Cyberhacker Series: Hacking Applications

Cyberhacker Series: Hacking Applications

Cyberhacker Series: Hacking ApplicationsThis course is for beginners and IT pros looking to learn more about hacking applications. Each chapter closes with exercises putting your new learned skills into practical use immediately. You will start by understand network anonymity by using tools such as the Zed Attack Proxy, Hamster and Ferret. Next you will learn how to conduct XSS attacks, buffer overflows and then learn how to hack AJAX.

What are the pre-requisites for this course?

Students should have a working understanding of TCP/IP and networking concepts.
What will you be able to do after taking this course?

Hamster - Hamster is a tool or “sidejacking”. It acts as a proxy server that replaces your cookies with session cookies stolen from somebody else, allowing you to hijack their sessions.


Ferret - Ferret is used to sniff cookies. It can be used in conjunction with Hamster to conduct session hijacking attacks on the wire.


Morpheus - Morpheus is a framework tool which automates TCP/UDP packet manipulation tasks by using etter filters to manipulate target requests/responses under MitM attacks replacing the TCP/UDP packet contents by our contents before forward the packet back to the target host.


Zed Attack Proxy - TheOWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.


Buffer Overflow Attacks - A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. In this case, a buffer is a sequential section of memory allocated to contain anything from a character string to an array of integers. Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious code.
Hacking AJAX - Asynchronous Javascript and XML (AJAX) is one of the latest techniques used by web application developers to provide a user experience similar to that of a traditional (i.e., "pre-web") application. Since AJAX is still a new technology, there are many security issues that have not yet been fully researched. Some of the security issues in AJAX include:


Increased attack surface with many more inputs to secure
Exposed internal functions of the application
Client access to third-party resources with no built-in security and encoding mechanisms
Failure to protect authentication information and sessions
Blurred line between client-side and server-side code, possibly resulting in security mistakes


Heap Spraying - Heap spraying refers to the attempt to insert code into a predetermined location using the exploits of vulnerable browsers. “Heap” comes from the term heap-based memory allocation (also known as dynamic memory allocation), which is the allowance of memory storage to be used by a computer program when it runs.