Hack Yourself First - How to go on the Cyber-Offense

1. 01.Introduction/01.About the course.wmv3.25MB
2. 01.Introduction/02.Why hack yourself first.wmv7.17MB
3. 01.Introduction/03.Introducing a vulnerable website – Supercar Showdown.wmv13.94MB
4. 01.Introduction/04.Using Chrome's developer tools.wmv12.69MB
5. 01.Introduction/05.Monitoring and composing requests with Fiddler.wmv8.36MB
6. 01.Introduction/06.Modifying requests and responses in Fiddler.wmv8.75MB
7. 02.Transport Layer Protection/01.Introduction.wmv2.27MB
8. 02.Transport Layer Protection/02.The three objectives of transport layer protection.wmv4.18MB
9. 02.Transport Layer Protection/03.Understanding a man in the middle attack.wmv6.29MB
10. 02.Transport Layer Protection/04.Protecting sensitive data in transit.wmv11.88MB
11. 02.Transport Layer Protection/05.The risk of sending cookies over insecure connections.wmv26.91MB
12. 02.Transport Layer Protection/06.How loading login forms over HTTP is risky.wmv43.06MB
13. 02.Transport Layer Protection/07.Exploiting mixed-mode content.wmv20.54MB
14. 02.Transport Layer Protection/08.The HSTS header.wmv15.21MB
15. 02.Transport Layer Protection/09.Summary.wmv4.56MB
16. 03.Cross Site Scripting (XSS)/01.Introduction.wmv2.57MB
17. 03.Cross Site Scripting (XSS)/02.Understanding untrusted data and sanitisation.wmv9.79MB
18. 03.Cross Site Scripting (XSS)/03.Establishing input sanitisation practices.wmv7.85MB
19. 03.Cross Site Scripting (XSS)/04.Understanding XSS and output encoding.wmv15.08MB
20. 03.Cross Site Scripting (XSS)/05.Identifying the use of output encoding.wmv9.27MB
21. 03.Cross Site Scripting (XSS)/06.Delivering a payload via reflected XSS.wmv14.78MB
22. 03.Cross Site Scripting (XSS)/07.Testing for the risk of persistent XSS.wmv22.85MB
23. 03.Cross Site Scripting (XSS)/08.The X-XSS-Protection header.wmv16.54MB
24. 03.Cross Site Scripting (XSS)/09.Summary.wmv4.91MB
25. 04.Cookies/01.Introduction.wmv1.75MB
26. 04.Cookies/02.Cookies 101.wmv10.21MB
27. 04.Cookies/03.Understanding HttpOnly cookies.wmv19.31MB
28. 04.Cookies/04.Understanding secure cookies.wmv16.83MB
29. 04.Cookies/05.Restricting cookie access by path.wmv23.11MB
30. 04.Cookies/06.Reducing risk with cookie expiration.wmv12.35MB
31. 04.Cookies/07.Using session cookies to further reduce risk.wmv8.86MB
32. 04.Cookies/08.Summary.wmv4.1MB
33. 05.Internal Implementation Disclosure/01.Introduction.wmv2.98MB
34. 05.Internal Implementation Disclosure/02.How an attacker builds a website risk profile.wmv15.67MB
35. 05.Internal Implementation Disclosure/03.Server response header disclosure.wmv11.68MB
36. 05.Internal Implementation Disclosure/04.Locating at-risk websites.wmv19.84MB
37. 05.Internal Implementation Disclosure/05.HTTP fingerprinting of servers.wmv14.07MB
38. 05.Internal Implementation Disclosure/06.Disclosure via robots.txt.wmv7.43MB
39. 05.Internal Implementation Disclosure/07.The risks in HTML source.wmv7.54MB
40. 05.Internal Implementation Disclosure/08.Internal error message leakage.wmv17.98MB
41. 05.Internal Implementation Disclosure/09.Lack of access controls on diagnostic data.wmv19.92MB
42. 05.Internal Implementation Disclosure/10.Summary.wmv6.21MB
43. 06.Parameter Tampering/01.Introduction.wmv3.21MB
44. 06.Parameter Tampering/02.Identifying untrusted data in HTTP request parameters.wmv17.95MB
45. 06.Parameter Tampering/03.Capturing requests and manipulating parameters.wmv19.94MB
46. 06.Parameter Tampering/04.Manipulating application logic via parameters.wmv14.69MB
47. 06.Parameter Tampering/05.Testing for missing server side validation.wmv31.58MB
48. 06.Parameter Tampering/06.Understanding model binding.wmv5.03MB
49. 06.Parameter Tampering/07.Executing a mass assignment attack.wmv16.3MB
50. 06.Parameter Tampering/08.HTTP verb tampering.wmv20.47MB
51. 06.Parameter Tampering/09.Fuzz testing.wmv28.12MB
52. 06.Parameter Tampering/10.Summary.wmv8.15MB
53. 07.SQL Injection/01.Outline.wmv2.91MB
54. 07.SQL Injection/02.Understanding SQL injection.wmv14.2MB
55. 07.SQL Injection/03.Testing for injection risks.wmv13.95MB
56. 07.SQL Injection/04.Discovering database structure via injection.wmv22.83MB
57. 07.SQL Injection/05.Harvesting data via injection.wmv8.25MB
58. 07.SQL Injection/06.Automating attacks with Havij.wmv12.97MB
59. 07.SQL Injection/07.Blind SQL injection.wmv26.47MB
60. 07.SQL Injection/08.Secure app patterns.wmv13.15MB
61. 07.SQL Injection/09.Summary.wmv8.62MB
62. 08.Cross Site Attacks/01.Introduction.wmv2.24MB
63. 08.Cross Site Attacks/02.Understanding cross site attacks.wmv7.73MB
64. 08.Cross Site Attacks/03.Testing for a cross site request forgery risk.wmv14.22MB
65. 08.Cross Site Attacks/04.The role of anti-forgery tokens.wmv21.68MB
66. 08.Cross Site Attacks/05.Testing cross site request forgery against APIs.wmv26.01MB
67. 08.Cross Site Attacks/06.Mounting a clickjacking attack.wmv29.53MB
68. 08.Cross Site Attacks/07.Summary.wmv5.67MB
69. 09.Account Management/01.Introduction.wmv3.6MB
70. 09.Account Management/02.Understanding password strength and attack vectors.wmv21.5MB
71. 09.Account Management/03.Limiting characters in passwords.wmv9.13MB
72. 09.Account Management/04.Emailing credentials on account creation.wmv3.76MB
73. 09.Account Management/05.Account enumeration.wmv12.19MB
74. 09.Account Management/06.Denial of service via password reset.wmv3.52MB
75. 09.Account Management/07.Correctly securing the reset processes.wmv5.19MB
76. 09.Account Management/08.Establishing insecure password storage.wmv16.65MB
77. 09.Account Management/09.Testing for risks in the 'remember me' feature.wmv13.36MB
78. 09.Account Management/10.Re-authenticating before key actions.wmv6.17MB
79. 09.Account Management/11.Testing for authentication brute force.wmv13.01MB
80. 09.Account Management/12.Summary.wmv7.91MB