Bullpen

Home » Bullpen

Using browser developer tools as security tools

Every major browser comes with a robust set of browser developer tools. In this micro course, we’ll show you how to use these to perform security testing to detect potential vulnerabilities and how to use some of the tools to attempt exploits as well.

Getting started with OSINT collection

We’ll cover the most important sources for open source intelligence that you should be aware of and monitoring. We’ll discuss the categories and types of information that is publicly available and we’ll provide some tips and guidance for collecting, storing and analyzing open source intelligence.

Overflow vulnerabilities

We’ll start from the original “smashing the stack” overflow and move in to other forms of memory buffer overflows and heap overflows and discuss return to libc and return oriented programming.

Malware families

We’ll examine the types and categories of malware from exploit kits to cryptominers and ransomware to webshells while breaking down the moving parts and describing how they do what they do.

Lateral movement

We’ll examine how attackers move and pivot through a network of computers and servers from their initial compromised machine until they complete their mission. We’ll cover the techniques that allow attackers to gain credentials to systems, elevate their privileges and remain in the network for months and sometimes years before being detected.

Cross Site Scripting (XSS)

We’ll cover several types of XSS attacks including reflective, stored and DOM based. We’ll also examine how these attacks are used to attack users (as opposed to hosts or systems) and why these attacks are so difficult to prevent all of the time.

Direct object reference attack

We’ll describe how this attack works and how attackers directly reference a specific web object in order to bypass authentication and authorization checks.

File inclusion attacks

We’ll examine how this attacks works and explore actual examples of both remote and local file includes.