웹 개발자와 정보보안 입문자가 꼭 알아야 할 웹 해킹 & 시큐어 코딩
크리핵티브
정보보안 입문자와 웹 개발자 분들을 위한 웹 해킹 입문 강의! 본 강의를 시작으로 웹 해킹을 재미있게 시작해보세요!
초급
모의해킹, 인젝션
File Upload Vulnerability Advanced Attack Techniques PART2-3: Attack Methodologies in Various Practical Environments
The ultimate web hacking! File upload vulnerability attack technique! Following Part 1, Part 2 '3rd part' education covers more advanced techniques in depth.
What you will learn!
Understanding different environments
Webshell Upload Attack Methods in Various Environments
File upload vulnerabilities, advanced techniques!
We deliver the essential information that you won't find anywhere else.
File Upload Vulnerability Attack Lecture
Finally, the last part of the series!
📖 A series of file upload vulnerability attacks explained by a mock hacking practitioner
Expand what you learn in the series
PART(1): Basics / Practical Attacks / Secure Coding
This is a detailed training that covers the attack process of a completely different approach from the existing known methods, which is the most important content in file upload vulnerability attacks. You can learn the basic knowledge of attacks, bypass techniques used in practice, analysis of practice cases, various response measures, and secure coding. This is a mandatory training that serves as the basis for subsequent training.
PART(2) : Advanced Attack Techniques / In-depth Analysis of Practical Current Lecture
This training course teaches advanced attack techniques and Web Application Firewall bypass techniques not covered in PART (1), and analyzes technical techniques used in practical environments through hands-on practice.
SKILL-UP: Webshell obfuscation techniques
In today's web environment, web shell detection solutions are increasingly being used, and accordingly, diagnosticians must have the skills to bypass web shell detection solutions. Therefore, this will be essential training for practitioners.
File Upload Vulnerability Attack Techniques and Practical Case Analysis: PART 2
The final part of our lecture on file upload vulnerabilities!
This lecture is the sequel to the lecture titled 'Part 2', 'File Upload Vulnerability Attack Techniques and Practical Case Analysis by a Simulated Hacking Practitioner: PART 1' .
File Upload Vulnerability Attack Part 2 is divided into three parts , and each topic is as follows.
This lecture is the third part of Part 2 , and covers the topic of 'Attack methodologies in various practical environments.'
✅ Differences between File Upload Vulnerability Attack Part 1 and Part 2
- Part 1 covers the concept of file upload vulnerabilities, how they work, how to attack them, practical examples, and secure coding. (Basic concepts and general theory)
- Part 2 goes beyond the typical attack mechanisms of file upload vulnerability exploits and looks at various attack methodologies that can occur in specific environments.
Something you can't hear anywhere else
I included it in the lecture!
I'm listening to the Creative Web Hacking series.
There are many ways to learn web hacking today. Most of the common ones, such as online lecture platforms like Inflearn, offline lectures at academies, and search engines, tend to focus on general content.
But this lecture is different. We are proud to say that it is 'content you can't hear anywhere else!'
File Upload Vulnerability Attack Part 2-3
Check out what you'll learn!
💡 This lecture is the third part of Part 2 , and covers 'Attack methodologies in various practical environments.'
We will cover the directory parsing vulnerability that occurred in JEUS and WebSphere in detail, and take a closer look at the attack methodology to understand why the vulnerability is a threat today and how to exploit it. (IBM WebSphere CVE-2020-4163)
Let's take a closer look at various other environments and cases.
This is not a lecture that tells you the correct answer.
This is a lecture that will broaden your perspective!
'File Upload Vulnerability Part 2' consists of three lectures to successfully attack file upload vulnerabilities in various environments. However, this is not a lecture that gives you the right answers. Taking this lecture does not mean that you will successfully attack file upload vulnerabilities in all environments.
The goal of this lecture is not to give you the right answer, but to broaden your perspective . If you learn that vulnerabilities can occur in various environments, you will gain the enlightenment of 'Oh, I can try this too!', and furthermore, you will be able to 'know' and analyze various environments in future diagnoses. There is a world of difference between knowing and analyzing this and analyzing without knowing.
I hope that this lecture will give you a solid perspective on web hacking and lay the foundation for taking your skills to a higher level!
Expected Questions Q&A 💬
Q. Is there anything I should know before taking the course?
You must have an understanding of 'File Upload Vulnerability'. Additionally, if you know the content covered in Part 1 , you will be able to take Part 2 smoothly. Of course, if you have a high level of understanding of 'File Upload Vulnerability', you will not have a problem taking the course.
Q. Who is eligible to take the course?
I recommend that 'practitioners' take this course as much as possible. Or, those who have sufficiently studied the theory of web hacking, or those preparing for employment can also take this course.
Q. Do I have to take 'File Upload Vulnerability Attack Part 1' ?
I recommend that you take this course. Even if you understand file upload vulnerabilities, if you do not understand Part 1, there will be parts of Part 2 that you will not understand. Therefore, even if you are a practitioner, I recommend that you take Part 1 first and then Part 2.
Q. Part 2 is divided into 3 parts. Do I have to take them all?
You don't have to take all three. However, if you want to learn attack methodologies for various practical environments, I 'strongly' recommend taking all three.
Q. Should I take Part 2 in the order of Part 3?
You don't have to do that, and you can take the ones you want first. However, since the three lectures were produced in order, it would be better to take them in order.
Things to note before taking the class 📢
We recommend that you take this course with an understanding of web technology and web hacking. We also recommend that you first take the lectures ‘File Download Vulnerability Attack’ and ‘File Upload Vulnerability Attack Part 1’ from Creative’s web hacking lecture series.
Must-see lectures
Recommended for
these people
Who is this course right for?
Practitioners who are performing simulated hacking or vulnerability diagnosis in the field
job seeker
Need to know before starting?
web technology
Web Hacking Basics
File Download Vulnerability Knowledge
File Upload Vulnerability Knowledge
25,761
Learners
1,345
Reviews
497
Answers
4.9
Rating
18
Courses
:: 국내 정보보안 솔루션 개발 기업 재직 ::
- 앱 위변조 방지 솔루션 : 미들웨어 담당 / 해킹 대회 운영진 / 국내 유명 해킹/방어 훈련장 제작
:: 국내 정보보안 전문 업체 재직 ::
- 블랙박스 모의해킹 / 시나리오 기반 모의해킹 / 웹 취약점 진단 / 모바일 취약점 진단 / 소스코드 취약점 진단 / APT 모의 훈련 / DDoS 모의훈련 / 인프라 진단 / 스마트 가전 진단
- 국내 대기업, 중소기업 다수 진단
:: 외부 교육 및 활동 ::
- 멀티캠퍼스, 국가 보안 기술 연구소(ETRI)
- 국내 정보보안 업체 : 재직자 대상 "웹 모의해킹 심화 교육" 진행중
- 해커팩토리 문제 제작
:: 취약점 발견 ::
1) Web Application Server 취약점
- TMAX JEUS : 원격 명령어 실행 취약점(Remote Command Execution Vulnerability)
- IBM WebSphere(CVE-2020-4163) : 원격 명령어 실행 취약점(Remote Command Execution Vulnerability)
2) CMS(Contents Management System) 취약점
- 네이버 스마트에디터 : 파일 업로드 취약점
- 그누보드 : SQL Injection , 파일 업로드 취약점(그누보드4, 그누보드5), XSS ...
- 킴스큐 : 파리미터 변조 취약점 , 파일 업로드 취약점
* 이메일 : crehacktive3@naver.com
* 블로그 : http://www.crehacktive.co.kr
Curriculum
All
25 lectures ∙ (2hr 58min)
4. background
04:02
7. Attack Process
01:34
11. Attack (1)
02:01
12. Attack (2)
05:28
14. Countermeasures
03:26
15. outline
02:28
Published:
Last updated:
Reviews
All
1 reviews
$34.10
crehacktive's other courses
Check out other courses by the instructor!
![파일 업로드 취약점 고급 공격 기법 PART2 [통합편]강의 썸네일](https://cdn.inflearn.com/public/courses/333012/cover/12bd40e1-1e17-493a-81b9-64ac5fed558e/333012.png?f=avif&w=420)
Similar courses
Explore other courses in the same field!
