Cyber lab demo: web application hacking — 6point6

Introduction

Last year we built an example vulnerable website, as a way of demonstrating the process of exploiting some example vulnerabilities. We’ve done the demo a few times to different audiences, most recently for one of our own teams, so we took advantage of Zoom’s recording feature.

Sections

  • Part I demonstrates exploiting a Local File Inclusion vulnerability.
  • Part II (33m49s) is a phishing/Cross-Site Request Forgery vulnerability.
  • Part III (44m12s) is a session hijacking demo.

The Demo

https://www.youtube.com/watch?v=_2spn6xTQjY

For our latest research, and for links and comments on other research, follow our Lab on Twitter.

Alternatively, get in touch if you’d like to chat to us.

Originally published at https://6point6.co.uk.

--

--

--

Leading with strategy, design and architecture, we connect cloud, data, and cyber to engineer and deliver large-scale, complex transformations.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

HackTheBox — Forest (Walkthrough)

{UPDATE} Shoot Bubble Mania 2017 Hack Free Resources Generator

.Onion — The Real incognito

Community Survey — Radix Token Unlock

How to successfully respond to the new dangerous unscrupulous scams

Linux and Windows both encrypted in dual boot

What is Sodinokibi Ransomware?

{UPDATE} Princess Nail Salon Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
6point6

6point6

Leading with strategy, design and architecture, we connect cloud, data, and cyber to engineer and deliver large-scale, complex transformations.

More from Medium

PortSwigger Web Security Academy Server-side topics — SQL Injection

How “Docker” can help you become a better hacker

Stored XSS | Cross-Site Scripting | Session Hijacking

TryHackMe : Source write-up