Completed
Top Methods
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Reversing Engineering Web Applications for Security - Behavior Analysis and WAF Detection
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 About Sucuri Security
- 3 A Note on the Examples
- 4 Motivations
- 5 Agenda
- 6 Reverse Engineering
- 7 Whitelisting
- 8 Our Scope: Waf Detection
- 9 Detection steps Analyze Application Structure
- 10 The HTTP Protocol
- 11 Traffic Analysis
- 12 Crawling the Application
- 13 GET Request
- 14 Oh wait! Get a job from the headers...
- 15 Full Request
- 16 What's wrong here?
- 17 What about here?
- 18 Summary of Flow Parsing
- 19 File Structure
- 20 WordPress Tarball
- 21 The Basic WP Structure
- 22 xmlrpc.php
- 23 XMLRPC Login Attempt
- 24 Brute forcing New Brute Force Attacks Exploiting XMLRPC in
- 25 Pingback
- 26 wp-admin/ "Access"
- 27 Restriction Samples: .htaccess
- 28 Mitigating Attack Surface
- 29 Realtime Monitoring w/ OSSEC
- 30 Threshold Ideas
- 31 Special File Permissions
- 32 Counter Intelligence
- 33 Behavior: How you look at problems
- 34 GEO IP Block: Top Attack Countries
- 35 Top Methods
- 36 HTTP Version 1.0
- 37 In summary...