Learn what session hijacking is, which protocols are vulnerable, and detect and shore up vulnerabilities in your systems.
Overview
Syllabus
Introduction
- Understanding session hijacking
- What you should know before watching this course
- Disclaimer
- Understanding TCP sequence numbers
- Hijacking a Telnet session
- Real-world hijacks
- Understanding web sessions
- Understanding WebSockets
- Banking on Zero
- Hijacking sessions using man-in-the-browser
- Intercepting sessions through man-in-the-middle
- Stripping SSL to downgrade the session
- Hijacking an HTTP session through cookies
- Using Subterfuge to hijack sessions through ARP poisoning
- Using Webscarab-NG as a web proxy
- Defeating the Hijack
- Using Zed Attack Proxy (ZAP)
- Using Cain
- Hijacking SSH sessions
- DNS hijacking
- Cloud hijacking
- Going physical: Hijacking cars and drones
- Getting more physical with drones
- Next steps
Taught by
Malcolm Shore