CompTIA Security+ SY0-601

There are many options available for the knowledgeable attacker. In this video, you’ll learn about memory vulnerabilities, directory traversal, improper error handling, API attacks, and resource exhaustion. << Previous Video: Race Conditions Next: Rogue Access Points and Evil Twins >>     If an attacker can manipulate the memory of a device, then they can […]

Developers must plan for every possible contingency. In this video, you’ll learn how attackers can use race conditions to exploit applications and systems. << Previous Video: SSL Stripping Next: Other Application Attacks >> In today’s modern computing environments, there are a lot of different things all happening at the same time. And developers have to

An attacker might be able to perform an HTTP downgrade attack to view traffic that you assumed was encrypted. In this video, you’ll learn about SSL stripping and how attackers can use on-path attacks to manipulate the SSL negotiation process. << Previous Video: Driver Manipulation Next: Race Conditions >>     Attackers know that most

If they can’t infect your application, an attacker might try infecting your drivers. In this video, you’ll learn about driver manipulation and how shimming and refactoring can be used to exploit your operating system. << Previous Video: Request Forgeries Next: SSL Stripping >>     The anti-virus and anti-malware software that we run on our

An attacker can take advantage of legitimate cross-site requests and turn them into a malicious exploit. In this video, you’ll learn about cross-site request forgeries and server-side request forgeries. << Previous Video: Replay Attacks Next: Driver Manipulation >>     In this video, we’re going to talk a lot about cross site request. This is

A replay attack can allow an attacker to access an account without the use of login credentials. In this video, you’ll learn about different replay attacks and how to prevent them. << Previous Video: Buffer Overflows Next: Request Forgeries >>     The communication that we send from our computer to other devices on the

A vulnerable application can allow memory buffers to be manipulated by a crafty attacker. In this video, you’ll learn about buffer overflow vulnerabilities and how they can be used by an attacker. << Previous Video: Injection Attacks Next: Replay Attacks >>     A buffer overflow attack occurs when one section of memory is able

An injection attack can be used to add or remove information from a data stream. In this video, you’ll learn about SQL injection, XML injection, DLL injection, and more. << Previous Video: Cross-site Scripting Next: Buffer Overflows >>     A code injection attack is when the attacker puts their own code into an existing

Cross-site scripting takes advantaged of a trusted browser to attack other systems. In this video, you’ll learn about reflected and stored XSS attacks and I’ll demonstrate a cross-site scripting attack on a vulnerable system. << Previous Video: Privilege Escalation Next: Injection Attacks >>     In this video, we’ll describe some techniques around cross-site scripting.

Some attacks can use an existing user account to gain elevated access. In this video, you’ll learn about privilege escalation vulnerabilities and how to prevent them. << Previous Video: Cryptographic Attacks Next: Cross-site Scripting >>     We often worry about an attacker getting administrative login rights or some type of route log in to