Security+ SY0-601: 1.3 Application Attacks

This entry is part 7 of 47 in the series [ Security+ SY0-601 ]

Chapter 3: Application Attacks

Introducing BeEF

A short explanation:

https://www.youtube.com/watch?v=1UlUc5UmZNA

A deeper tutorial, also introducing Kody and Null Byte:

Introducing OWASP

https://owasp.org/www-project-top-ten/

XSS – Cross-Site Scripting

Persistent

Non-persistent

DOM-based

 

Info
Get familiar with OWASP and their Top Ten Web Application Security Risks: https://owasp.org/www-project-top-ten/

Injection Attacks

http://localhost/?s=injection

On-path Attack (Man in the Browser)

Privilege Escalation

https://ippsec.rocks/?#

…then search for “privilege escalation”.

Directory Traversal

cd ../../..
http://vulnerabledomain.com/../../..

Buffer Overflow

https://ippsec.rocks/?#

…then search for “buffer overflow”.

Error Handling

https://holisticinfosec.blogspot.com/2012/08/toolsmith-nowasp-mutillidae.html

Replay Attacks

Session replay is an attack in which a TCP session’s traffic is captured, the data is altered for nefarious purposes, and the session is “replayed”. This calls for some clever manipulation of the recorded TCP sequence numbers, so the attack can be inserted into a new traffic stream.

CSRF: Cross-Site Request Forgery

SSL Stripping

Pass the Hash

 

Series Navigation<< Security+ SY0-601: 1.2 Indicators of AttackSecurity+ SY0-601: 1.4: Network Attack Indicators >>