Website Security Testing: the POODLE attack, featuring TLS Downgrade

The KBID XXX – TLS Downgrade
I almost every course I teach I discuss the perils of “TLS fallback,” a fatal misconfiguration that negotiates a web server back to an old, insecure SSL/TLS version. From there it’s simple to use known exploits against the web server and boom, now it’s a Russian crimeware server!
This attack is featured on many tests, including the Security+ and the CEH. Formally it’s a “POODLE attack.” (Google that name.) This GitHub page is a gold mine of info about how this all works, and it’s well worth the study of up-and-coming hackers/pen testers/security analysts.