Annual subscription to the Online Learning program at 50% off ($199)

zi - As the name implies, this is an online learning platform, unlike PluralSight, this includes access to books from O'Reilly and other publishers such as No Starch Press and Wiley, two of my favorite tech publishers. One of the most interesting features is the sandbox envrionments they provide (Kubernetes, Python, Tensorflow, and Ubuntu), basically cloud-based VMs running the respective tools that you can access on-demand. They also provide practice tasks and interactive walkthroughs of some basics tasks. While the existing tutorials are quite fundamental, its an interesting setup (using Katacode) that would probably quite useful if you were learning any of the topics covered. For most I think the biggest value comes from the library access and video course access. At roughly $25 a month, its not cheap, but they offer a singificant number of good books, both in general and security related. Basically every book I tend to recommend is on there so its a good library.

No Starch Press

The Deal - Last year the deal was 42% off their books, this year hasn't been announced yet, just that they are planning something.

zi - No Starch is one of my favorite technology and security book publishers. Many of their books are excellent in quality and enjoyable read. You've probably heard of some of their books such as the XYZ Hacker's Handbook series and the Black Hat and Gray hat {language} series among many other non-series books. If they run another steep discount I'll likely be picking up physical copies of Black Hat Go and Serious Cryptography and I'd recommend taking a look at their library, and maybe asking in our Discord for some book recommendations, they have some great content.

Pastebin Pro

The Deal - In past years the deal was $20 for the Lifetime Pro Membership. No indication if it will be the same this year.

zi - If you use pastebin, its a pretty good deal. If you don't use pastebin, well, you probably won't benefit from this. Pastebin is basically just a simple website to paste text and share it temporarily. The fact its so simple to use and no authentication necessary has lead pastebin being used to exfiltrate or dump data from compromises leading to a secondary feature of pastebin: keyword monitoring. With a Pro account you get access to alerts on certain key words appearing in a paste and the ability to use their API to scrape data. The last feature of Pro is unlimited unlisted and private pastes that don't show up publically. I know many people in the security industry do use pastebin for quick throw away things so I figured it was worth mentioning here.

Specter - The unlimited unlisted and private pastes, the API access, and the larger file limit (10MB as opposed to 500KB) is well worth a lifetime subscription if it's available, however it's not the end of the world if you miss this deal. As zi said, if you're a Pastebin fan, this is probably worth the buy. It's worth noting that there are other paste sites that offer some of what Pastebin pro offers and more for free if you're using Pastebin for it's quick code sharing functionality rather than scraping it.

PentesterLab Pro

The Deal - 13.37% off annual subscriptions.

zi - PentesterLab is another learning platform, this time with a security focus (web application security) and very-much hands on. With a Pro account you get access to a number of web-security 'courses' which are generally short and focused on a single, specific exploit, or attack technique. You are provided with a live, vulnerable envrionment to practice within, as with many things you could go and setup your own VM and attack it yourself, but having one ready for you saves you a ton of time and hassle. I have not used PentesterLab myself so I cnanot comment on the quality of instruction.


The Deal - 33-50% off ProtonMail and ProtonVPN.

zi - This is another product I've not used, but I know would be of interest to people who care about security. ProtonMail offers End-To-End encrypted email between ProtonMail customers. You can read more about their security features on their website.

VMWare Workstation Pro and Fusion pro

The Deal - 35% off Fusion Pro and Workstation Pro, 30% off the non-pro versions.

zi - Running Vms is a constant part of life in the security industry. Maybe I'm running a VM just to have access to some Linux tooling from Windows, or to run some services I'm assessing away from my actual desktop. Whatever the case, VMWare is widely considered the best Desktop VM platform, but its also the most expensive. If you're finding yourself not too happy with Hyper-V, Virtual Box or whatever you use, now would be a good time to atleast checkout VMWare's offering.

Specter - VMWare is a daily driver of mine, so unsurprisingly this is another deal that I recommend people interested in security take, especially if you're planning on doing research into kernel development / exploitation, and/or malware research. Between VirtualBox, HyperV, and VMWare, I've found VMWare to be the most performant. The pro editions also allow you to use snapshots which are valuable to quickly get back to work when working on things that could end up crashing the kernel a lot (such as driver development or exploits).


The Deal - Various discounts on the Hak5 store.

zi - If you have a need for their products now is a good time to buy or upgrade to a newer model, if you don't have a need I'd recommend skipping. Hak5 is fairly well known for the Pineapple and for their numerous hacking tools, everything is always pretty decent quality and often has some quality of life improvements over whatever you might make yourself with off-the-shell components. The thing is, for a lot of people they see these things and think about how 'cool' they are or how much of a 'hacker' they'd be if they had it without actually considering any practical usecase. Meaning many purchases just become novelty items collecting dusts on a shelf after a few months. If you have an immediate and known use for them, go ahead and pick something up, but don't waste your money if you don't yet know how you'd use the tools. Its very much for professionals in the sense that the average peope just isn't going to be in a situation to be dropping a rogue AP into a corporate network but a professional might.


The Deal - Various hosting and domain related deals

zi - If you want a vanity domain, there are usually good discounts going on and some cheap hosting. Not sure about the quality of hosting through NameCheap, but I've registered a few domains with them without any issues.


The Deal - Various deals from hosting providers

zi - I like to pick up a cheap server ever now and again just to run little scripts, or apps away from my main servers. I wouldn't trust these deals for anything meant for production, but having a server to run some long running scripts/bots/scanners on is nice, and LowEndBox will usually list some very good deals. One of my better deals was a VPS at $60 for 3 years that I've been running a service that is publically used on for nearly 6 years now. Now is also a good time to check with your favorite host to find deals.