Learn what session hijacking is, which protocols are vulnerable, and detect and shore up vulnerabilities in your systems. This course is part of our Certified Ethical Hacking test prep series.
- [Malcolm] I'm Malcolm Shore, and I've spent a career helping governments and businesses protect their systems against cyber attacks. One of the more sophisticated forms of attack involves taking over an existing session from an unsuspecting user. This enables an attacker to immediately have access to whatever the user was accessing at the time, and to have the same privileges as the victim had. This form of attack, known as Session Hijacking, exploits weaknesses in the various communications protocols, and is potentially a very lucrative attack.
In this course, I'll explain which protocols are vulnerable to Session Hijacking, and the tools available to test for vulnerable services. I'll start by explaining how the TCP, Web, and Wireless protocols work, and how Session Hijacking exploits those protocols. I'll demonstrate the basic Windows and Linux toolsets, and I'll finish by describing how wireless Session Hijacking is used to take over remotely piloted vehicles, such as drone aircraft.
When you've finished this course, you'll have a great understanding of how to test for Session Hijacking weaknesses. Now, let's get started with Session Hijacking.
This course teaches you what session hijacking is, and how black-hat hackers use it to attack an organization. Learn how TCP, web, and wireless protocols work and how hackers exploit them. Find out how to use built-in Windows and Linux tools, as well as specialized third-party solutions such as Zed Attack Proxy (ZAP) and Cain, to detect and shore up vulnerabilities. Author and cybersecurity expert Malcolm Shore also discusses remote hijacking, which allows hackers to take control of drones or even vehicles.
Note: This course maps to the Session Hijacking domain of the Certified Ethical Hacking exam. Review the exam objectives at the EC-Council's website.
- Hijacking a network session, such as a Telnet session
- Understand web sessions
- Intercepting sessions via man-in-the-middle or man-in-the-browser attacks
- Downgrading a session by stripping SSL
- Using ARP poisoning through Subterfuge
- Hijacking an HTTP session through cookies
- Using hijacking defense tools: Zed Attack Proxy and Cain
- Service hijacking (DNS and SSH)
- Hijacking in the physical world: cars and drones