Introduction to OS Command Injections - Full Course

In this course, we explore OS Command Injections all the way from concepts to practice. OS Command Injections are part of the OWASP Top 10 Web Application Security Risks, and as you will see in this course, this threat can result in serious damages if left unchecked. We start out the course by setting up safe and legal lab environments that will be used for us to pentest because we will be taking a hands-on approach to learning. After our environments are ready, we go over the core concepts of OS Command Injections. Then, we apply those concepts hands-on by performing manual and automated attacks against vulnerable applications. Finally, we conclude the course by learning how to protect our apps with security controls and defensive mechanisms recommended by experts.

Join Cybr's Discord:   / discord  

Cybr Courses: https://cybr.com/courses/

Pre-Requisites:
To understand how SQL injections work and how to perform them as well as defend against them, you must have:
Experience working with web applications
Experience with SQL

Suggestion: You may also wish to take our free Introduction to Application Security (AppSec) course (https://cybr.com/courses/introduction...) to familiarize yourself with the concepts of Application Security. We also have an Injection Attacks: The Free Guide course available to learn other types of web-based injection attacks (like SQL injections, LDAP injections, XXE, and more): https://cybr.com/courses/injection-at...

Timestamps:
Whoami and about the course - 00:00 - 04:24
Setting up our lab environment - 04:25 - 14:23
Important command line concepts - 14:24 - 25:46
Overview of OS Command injections - 25:47 - 34:26
Attacking web apps manually - 34:27 - 41:36
Automated attacks with Commix - 41:37 - 57:58
Creating and exploiting backdoor shells - 57:59 - 01:11:54
Defending at the application layer - 01:11:55 - 01:19:30
What now? - 01:19:31 - 01:20:51
Credits - 01:20:52 - 01:21:03

Please note: Performing these attacks on environments you do not have explicit permissions for is illegal and will get you in trouble. That is not the purpose of this course. The purpose is to teach you how to secure your own applications.