Hacking and Patching

Go to Course: https://www.coursera.org/learn/hacking-patching

Introduction

# Course Review and Recommendation: Hacking and Patching on Coursera In the fast-paced world of cybersecurity, continuous learning is vital. One of the forefront courses available for those aspiring to deepen their understanding of web application security is the **Hacking and Patching** course on Coursera. This course is expertly designed to provide practical and theoretical knowledge for both security enthusiasts and professionals looking to sharpen their skills in penetration testing and vulnerability remediation. ## Overview of the Course ### Course Title: **Hacking and Patching** ### What You Will Learn: This course provides a hands-on approach to understanding and exploiting command injection vulnerabilities in web applications, particularly within an AWS Linux environment. Participants will explore various methods for extracting sensitive information from Linux systems running LAMP services, as well as techniques for deploying and concealing Trojans for future exploitation purposes. Furthermore, the course emphasizes the importance of securing web applications through effective input validation practices and the implementation of security design patterns. ### Syllabus Breakdown: The course is divided into four main modules, each structured to build upon the previous one and offer a comprehensive learning experience. 1. **Injection Web App Attacks and Their Defenses**: - Highlights include an examination of command injection vulnerabilities and SQL injection attacks using minimal malicious strings. Participants will also engage in code reviews to identify vulnerabilities and learn to patch them effectively. - This module emphasizes security design patterns that bolster web application defenses, a critical aspect of secure coding. 2. **Hack SQL Databases and Patch Web Apps with SQL Injection Vulnerabilities**: - Participants will gain a thorough understanding of exploiting SQL injection vulnerabilities and the steps necessary for an effective code review to find exploitable patterns. - The introduction of an eight-step hacker methodology delivers a structured approach to system exploitation, including privilege escalation tactics and Trojans management. 3. **Memory Attacks and Defenses**: - This module addresses common operating system protections against process memory access and delves into buffer overflow attacks, alongside their corresponding defense mechanisms—a fundamental concept for anyone interested in application security. 4. **Penetration Testing**: - Participants will learn to utilize tools such as Nessus for vulnerability scanning and Kali Linux for penetration testing. The use of the Metasploit Framework to exploit vulnerable machines and execute various attacks is a significant hands-on aspect of this module. - In addition, participants will learn advanced techniques involving AWS and password cracking using hashcat, ensuring they understand practical applications of the concepts covered. ## Review Summary ### Pros: - **Comprehensive Content**: The course covers a wide array of topics crucial for understanding and implementing effective security measures against common web vulnerabilities. - **Hands-On Learning**: With a considerable emphasis on practical exercises, students can apply theoretical knowledge in real-world scenarios. - **Expert Instruction**: Delivered by professionals in the field, the course offers insights and strategies that are aligned with industry standards and practices. ### Cons: - **Advanced Nature**: This course may present challenges for absolute beginners in cybersecurity, so prior knowledge of basic programming and web technologies is suggested. - **Complexity of Tools**: Tools such as Metasploit and Nessus, while powerful, may require additional time for learners unfamiliar with them, potentially adding to the course's learning curve. ## Recommendation I highly recommend the **Hacking and Patching** course for anyone looking to advance their skills in cybersecurity. Whether you are a budding ethical hacker, a security professional, or someone interested in web application security, the knowledge gained from this course will be invaluable. The course not only stresses theoretical understanding but also engages learners through practical applications, which is crucial for mastering the complexities of cybersecurity. With its well-structured modules and a focus on the latest practices in the field, this course is a worthwhile investment for your professional growth in cybersecurity. Whether you want to secure your applications or learn how to ethically exploit vulnerabilities, this course prepares you to tackle real-world challenges effectively.

Syllabus

Injection Web App Attacks and Their Defenses

In this module we will learn how to hack web app with command injection vulnerability with only four characters malicious string. We will learn how to hack web app with database backend with SQL injection vulnerability and potentially show the list of passwords by injecting string to overwrite SQL query. We will learn how to perform code review to spot the key statements/their patterns that expose the programs for such injection attacks and learn how to patch them. We will learn how to apply security design pattern to defend injection attacks and enhance web security.

In this module we will learn how to hack web app with database backend with SQL injection vulnerability and potentially show the list of passwords by injecting string to overwrite SQL query.We will learn how to perform code review to spot the key statements/their patterns that expose the programs for such injection attacks and learn how to patch them. We will learn the eight-step hacker methodology for exploit systems. For the escalating privilege techniques, we show how to leverage command injection vulnerability to search file systems and deposit/hide Trojans for future exploit.

In this module, we learn about the typical protection mechanism provided by the modern OS to prevent process from accessing other pages data belong different process. We will also learn buffer overflow attacks and their common defenses.

In this module we will learn how to perform Vulnerability Scanning with Nessus tool, learn to perform penetration testing using tools included in Kali Linux distribution and to use Metasploit Framework to take control a vulnerable machine, deploy keylogger, run remote shell and remote VNC injection. We will also learn how to clone an AWS P2.xlarge GPU instance from a Ubuntu image with hashcat software to crack passwords.