Genre: eLearning | MP4 | Video: h264, 1280×720 | Audio: AAC, 48.0 KHz
Language: English | Size: 1.49 GB | Duration: 4h 4m
What you’ll learn
Tamper with page content, links, forms, and cookies
Advanced attacks using key loggers and mouse capture
Combine exploits to retrieve the passwd file
Find out how to move from reflected XXS attacks to employing XSS at scale with persisted attacks
Exploit account recovery features of an application to collect user secret questions and answers
You’ve found a XSS vulnerability….but now what?
Has a client ever wanted you to demonstrate the danger of a vulnerability you found for them?
Each topic is presented from the perspective of requiring the pentester to demonstrate how a vulnerability can be exploited and the potential impact of not taking corrective action. The course provides a balanced mix of theory, code, and live demonstrations of each exploit in action.
Learn to tamper with site content – altering the page, forms, links, and functionality. Then take it to the next level by abusing HTML forms to capture additional data on form submission, sending that data to a server you control.
See how to disclose the contents of user cookies, then quickly move to stealing the cookies and sending them to another server. Learn to steal credentials and abuse application authentication.
Further compromise users by capturing mouse interactions and implementing a custom key logger. Learn to abuse knowledge-based authentication schemes such as the secret question/answer approach for account resets.
Progress to more advanced techniques where you learn to chain together multiple attacks aimed at exploiting several application vulnerabilities simultaneously. Areas covered here include creating fraudulent forum posts, spear phishing campaigns, and using command injection to access a web server’s operating system.
And we’ll wrap the course up with some defensive techniques you can use to prevent the types of attacks we’ve been launching at web applications.