逐步学习 Web 黑客攻击和渗透测试
Learn Step by Step Web Hacking and Penetration Testing
- 01 - Why Web Security - Introduction
- 001 Introduction
- 002 Core Problems - Why Web Security
- 004 Preparing the Lab Environment
- 005 Information Gathering using Search Engines and Social Networks - part 1
- 006 Information Gathering using Search Engines and Social Networks - part 2
- 02 - Mapping the Web Application. User and Password Brute-Forcing
- 002 Usernames and Passwords Brute-Forcing using Burp
- 003 Spider and Analyze a Website using Burp
- 004 Brute-frocing Web Resources using Dirb and Dirbuster
- 03 - Attacking Authentication and Session Management - Session Hijacking
- 002 Session Hijacking trough Man In The Middle Attack
- 003 Intercept and access traffic over HTTPS. Get Facebook or Gmail Passwords
- 04 - Access controls. Data stores and Client-side Controls
- 002 SQL injection
- 003 Exploiting SQLi using Sqlmap and Getting Remote Shell
- 004 Upload and Remote File Execution
- 06 - (XSS) Cross Site Scripting. Attacking the Users
- 002 Reflected XSS – Session Hijacking using Cross Site Scripting
- 003 Stored or Persistent Cross Site Scripting
- 004 Beef-XSS Demo
- 005 Cross-site Request Forgery (CSRF)
- 07 - Guideline for Discovering and Improving Application Security
- 001 Bonus - OWASP Top 10 Vulnerabilities
- 08 - (Bonus) Burp Tool for Advanced Web Penetration Testing
- 001 Alternative setup - Download Burp. Free vs Paid
- 002 Environment Setup. Import Burp Certificate
- 003 Proxy - General Concept
- 004 Target Module
- 005 Proxy Module - part 1
- 006 Proxy Module - part 2
- 09 - (Bonus) Network Attacks
- 001 Demo - Use Nessus to Discover Vulnerabilities
- 002 Demo - Using Paros for Vulnerability Discovery
- 003 Metasploit
- 004 Demo - Exploiting FTP Server Vulnerability using Metasploit
- 005 Hacking Wireless Networks
- 10 - (Bonus) Android reverse Engineering
- 001 APK file Structure. AndroidManifest XML file
- 002 Reversing to get Source code of the Application - decompiling with dex2jar
- 003 Reversing and Re-compiling With APKTool
- 004 Static Analysis of Android Application using QARK
- 005 Owasp Top 10 Mobile
- 11 - (Bonus) Social Engineering Basics
- 001 Introduction to Maltego
- 002 Maltego - demo