Introduction to OS Command Injections (2020)

Learn hands-on how to perform and defend against OS Command Injections
Instructor:
Christophe Limpalair
85 students enrolled
English [Auto]
Concepts of OS Command Injections
OS Command Injection techniques
Manual web-based attacks
Automated attacks with Commix
Generating and exploiting backdoor shells
Security controls recommended by experts to protect your own applications

Welcome to this course on OS Command Injections! OS Command Injections are part of the OWASP Top 10 Web Application Security Risks, and as you will see in this course, this threat can result in serious damages if left unchecked.

We start out by creating a safe and legal environment for us to perform attacks in. Then, we cover the core concepts of command injections and learn about techniques that can be used to exploit vulnerable targets. After that, we go full-on offensive and perform manual injection attacks as well as automated attacks with a tool called Commix.

Once we find vulnerabilities, we generate and plant persistent backdoors that can be exploited to create shells, giving us access to the target server any time we want.

After successfully attacking and compromising our targets, we take a step back and discuss defensive controls at the application layer. We also look at actual vulnerable code and show ways of fixing that vulnerable code to prevent injections.

Please note: Performing these attacks on environments you do not have explicit permissions for is illegal and will get you in trouble. That is not the purpose of this course. The purpose is to teach you how to secure your own applications, and it will provide the steps needed to create your own personal, safe, and legal environments to exploit for learning purposes.

———————–

Topics we will cover together:

  1. How to set up a Kali Linux Virtual Machine for free

  2. How to configure and create safe & legal environments using Docker containers inside of Kali

  3. A quick command line refresher

  4. An explanation of what OS Command injections are and how they work

  5. OS Command injection techniques

  6. How to perform OS Command injections by hand

  7. How to perform OS Command injections with automated tools (Commix)

  8. How to defend against injections at the application layer

  9. How to find vulnerabilities by looking at code

  10. Proper coding techniques to prevent OS Command Injections

———————–

Requirements:

To understand how OS Command injections work and how to perform them as well as defend against them, you must have:

  • Experience working with web applications

  • Experience with OS commands (Linux or Windows)

Suggestion: You may also wish to take our free Introduction to Application Security (AppSec) course to familiarize yourself with the concepts of Application Security, and we have an SQL Injection course available for free as well on Udemy.

———————–

Instructor

My name is Christophe Limpalair, and I have helped thousands of individuals pass IT certifications and learn how to use the cloud for their applications. I got started in IT at the age of 11 and unintentionally fell into the world of cybersecurity.

As I developed a strong interest in programming and cloud computing, my focus for the past few years has been training thousands of individuals in small, medium, and large businesses (including Fortune 500) on how to use cloud providers (such as Amazon Web Services) efficiently.

I’ve taught certification courses such as the AWS Certified Developer, AWS Certified SysOps Administrator, and AWS Certified DevOps Professional, as well as non-certification courses such as Introduction to Application Security (AppSec), Lambda Deep Dive, Backup Strategies, and others.

Working with individual contributors as well as managers, I realized that most were also facing serious challenges when it came to cybersecurity.

Digging deeper, it became clear that there was a lack of training for AppSec specifically. It’s time to take security into our own hands and to learn how to build more secure software in order to help make the world a safer place! Join me in the course, and we’ll do just that!

I welcome you on your journey to learning more about OS Command injections, and I look forward to being your instructor!

Getting Started

1
Whoami and about the course
2
Free Giveaway! (Limited time)
3
Setting up our lab environment

OS Command Injections

1
Important command line concepts
2
Overview of OS command injections
3
Attacking web apps manually
4
Automated attacks with Commix
5
Creating and exploiting backdoor shells

Defenses against OS Command Injections

1
Defending at the application layer

Conclusion and additional resources

1
Additional resources
2
What now?
You can view and review the lecture materials indefinitely, like an on-demand channel.
Definitely! If you have an internet connection, courses on Udemy are available on any device at any time. If you don't have an internet connection, some instructors also let their students download course lectures. That's up to the instructor though, so make sure you get on their good side!

Be the first to add a review.

Please, login to leave a review
38a407992bd67034e4df85356eb74cdd
30-Day Money-Back Guarantee

Includes

1 hours on-demand video
1 article
Full lifetime access
Access on mobile and TV

External Links May Contain Affiliate Links read more

Join our Telegram Channel To Get Latest Notification & Course Updates!
Join Our Telegram For FREE Courses & Canva PremiumJOIN NOW