Get an introduction to UAVs and their main subsystems, and a look at the popular Parrot and DJI Phantom units. Take a deep dive into the communications subsystem for remote piloting and video streaming.
- [Voiceover] Session hijacking isn't just confined…to the realms of web applications.…It can be used in the real world to take control of…vehicles, such as cars and drones.…There's been a lot of media coverage…of some of these attacks, and we'll finish this course…with a brief look at how this kind of attack works.…Modern cars have multiple networks…and dozens of sensors and electronic computer units, ECUs.…Replacing early point to point wiring with addressable…network devices.…
The CAN BUS network is commonly used for vehicle controls…and the MOS network for entertainment systems.…Many vehicles are now also including an ethernet network…with IP addressable components.…This is an example of a vehicle wiring diagram.…While access to these networks and computers…is normally through a physical connector inside the car,…typically what is known as an OBD2 port,…it's also possible to connect using Bluetooth,…Wi-Fi, and increasingly, remote access via the internet…from PC and mobile phone apps.…
In some countries, internet access is mandatory…
This course teaches you what session hijacking is, and how black-hat hackers use it to attack an organization. Learn how TCP, web, and wireless protocols work and how hackers exploit them. Find out how to use built-in Windows and Linux tools, as well as specialized third-party solutions such as Zed Attack Proxy (ZAP) and Cain, to detect and shore up vulnerabilities. Author and cybersecurity expert Malcolm Shore also discusses remote hijacking, which allows hackers to take control of drones or even vehicles.
Note: This course maps to the Session Hijacking domain of the Certified Ethical Hacking exam. Review the exam objectives at the EC-Council's website.
- Hijacking a network session, such as a Telnet session
- Understand web sessions
- Intercepting sessions via man-in-the-middle or man-in-the-browser attacks
- Downgrading a session by stripping SSL
- Using ARP poisoning through Subterfuge
- Hijacking an HTTP session through cookies
- Using hijacking defense tools: Zed Attack Proxy and Cain
- Service hijacking (DNS and SSH)
- Hijacking in the physical world: cars and drones