Other Application Attacks - SY0-601 CompTIA Security+ : 1.3
HTML-код
- Опубликовано: 2 янв 2021
- Security+ Training Course Index: professormesser.link/sy0601
Professor Messer’s Course Notes: professormesser.link/601cn
Professor Messer's Practice Exams: professormesser.link/601ytpe
Discount Exam Vouchers: professormesser.com/vouchers/
Professor Messer Recommended Study Materials: professormesser.link/601rs
- - - - -
There are many options available for the knowledgeable attacker. In this video, you’ll learn about memory vulnerabilities, directory traversal, improper error handling, API attacks, and resource exhaustion.
- - - - -
Subscribe to get the latest videos: professormesser.link/yt
Calendar of live events: professormesser.com/calendar/
Frequently Asked Questions: professormesser.link/faq
FOLLOW PROFESSOR MESSER:
Professor Messer website: professormesser.com/
Discord chat: professormesser.com/discord
Twitter: professormesser.com/twitter
Facebook: professormesser.com/facebook
Instagram: professormesser.com/instagram
LinkedIn: professormesser.com/linkedin - Наука
The ZIP bomb part had me dying laughing. 42kb to 4500TB 😭😭😭😭😭
yea i can just imagine how the HD feels after being hit with one of those
As a software developer, I feel attacked 🤣 In all seriousness, this is why null checks are done, when I first started developing I didn't really see the point, other than a fail safe, but this is really interesting. Great stuff as always!
What's the difference between a memory leak and buffer overflow?
'Leak' might sound similar to an 'overflow' but they're different. Hopefully someone can explain it better than me!
Had a memory leak a few months ago with WSL 2 (WSL 2 allows you to run Linux within Windows).
WSL 2 uses a portion of your host's memory, and it should return the memory back to the host when you close your instance (like VM's), but for me it wasn't being returned, hence 'leak'.
It only takes a few days for your memory usage to get to 100%, either crashing your system or just generally forcing you to reboot your system to release the leaked memory.
Buffer overflow's directly exploit buffers. Programs use buffers as areas to store memory to be processed. If an attacker can overflow memory from one buffer into another buffer, it can cause malicious code to be processed, giving them access to areas of the system they shouldn't have access to.
Leak = forgetting (system) to deallocate the given memory that is already not in use. This will end up using all memory of the system causing it to crash if not fixed in time.
Overflow = Threat actor intentionally trying to put more code (and malicious code) inside a container to purposely "overflow" to the system's memory and since it's now part of the memory space the shell code (malicious code) will be executed.
Sorry but that's how I understand it. Im still going through Prof Messer's video tutorials. Please correct me if I'm wrong. Thanks in advance.
Professor Messer!! I just got out of the military and I have a TS/SCI, I'm going to be taking sy0-601 super early January. Any tips or recommendations for me? Also Wondering if you know anybody who I could talk to to lead me in the right direction. Thank you and have a great day!
How'd it go?
@@imneverbackingdown well I’ll be honest it was terms I know but used in ways I’ve never seen! And the PBQs were insane,, but I passed! 773. I thought I was gonna fail the whole time. But also I didn’t see many ports so I wouldn’t spend much time studying that
@@alexsmith8331 I'm there with ya brother that exam is a curveball for what u actually study. Just keep refreshing your mind there after. Cyber security jobs will ask you stuff that you studied for to get your cert. Stay up to day with modern attacks and vulnerabilities as well as any other extra info.
@@imneverbackingdown will do! Thanks
@@alexsmith8331 I’m so happy for you brother! i’m currently active and hopped on a sec+ course that the base is sponsoring. Tbh i’m a bit nervous because this is all new information and hoping that I pass when we take the exam two weeks from now.
Is Memory leak a form of resource exhaustion?
i just think about pokemon speedrunning and how expertly they can manipulate mem stack overflows
YES. So fascinating to watch.
professor messer is so fine tho