Complete Ethical Hacking Series (CEHv9): Hacking Applications
This course is for beginners and IT pros looking to get certified and land an entry level Cyber Security position paying upwards of six figures! Each chapter closes with exercises putting your new learned skills into practical use immediately. You will start by understand network anonymity by using tools such as the Zed Attack Proxy, Hamster and Ferret. Next you will learn how to conduct XSS attacks, buffer overflows and then learn how to hack AJAX.
What are the pre-requisites for this course?
- Students should have a working understanding of TCP/IP and networking concepts.
What will you be able to do after taking this course?
- Hamster – Hamster is a tool or “sidejacking”. It acts as a proxy server that replaces your cookies with session cookies stolen from somebody else, allowing you to hijack their sessions.
- Ferret – Ferret is used to sniff cookies. It can be used in conjunction with Hamster to conduct session hijacking attacks on the wire.
- Morpheus – Morpheus is a framework tool which automates TCP/UDP packet manipulation tasks by using etter filters to manipulate target requests/responses under MitM attacks replacing the TCP/UDP packet contents by our contents before forward the packet back to the target host.
- Zed Attack Proxy – TheOWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.
- Buffer Overflow Attacks – A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. In this case, a buffer is a sequential section of memory allocated to contain anything from a character string to an array of integers. Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious code.
- Increased attack surface with many more inputs to secure
- Exposed internal functions of the application
- Client access to third-party resources with no built-in security and encoding mechanisms
- Failure to protect authentication information and sessions
- Blurred line between client-side and server-side code, possibly resulting in security mistakes
- Heap Spraying – Heap spraying refers to the attempt to insert code into a predetermined location using the exploits of vulnerable browsers. “Heap” comes from the term heap-based memory allocation (also known as dynamic memory allocation), which is the allowance of memory storage to be used by a computer program when it runs.