Video description
This course will start off by understanding the bare bones of the Session, how it can be broken to gain access to accounts. As an ethical hacker, it is imperative to understand how to identify the design flaws that are being exploited and to be addressed to secure the system and/or application.
With having multiple, users/systems interconnected the attack surface is huge and high-risk impact, it’s important to secure the sessions to prevent unauthorized access.
Students will receive hands-on training on each attack scenario and how to identify the flaws and address them with preventive mechanisms. They will learn and look at the scenarios in a haxor way and understand the most widely used attack patterns.
This course is useful for all Security Professionals, as it gives a POV(Point of View) from both attack and defence standpoint.
Table of Contents
Chapter 1: Understanding What is Session and Hijacking Techniques
Course Overview
Anatomy of Session
What is Session Hijacking
Types of Session Hijacking Techniques
Tools – Hands-on
Chapter 2: Session Management in Applications
Introduction to HTTP (Web Applications)
Types of HTTP Session
Introduction of Network Protocols – Part 1 (TCP, UDP)
Introduciton to Network Protocols – Part 2 (DNS, TELNET, IP)
Chapter 3: Hands-on – Attacking Web Application Sessions
Cookies Exploitation with XSS
Session Fixation
Session IDs Manipulation with Brute Force Attack
Session Donation
MITB (Man in the Browser) - Malware
Chapter 4: Hands-on – Attacking Network Sessions
TCP Session – Predicting the Sequence
UDP Session Hijacking
IP Spoofing
Telnet Session Hijacking
DNS Session Hijacking
ARP Spoofing
SSL Strip
Chapter 5: Prevention Techniques
Securing Web Applications Part 1 – (Strong Session ID, Don’t Reuse IDs, TimeOut Implementations)
Securing Web Applications Part 2 – (Cookie Configurations)
Securing Network Using Secure Protocols – (Use TLS, SSH, Etc.)
Secure Architecture – Design Implementations
Course Conclusion - Summary