Start here. In this course, we go through important basics that enable in-depth learning of increasingly complex topics in information security. The course is intended for students who are new to information technology.
Let's learn the basics of programming with Python. Aimed at complete beginners.
Basics of web development
SQL injection is probably the cause of the majority of serious data breaches, mainly because vulnerability is very likely in a large application if the technology choices are bad, and the result is usually leaking the entire database to the attacker.
Passwords are terribly insecure for an awful lot of reasons, but still necessary. A dangerous combination!
One of the scariest places an injection vulnerability can hit is operating system commands. The penalty is almost always a complete takeover of the server by the attacker. However, these vulnerabilities are found quite often when the application uses, for example, command line tools behind the scenes.
XSS (Cross-Site Scripting)
Learn how to find and exploit a vulnerability that is one of the most common vulnerabilities, easy to find, and yet very dangerous. Hackerone ranked XSS the #1 bug bounty vulnerability of 2021.
There are JWT tokens almost everywhere you look these days. However, the choice or configuration of the JWT library often goes wrong, which can lead to token forgery, which in turn typically leads to a total breach of the application's security.
XXE (XML External Entity) Attacks
XML is superficially a simple protocol, tags and attributes. However, XML has hidden capabilities that unfortunately are often not disabled by default in XML handlers...
LFI / RFI
A vulnerability that has historically plagued PHP applications in particular and can still be found in the wild, especially in old web applications.
Access control vulnerabilities
Development is developing and thanks to modern application frameworks, traditional injection vulnerabilities or authentication problems are constantly being seen less and less. However, there is one thing that seems to always remain as difficult to implement safely, and that is the access control of a complex application.
Injections can sometimes be found in surprising places, and building URLs is a common place where developers forget to consider the danger.
Template Injection Vulnerabilities
HTML is typically built with templates precisely to avoid injection vulnerabilities, but sometimes it happens so miserably that the injection hits the template itself, and in that case the consequences are serious.
Serialization is an extremely easy and convenient way to get complex states saved on disk or transferred over the network. However, ease brings with it a dark side, dismantling a serialized object can be compared to dismantling a bomb. It has to be done just right or the consequences can be catastrophic.
The browser is a versatile environment, with code from completely different parties running in different tabs and windows, and these web applications are still able to communicate with each other. Such an environment has its risks!
Windows - Attack and Defense
Windows and Active Directory attacks and defense
Nmap is one of the most well-known tools that you can use to perform versatile network scans. Every information security professional should know how to use this tool.
Automatic type conversion of a programming language can lead to unexpected results that can be exploited by an attacker
PDF export injection
PDF file generators are common and for good reason. However, dangerous vulnerabilities have been found in these in recent years.
Wireshark is a tool used to capture and analyze data traffic. The tool is suitable for learning different network protocols and you often need it in CTF competitions as well.
Metasploit is a popular attack framework that helps professionals identify and exploit security holes. In this course, you will go through the use of Metasploit and learn how it can be used to carry out attacks and find security holes.
Let's get to know information networks and network protocols in a little more depth than the basic course. A prerequisite for getting by, for example, with Nmap and Wireshark courses.