Archive for July 9th, 2016

A question that regularly pops up in the Framer community is how to use Framer if you’re using a PC. Currently, Framer Studio is only available on a Mac but the Framer.js framework, that powers Framer Studio, is free and open source. That means if you’re using Windows, Linux or on a Mac but still on the fence about purchasing Framer Studio, you can still create Framer prototypes.


For most of us, we want to do as little configuration as possible — that’s where Atom comes in.Atom is a free, text editor from GitHub that’s modern and customizable to do almost anything without ever touching a config file.


Keep in mind is that Framer.js is written in JavaScript. Because Framer Studio uses theCoffeeScript programming language, which has a slightly different syntax that eventually gets compiled down to JavaScript, the majority of the Framer prototypes and examples you’ll see will be written in CoffeeScript. If you wanted to learn from any of these examples, you would need to first convert the code to JavaScript to run with Framer.js.

With a few simple steps, Atom takes care of that for us so we’ll be able to create Framer prototypes using CoffeeScript and preview them on our PC, Linux, or Mac machine. Let’s get started:

1. Download and install Atom

Go to the Atom website and look for the button to download. The button should be specific for your platform.


  • If you’re on a Mac, you’ll download a zip file. Simply unzip it, move it to your Applications folder and run Atom
  • If you’re on a PC, run the installer and then open Atom
  • If you’re on Linux, download and install the Debian package or RPM package

2. Install Packages

When you launch Atom for the first time, you should see a welcome guide.


Click on the “Install a Package” button on the right pane and then Open Installer.

The Install Packages screen should appear. If the future, you can also access this Settings screen through Preferences and then the install tab.


Search for the “coffee-compile” package and install it. This allows you to save your CoffeeScript file in the editor and it will convert it to Javascript. You may notice there are a few different packages that come up in the search results that do the same thing – these should work as well but I haven’t tested all of them.


Search for the “atom-html-preview” package and install it. This allows you to get a live preview when you make changes to the code.


If you click the Packages tab, you should now see your 2 new installed packages under the Community Packages section.


3. Update Package Settings

If you installed the coffee-compile package, click the Settings button and check the “Compile on Save without Preview” option. This will automatically compile the file when you save and not show you the JavaScript.


4. Download the Framer.js Starter Template

You can download the template here or by going to the Get Started section of the Framer.js GitHub page and clicking the download link.


Once downloaded, unzip the file and open up the Framer folder.


Framer Generator is an application for Mac that comes bundled with Framer.js. It allows you to import layers directly out of Photoshop and Sketch files into your Framer projects . This feature is built into Framer Studio.

Let’s look at the files in the project folder in more detail:

  • /framer/framer.js — This is the JavaScript file that powers the interactions and animations you are able to create for your prototypes. You shouldn’t be touching this file unless you want to replace it with a newer version.
  • /framer/ — This is a SourceMap file. It maps the code within a compressed file back to it’s original position in a source file to allow you to debug code for compressed file. You don’t need to worry about it and like the framer.js file, you don’t want to touch this file either.
  • /images/background.png & /images/icon.png — The icon image is used in the default prototype and the background image is just a black background that is specified in the CSS.
  • app.js — Here’s where you would write your JavaScript code for your prototypes. We’ll be writing CoffeeScript code that will generate this app.js file for us.
  • index.html — Open this file in a WebKit browser — such as Google Chrome or Safari to view your prototype. If you look at it, it includes the framer.js and app.js file that we looked at earlier.

5. Open up the Project folder in Atom

Go to File – Add Project Folder and open up the Framer Project folder template.


6. Rename app.js to

Right-click on the app.js file and then select rename.


Change the file extension from .js (JavaScript) to .coffee (CoffeeScript).


7. Write your CoffeeScript code

Delete the code that is in since it’s in JavaScript. You can now write your CoffeeScript code in the file. If you’re not sure where to start, copy and paste the following example code.

Save your file when you’re done writing your code and you should see an app.js file appear in your project folder.


8. Preview your Prototype

Click the index.html file in the sidebar and then go to Packages – Preview HTML – Enable Preview


You should now see your Framer prototype that you can interact with on your Windows machine.


Note that although there is a live preview, updating the file doesn’t trigger a refresh. You’ll need to make your updates to, save it to generate a new app.js, and then in your index.html file, make a change – such as adding a return to one line or deleting a blank line. The prototype will then refresh with your newest code.

Now that you’re able to use Framer on Windows, I can’t wait to see what prototypes you come up with. If Atom isn’t your style, you can also check out a Framer video I did as part of my Rapid Prototyping with Framer course for O’Reilly where I also show you how you can use Framer with another text editor, Brackets, as well as with online code editors like CodePen.

In my personal opinion, if you’re on a Mac and plan on using Framer past the trial period,Framer Studio is well worth the price for the amount of time you’ll save with features like easily creating new projects, instant visual feedback, inline error checking, code completion and much more.

Do you have any tips or additional questions for using Framer on Windows? Let me know with a comment below or share your thoughts with me on Twitter (@kennycheny).

InfoSec skills are in such high demand right now. As the world continues to turn everything into an app and connect even the most basic devices to the internet, the demand is only going to grow, so it’s no surprise everyone wants to learn hacking these days.

However, almost every day I come across a forum post where someone is asking where they should begin to learn hacking or how to practice hacking. I’ve compiled this list of some of the best hacking sites to hopefully be a valuable resource for those wondering how they can build and practice their hacking skill set. I hope you find this list helpful, and if you know of any other quality hacking sites, please let me know in the comments, so I can add them to the list.

1. CTF365

On CTF365 users build and defend their own servers while launching attacks on other users’ servers. The CTF365 training environment is designed for security professionals who are interested in training their offensive skills or sysadmins interested in improving their defensive skills. If you are a beginner to infosec, you can sign up for a free beginner account and get your feet wet with some pre-configured vulnerable servers.


OverTheWire is designed for people of all experience levels to learn and practice security concepts. Absolute beginners are going to want to start on the Bandit challenges because they are the building blocks you’ll use to complete the other challenges.


Hacking-Lab provides the CTF challenges for the European Cyber Security Challenge, but they also host ongoing challenges on their platform that anyone can participate in. Just register a free account, setup vpn and start exploring the challenges they offer.

4. PWNABLE.KR focuses on ‘pwn’ challenges, similar to CTF, which require you find, read and submit ‘flag’ files corresponding to each challenge. You must use some sort of programming, reverse-engineering or exploitation skill to access the content of the files before you are able to submit the solution.

They divide up the challenge into 4 skill levels: Toddler’s Bottle, Rookiss, Grotesque and Hacker’s Secret. Toddler’s Bottle are very easy challenges for beginners, Rookiss is rookie level exploitation challenges, Grotesque challenges become much more difficult and painful to solve and, finally, Hacker’s Secret challenges require special techniques to solve.

5. IO

IO is a wargame from the createors of, a community project where like-minded people share knowledge about security, AI, VR and more. They’ve created 3 versions, IO, IO64 and IOarm, with IO being the most mature. Connect to IO via SSH and you can begin hacking on their challenges.


SmashTheStack is comprised of 7 different wargames – Amateria, Apfel (currently offline), Blackbox, Blowfish, CTF (currently offline), Logic and Tux. Every wargame has a variety of challenges ranging from standard vulnerabilities to reverse engineering challenges.


Microcorruption is an embedded security CTF where you have to reverse engineer fictional Lockitall electronic lock devices. The Lockitall devices secure the bearer bounds housed in warehouses owned by the also fictional Cy Yombinator company. Along the way you’ll learn some assembly, how to use a debugger, how to single step the lock code, set breakpoints, and examine memory all in an attempt to steal the bearer bonds from the warehouses.

8. REVERSING.KR has 26 challenges to test your cracking and reverse engineering abilities. The site hasn’t been updated since the end of 2012, but the challenges available are still valuable learning resources.


Hack This Site is a free wargames site to test and expand your hacking skills. It features numerous hacking missions across multiple categories including Basic, Realistic, Application, Programming, Phonephreaking, JavaScript, Forensic, Extbasic, Stego and IRC missions. It also boasts a large community with a large catalog of hacking articles and a forum for to have discussions on security related topics. Finally, they’ve recently announced they are going to be overhauling the dated site and codebase, so expect some big improvements in the coming months.


W3Challs is a pentesting training platform with numerous challenges across different categories including Hacking, Cracking, Wargames, Forensic, Cryptography, Steganography and Programming. The aim of the platform is to provide realistic challenges, not simulations and points are awarded based on the difficulty of the challenge (easy, medium, hard). There’s a forum where you can discuss and walkthrough the challenges with other members.

11. PWN0

pwn0 is the VPN where (almost) anything goes. Go up against pwn0bots or other users and score points by gaining root on other systems.


Exploit Exercises provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.


RingZer0 Team Online CTF offers a ton of challenges, 234 as of this post, that will test your hacking skills across multiple categories including Cryptography, Jail Escaping, Malware Analysis, SQL Injection, Shellcoding and more. After you successfully complete a challenge, you can write up your solution and submit it to the RingZer0 Team. If your write up is accepted, you’ll earn RingZer0Gold which can be exchanged for hints during future challenges.


Hellbound Hackers offers traditional exploit challenges, but they also offer some challenges that others don’t such as web and app patching and timed challenges. The web and app patching challenges have you evaluating a small snippet of code, identifying the exploitable line of code and suggesting a the code to patch it. The timed challenges have the extra constraint of solving the challenge in a set amount of time. I thought these two categories were a cool differentiator from most other CTF sites.


Try2Hack provides several security oriented challenges for your entertainment and is one of the oldest challenge sites still around. The challenges are diverse and get progressively harder.

16. HACK.ME is a large collection of vulnerable web apps for practicing your offensive hacking skills. All vulnerable web apps are contributed by the community and each one can be run on the fly in a safe, isolated sandbox.


HackThis!! is comprised of 50+ hacking levels with each worth a set number of points depending on its difficulty level. Similar to Hack This Site, HackThis!! also features a lively community, numerous hacking related articles and news, and a forum where you can discuss the levels and a security related topics that might be of interest to you.


Enigma Group has over 300 challenges with a focus on the OWASP Top 10 exploits. They boast nearly 48,000 active members and host weekly CTF challenges as well as weekly and monthly contests.


Google Gruyere shows how web application vulnerabilities can be exploited and how to defend against these attacks. You’ll get a chance to do some real penetration testing and actually exploit a real application with attacks like XSS and XSRF.


Game of Hacks presents you with a series of code snippets, multiple choice quiz style, and you must identify the correct vulnerability in the code. While it’s not nearly as in depth as the others on this list, it’s a nice game for identifying vulnerabilities within source code.


Root Me hosts over 200 hacking challenges and 50 virtual environments allowing you to practice your hacking skills across a variety of scenarios. It’s definitely one of the best sites on this list.


While CTFtime is not a hacking site like the others on this list, it is great resource to stay up to date on CTF events happening around the globe. So if you’re interested in joining a CTF team or participating in an event, then this is the resource for you.