Introduction to OS Command Injections - Full Course
HTML-код
- Опубликовано: 16 июл 2024
- In this course, we explore OS Command Injections all the way from concepts to practice. OS Command Injections are part of the OWASP Top 10 Web Application Security Risks, and as you will see in this course, this threat can result in serious damages if left unchecked. We start out the course by setting up safe and legal lab environments that will be used for us to pentest because we will be taking a hands-on approach to learning. After our environments are ready, we go over the core concepts of OS Command Injections. Then, we apply those concepts hands-on by performing manual and automated attacks against vulnerable applications. Finally, we conclude the course by learning how to protect our apps with security controls and defensive mechanisms recommended by experts.
Join Cybr's Discord: / discord
Cybr Courses: cybr.com/courses/
Pre-Requisites:
To understand how SQL injections work and how to perform them as well as defend against them, you must have:
- Experience working with web applications
- Experience with SQL
Suggestion: You may also wish to take our free Introduction to Application Security (AppSec) course (cybr.com/courses/introduction...) to familiarize yourself with the concepts of Application Security. We also have an Injection Attacks: The Free Guide course available to learn other types of web-based injection attacks (like SQL injections, LDAP injections, XXE, and more): cybr.com/courses/injection-at...
Timestamps:
Whoami and about the course - 00:00 - 04:24
Setting up our lab environment - 04:25 - 14:23
Important command line concepts - 14:24 - 25:46
Overview of OS Command injections - 25:47 - 34:26
Attacking web apps manually - 34:27 - 41:36
Automated attacks with Commix - 41:37 - 57:58
Creating and exploiting backdoor shells - 57:59 - 01:11:54
Defending at the application layer - 01:11:55 - 01:19:30
What now? - 01:19:31 - 01:20:51
Credits - 01:20:52 - 01:21:03
Please note: Performing these attacks on environments you do not have explicit permissions for is illegal and will get you in trouble. That is not the purpose of this course. The purpose is to teach you how to secure your own applications.
Since few days I tried to find OS Command Injection video but I did not find complete and detailed video on OS Command Injection. And I watched your video, this video gave me complete information about what I wanted to know and also cleared all my doubt. THANK YOU SIR ❤❤❤
How is it that this video has only 113 likes???? Amazing stuff, please keep up the good work and Thank You very much.
Thanks for the kind words! Glad you enjoyed it :)
@@Cybrcom I'm going to watch and practice your OS Command Injection video today.
Pure gold watch this every week to learn more and more and apply it towards the real world.
awesome thanks
Just awesome!
Underrated IT channel You deserve more subscriber brother 👍
Thank you!!
I am New in CS, But I really enjoyed your video, looking forward to watch more from you!
Awesome! Thanks for watching :-)
Thankyou very much i saw your SQLi video and now this , you are amazing tutor
❤️ thank you!
THANK YOU SO MUCH MAN!!!
You got it! More courses coming soon!
I will promote your channel everywhere. Thanks for the tutorial..........
Thank you for your support!!!
Marvelous brother
From india ❤️
Welcome to the channel!
How to remove windows 10 from dual boot
Take a bow
Not a beginners video… goes through set up for like 3 hours
Thanks for the feedback! This course does have some pre-requisites as mentioned in the course and listed in the description, so it is not meant for complete beginners. We've also added timestamps in the description so that you can skip the environment set up with 1 click if you want to :)
@@Cybrcom better system would be if you broke it down into a couple more videos. Attention spans are too low you’re fighting against some conditioned habits to skip videos. First 5 minutes makes a big difference.
Having separate videos could even multiply your views and revenue by having more niched keywords on covered for the same content.
That way you could reuse those beginner set up videos in other walkthroughs and not repeat yourself.