Author
Malcolm Shore
Updated
7/1/2019Released
9/7/2016This course teaches you what session hijacking is, and how black-hat hackers use it to attack an organization. Learn how TCP, web, and wireless protocols work and how hackers exploit them. Find out how to use built-in Windows and Linux tools, as well as specialized third-party solutions such as Zed Attack Proxy (ZAP) and Cain, to detect and shore up vulnerabilities. Author and cybersecurity expert Malcolm Shore also discusses remote hijacking, which allows hackers to take control of drones or even vehicles.
Note: This course maps to the Session Hijacking domain of the Certified Ethical Hacking exam. Review the exam objectives at the EC-Council's website.
- Hijacking a network session
- Understand web sessions
- Intercepting sessions
- Downgrading a session by stripping SSL
- Using ARP poisoning through Subterfuge
- Hijacking an HTTP session through cookies
- Using hijacking defense tools
- Service hijacking (DNS and SSH)
- Hijacking in the physical world: cars and drones
Skill Level Intermediate
Duration
Views
- [Malcolm] One of the more sophisticated forms of cyber attack involves taking over an existing session from an unsuspecting user. This enables an attacker to immediately have access to whatever the user was accessing at the time and to have the same privileges as the victim had. I'm Malcolm Shore, and I've spent a career helping governments and businesses protect their systems against cyber attacks. In this course, I'll explain how an attacker can hijack your sessions by misusing the TCP, web, and wireless protocols. I'll also describe how wireless session hijacking is used to take over physical devices, such as remotely piloted cars and drone aircraft. If you're keen to learn more about how criminals can hijack your online sessions, then do join me in my LinkedIn Learning Session Hijacking course.
-
Introduction
-
Disclaimer1m 13s
-
1. Network Session Hijacking
-
Hijacking a Telnet session4m 29s
-
2. Web Session Hijacking
-
Understanding WebSockets2m 41s
-
Banking on Zero1m 10s
-
3. Additional Tools
-
Using Zed Attack Proxy (ZAP)2m 59s
-
Using Cain3m 7s
-
-
4. Service Hijacking
-
Hijacking SSH sessions3m 52s
-
DNS hijacking2m 3s
-
Cloud hijacking2m 28s
-
-
5. Hijacking in the Physical World
-
Conclusion
-
Next steps1m 5s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Understanding session hijacking