- How to Join the Infosec Community
- [ Hacker Night School ] :: Excellent, well-written hacking lessons: HackingTutorials.org
- Finding and Using Browser-saved Passwords: Another video from Starry Sky
- Hacking for a digital marketer
- [ Hacker Night School ] :: [ Hiding Your Ass ] :: [ Using a VPN ]
- [ Hacker Night School ] :: [ Hiding Your Ass ] :: [ Using a Proxy Server ]
- [ Hacker Night School ] Being Anonymous: VPNs
- [ Hacker Night School ] :: TOR Browser Search Engines
- [ Bug Bounty ] :: Hack Facebook for Fun and Profit!
- [ Hacker Night School ] :: Learn Python in 43 Minutes (if you’re a really fast learner)
- [ Hacker Night School ] :: Hacking Practice: the Command Injection ISO
- [ Hacker Night School ] :: Got a foothold on a Windows target? Now enable Remote Desktop.
- [ Hacker Night School ] :: [ Using Git ]
- [ Hacker Night School ] :: Tsuki CTF Pwns Access on HackTheBox
- [ Hacker Night School ] :: Exploiting sudo: Altering your PATH
- [ Hacker Night School ] :: WEP Cracking Basics in Kali
- [ Hacker Night School ] :: CSRF
- [ Hacker Night School ] :: A Memory Forensics with Volatility Writeup
- [ Hacker Night School ] :: Adding the Kali Tools to Ubuntu
- [ Hacker Night School ] :: Kali Linux Metapackages (All Tools or Subsets)
- [ Hacker Night School ] :: Commando VM: a Windows Hacking “Distro”
- [ Hacker Night School ] :: VulnHub Walk-Throughs: This is how you learn to pwn
- [ Hacker Night School ] :: Metasploitable 3: A Hackable Windows VM
- [ Hacker Night School ] :: Command VM: a Windows Red-Team VM from FireEye
- [ Hacker Night School ] :: WebGoat, An OWASP Hacking Practice Website
- School for Hackers :: Python for Malware Analysis
- [ Hacker Night School ] :: Encoding and Decoding: Base64, ASCII, etc.
- [ Hacker Night School ] :: Using the Greenbone Vulnerability Scanner
- The KNOB Attack: Does this exploit from 2018 still work?
- [ Hacker Night School ] :: The Holy Unblocker
- [ Hacker Night School ] :: the POODLE attack, featuring TLS Downgrade
- [ Hacker Night School ] :: The Illustrated TLS Connection
The KBID XXX – TLS Downgrade
I almost every course I teach I discuss the perils of “TLS fallback,” a fatal misconfiguration that negotiates a web server back to an old, insecure SSL/TLS version. From there it’s simple to use known exploits against the web server and boom, now it’s a Russian crimeware server.
This attack is featured on many tests, including the Security+ and the CEH. Formally it’s a “POODLE attack.” (Google that name.) This GitHub page is a gold mine of info about how this all works, and it’s well worth the study of up-and-coming hackers/pen testers/security analysts.
One Reply to “[ Hacker Night School ] :: the POODLE attack, featuring TLS Downgrade”
Comments are closed.