Learn your way! Get started

CEH, Part 5: Sessions and Web Servers

with expert Rafiq Wayani


Watch trailer

CEH, Part 5: Sessions and Web Servers Trailer

Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack
  • Power Pack Plus

Release date Release date 3/17/2016
Level Level Intermediate
Runtime Runtime 1h 41m
Closed captioning Closed captioning N/A
Transcript Transcript N/A
eBooks / courseware eBooks / courseware N/A
Hands-on labs Hands-on labs N/A
Sample code Sample code N/A
Exams Exams Included


Enterprise Solutions
Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

Given their centrality in operations of most businesses, Websites represent tempting and low-hanging fruit for hackers. Experienced systems architect, software engineer and cybersecurity expert Rafiq Wayani reveals how both session hacking and the hacking of entire web servers have become all too commonplace. Wayani discusses the latest detection tools, counter measures and penetration testing you will need to thwart these attacks.

Prerequisites

To get the most out of this course, this course assumes that you have a good working knowledge of Linux and Windows based networking environments. It also assumes that you have experience with managing a network, have worked with networking hardware such as switches & routers, are familiar with MS Active Directory (AD) Domain based authentication, know how to work with command-line utilities, and understand the basics of Web Server environments. Many of the demonstrations in this course use the Windows 7 and Kali Linux operating systems which can be downloaded free from the respective sites. All of the demonstrations are created in a virtual environment using Oracle VirtualBox and VMware vSphere 6.

Learning Paths

This course will help you prepare for the following certification and exam:
Certified Ethical Hacker
312-50: Certified Ethical Hacker

Meet the expert

Rafiq Wayani Rafiq Wayani has extensive experience including more than 20 years in IT as Systems Architect, Software Engineer, DBA, and Project Manager. Wayani has instructed in a variety of technical areas, has designed and implemented network and information systems, and is certified across a wide range of platforms and systems including Microsoft Solutions Developer, Systems Engineer, Application Developer, Database Administrator, Trainer; Novell Netware Administrator and Engineer; Master Certified Netware Engineer; and A Certified.


Course outline



Session Hijacking

Session Hijacking Concepts (05:26)
  • Introduction (00:22)
  • Session Hijacking (00:46)
  • Session Hijacking Diagram (02:33)
  • Session Hijacking Cont. (01:26)
  • Summary (00:18)
App Level Session Hijacking (06:43)
  • Introduction (00:28)
  • Application Level Hijacking (04:13)
  • Web Services (01:49)
  • Summary (00:12)
Network Level Hijacking (05:41)
  • Introduction (00:21)
  • Network Level Hijacking (02:29)
  • Models (02:43)
  • Summary (00:08)
Session Hijacking Tools (07:06)
  • Introduction (00:19)
  • Network Level Hijacking (00:28)
  • Demo: Session Hijacking Tools (06:03)
  • Summary (00:14)
Session Hijack Countermeasures (08:00)
  • Introduction (00:33)
  • Session Hijack Countermeasures (04:34)
  • Countermeasures Cont. (02:38)
  • Summary (00:13)
Session Hijack Pentest (07:01)
  • Introduction (00:21)
  • Session Hijack Pentest (03:57)
  • Session Hijack Pentest Cont. (02:28)
  • Summary (00:14)

Web Server Attacks

Web Server Concepts (05:55)
  • Introduction (00:16)
  • What's Happening (01:39)
  • HTTP Request Processing in IIS (03:45)
  • Summary (00:14)
Web Server Attacks (07:16)
  • Introduction (00:15)
  • Web Server Attacks (03:13)
  • Demo: Netsparker (03:34)
  • Summary (00:12)
Web Server Attack Methodology (08:20)
  • Introduction (00:23)
  • Web Server Attack Methodology (00:42)
  • Demo: Netsparker (00:32)
  • Web Server Attack Methodology (00:58)
  • Demo: WinHTTrack (05:34)
  • Summary (00:10)
Web Server Attack Tools (09:27)
  • Introduction (00:19)
  • Web Server Attack Tools (01:19)
  • Demo: Passivetotal (02:22)
  • Demo: HTTPRecon (05:15)
  • Summary (00:11)
Web Server Countermeasures (10:47)
  • Introduction (00:17)
  • Web Server Countermeasures (00:40)
  • 18-Year-Old Vulernerability (01:04)
  • Server O/S (01:25)
  • Demo: End-of-Life Support (02:41)
  • Web Server Countermeasures (00:06)
  • Demo: Locking Down Servers (02:06)
  • Web Server Countermeasures (02:13)
  • Summary (00:11)
Web Server Patch Management (04:20)
  • Introduction (00:21)
  • Web Server Patch Management (02:11)
  • Patch Management Cont. (01:31)
  • Summary (00:15)
Web Server Security Tools (09:50)
  • Introduction (00:17)
  • Web Server Security Tools (05:02)
  • Demo: Cache (04:22)
  • Summary (00:08)
Web Server Penetration Testing (05:34)
  • Introduction (00:19)
  • Web Server Penetration Testing (00:56)
  • Demo: Pen Test Tools (03:02)
  • Web Server Pen Testing (01:01)
  • Summary (00:15)