alphorm.com formation cehv9 iii
TRANSCRIPT
![Page 1: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/1.jpg)
FormationCertified Ethical Hacker v9
Partie 3/4
Hamza KONDAH
Une formation
![Page 2: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/2.jpg)
Introduction
La formation la plus avancée au monde en matière de piratage éthique. Plus de 270 attaques techniques et plus de 140 labsAccès à plus de 2200 outils de piratages
Une formation
![Page 3: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/3.jpg)
Structure de la formation
• Malware Threats• Sniffing• Social Engineering• Denial-of-Service
• Introduction to EthicalHacking
• Footprinting and Reconnaissance
• Scanning Networks• Enumeration• System Hacking
• Hacking Wireless Networks
• Hacking Mobile Platforms• Evading IDS, Firewalls and
Honeypots• Cloud Computing• Cryptography
• Session Hijacking• Hacking Webservers• Hacking Web
Applications• SQL Injection
12
4 3
Une formation
![Page 4: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/4.jpg)
Public concerné
Responsables SSIResponsables SIAuditeurs
Une formation
![Page 5: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/5.jpg)
Connaissances requises
La deuxième formation CEH v9-2/4TCP/IPLinuxWindows Server
Une formation
![Page 6: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/6.jpg)
![Page 7: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/7.jpg)
Concept de Session Hijacking
Une formation
Hamza KONDAH
![Page 8: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/8.jpg)
Une formation
Définition
Session TCP
Facteurs de causalité
Processus
Types
Lab : Concept SH
Plan
![Page 9: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/9.jpg)
Une formation
Définition
Interception de session TCP
Authentification d’une session TCP
Vol d’identité/Informations
Fraude
![Page 10: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/10.jpg)
Une formation
Session TCPCredential Transmission
Credential Confirmation
Session Setup
Session Setup
Data Request
Data Transmission
Data Transmission
Data Transmission
Victim
Attacker
Web Server
Sniffed Traffic
Data
Tran
sm
issio
nData
Req
uest
![Page 11: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/11.jpg)
Une formation
Facteurs de causalités
Pas de lockout
Pas d’expiration
Weak Session ID Generation
Clients vulnérables
Handling mal sécurisé
Ohhhhh Chiffrement =)
![Page 12: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/12.jpg)
Une formation
Processus
Vol d’ID de session
Deviner l’ID de session
Bruteforcing
![Page 13: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/13.jpg)
Une formation
Types
PassiveActive
![Page 14: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/14.jpg)
Une formation
Lab : Concept SH
![Page 15: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/15.jpg)
Merci
![Page 16: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/16.jpg)
Application Level SH
Une formation
Hamza KONDAH
![Page 17: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/17.jpg)
Une formation
MéthodologieLa technique Application Level SHLab : Predictable session tokenLab : Application Level SH
Plan
![Page 18: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/18.jpg)
Une formation
Méthodologie
Session Sniffing
Mitm
XSS
Session replay attack
Predictable session token
MITB
CSRF
![Page 19: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/19.jpg)
Une formation
Predictable session token
Prédire l’ID de la session
Faible algorithme
Analyse � Découvrir un pattern
Manuellement
Outils de cryptanalyse
Bruteforcing
![Page 20: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/20.jpg)
Une formation
Man in the middle
Victim
Attacker
XX
1 C
lien
t to
att
acker
MITMConnection
MITMConnection
2 A
ttacker to
server
![Page 21: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/21.jpg)
Une formation
Man in the Browser
![Page 22: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/22.jpg)
Une formation
CSRF
![Page 23: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/23.jpg)
Une formation
Client Side
XSS
Javascript
Applet
Trojans
![Page 24: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/24.jpg)
Une formation
Session Replay
![Page 25: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/25.jpg)
Une formation
Session fixation
![Page 26: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/26.jpg)
Une formation
Lab : Predictable session token
![Page 27: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/27.jpg)
Une formation
Lab : Application Level SH
![Page 28: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/28.jpg)
Merci
![Page 29: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/29.jpg)
Network Level SH
Une formation
Hamza KONDAH
![Page 30: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/30.jpg)
Une formation
Introduction
3-Way handshake
La technique Session Hijacking
Lab : Network Level SH
Plan
![Page 31: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/31.jpg)
Une formation
Introduction
Blind Hijacking
TCP/IP Hijacking
UDP Hijacking
RST Hijacking
MiTM IP Spoofing
![Page 32: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/32.jpg)
Une formation
3-Way Handshake
![Page 33: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/33.jpg)
Une formation
TCP/IP Hijacking
![Page 34: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/34.jpg)
Une formation
RST Hijacking
![Page 35: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/35.jpg)
Une formation
Blind Hijacking
![Page 36: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/36.jpg)
Une formation
UDP Hijacking
![Page 37: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/37.jpg)
Une formation
LAB : Network Level SH
![Page 38: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/38.jpg)
Merci
![Page 39: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/39.jpg)
Outils de Session Hijacking
Une formation
Hamza KONDAH
![Page 40: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/40.jpg)
Une formation
Introduction
Lab : Outils de Session Hijacking
Plan
![Page 41: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/41.jpg)
Une formation
Introduction
ZAProxy
DSPLOIT
Burp Suite
JHijack
Droidsheep Wireshark
![Page 42: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/42.jpg)
Une formation
Lab : Outils de Session Hijacking
![Page 43: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/43.jpg)
Merci
![Page 44: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/44.jpg)
Mesures Anti Session Hijacking
Une formation
Hamza KONDAH
![Page 45: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/45.jpg)
Une formation
Détection
Protection
Sécurité par le design
Utilisateurs
Choix des protocoles
IPSec
Plan
![Page 46: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/46.jpg)
Une formation
Détection
Méthodologiede detection
Manuelle
Sniffers
Automatique
Intrusion Detection Systems
Intrusion Prevention
Systems
![Page 47: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/47.jpg)
Une formation
Protection
SSHCookies
AuthentificationLogout
Chiffrement Expiration Sensibilisation
Protection Client/Server
Side
![Page 48: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/48.jpg)
Une formation
Sécurité par le design
Génération aléatoire
Regénération du Session ID
Chiffrement
Expiration de session
Life Span
![Page 49: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/49.jpg)
Une formation
Utilisateurs
Veille
Meilleurs pratiques
Sensibilisation
![Page 50: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/50.jpg)
Une formation
Choix des protocoles
Telnet,rlogin
FTP
HTTP
IP
Any RemoteConnection
IP
Open SSH or ssh( Secure Shelll)
sFTP
SSL(Secure Socket Layer HTTP )
IPSec
VPN
SMB signing
Hub Network Switch Network
![Page 51: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/51.jpg)
Une formation
IPSec
Joindre des hôtes et réseaux distants en un seul réseau privé
Fournit :
� Authentification
� Intégrité des données (inviolables)
� Confidentialité des données(Cryptage)
![Page 52: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/52.jpg)
Une formation
IPSec
![Page 53: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/53.jpg)
Une formation
IPSec
Ipsec Architecture
AH Protocol ESP Protocol
AuthenticationAlgorithm
EncryptionAlgorithm
Policy
Ipsec Domain of interpretation
( DOI)
Key Management
![Page 54: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/54.jpg)
Une formation
IPSec
Ipsec driverInternet Key
Exchange ( IKE )
Internet security association key management
protocol
Oakley Ipsec policy agent
![Page 55: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/55.jpg)
Une formation
Lab : Contremesures
![Page 56: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/56.jpg)
Merci
![Page 57: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/57.jpg)
Concept de serveur web
Une formation
Hamza KONDAH
![Page 58: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/58.jpg)
Une formation
Introduction
Faiblesses
Impact
Architecture OpenSource
Architecture IIS
Lab : Concept de serveur web
Plan
![Page 59: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/59.jpg)
Une formation
Combinaison entre Hard et Soft
Héberge généralement un site web
Attaque sur les services
Erreurs de configuration
Réseau et OS
Introduction
![Page 60: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/60.jpg)
Une formation
Faiblesses
Erreur de configuration
Conflit
Configuration par default
Vulnérabilités Software
Certificat SSL Droits d’accès
![Page 61: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/61.jpg)
Une formation
Impact
Attaque sur les comptes
Attaque secondaire
Défacement
Accès root
Altération Droits d’accès
![Page 62: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/62.jpg)
Une formation
Architecture OpenSource
Site Users Site Admin Attacks
Internet
LINUX
File System
Applications
Apache
PHP
Complited Extension
MySQL
![Page 63: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/63.jpg)
Une formation
Architecture IIS Client
Internet
Stack
HTTP Protocol Stack
( HTTP.SYS)
Windows activation server
(WAS)
WWW Service
Sychost.exe
WEB SERVER CORE
Begin request processing authentication ,
authorization cache resolution handler mapping
, handler preexecution , release state , update cache
, update , log , and end request processing
Application Pool
NATIVE MODULES
Anonymous authentication managed engine , IIS
certificate , mapping staticfile , default document ,
HTTP cache , HTTP errors , and HTTP logging
AppDomain Managed Modules
Forms Authentication
Application Host.config
External Apps
![Page 64: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/64.jpg)
Une formation
Lab : Concept de serveur web
![Page 65: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/65.jpg)
Merci
![Page 66: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/66.jpg)
Attaques sur les serveurs web
Une formation
Hamza KONDAH
![Page 67: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/67.jpg)
Une formation
Attaque DOS/DDOS
DNS Hijacking
Directory Traversal
Autres attaques
Lab : Attaque sur les serveurs web
Plan
![Page 68: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/68.jpg)
Une formation
Attaque DOS/DDOS
![Page 69: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/69.jpg)
Une formation
DNS Hijacking
![Page 70: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/70.jpg)
Une formation
Directory Traversal
![Page 71: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/71.jpg)
Une formation
MiTM Phishing Défacement
Erreurs de configuration
Password Cracking
Autres attaques
![Page 72: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/72.jpg)
Une formation
Lab : Hacking de serveurs web
![Page 73: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/73.jpg)
Merci
![Page 74: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/74.jpg)
Méthodologie d’attaque
Une formation
Hamza KONDAH
![Page 75: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/75.jpg)
Une formation
Méthodologie d’attaqueLab : Méthodologie
Plan
![Page 76: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/76.jpg)
Une formation
Méthodologie d’attaque
Information Gathering
WebserverFootprinting
Mirroring Website
Vulnerability Scanning
Session Hijacking
Hacking WebserverPasswords
![Page 77: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/77.jpg)
Une formation
Lab : Méthodologie
![Page 78: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/78.jpg)
Merci
![Page 79: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/79.jpg)
Les outils d’attaque
Une formation
Hamza KONDAH
![Page 80: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/80.jpg)
Une formation
MetasploitOutilsLab : Outils d’attaque
Plan
![Page 81: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/81.jpg)
Une formation
Metasploit
![Page 82: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/82.jpg)
Une formation
Outils
Wfetch Hydra Brutus
Dirbuster ZaproxyTHC-SSL-
DOS
![Page 83: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/83.jpg)
Une formation
Lab : Outils d’attaque
![Page 84: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/84.jpg)
Merci
![Page 85: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/85.jpg)
Mesures contre le Hacking de serveurs
Une formation
Hamza KONDAH
![Page 86: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/86.jpg)
Une formation
Segmentation
Patchs et MAJ
Protocoles
Comptes
Répertoires
Mesures défensives
Web Cache Poisoning
DNS Hijacking
Lab : Mesures anti Hacking
Plan
![Page 87: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/87.jpg)
Une formation
Segmentation
![Page 88: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/88.jpg)
Une formation
Patchs et MAJ
Scanning récurrent
Stratégie
Environnement de test
Plan de Back-out
Backups
JAMAIS SUR LA PROD
![Page 89: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/89.jpg)
Une formation
Protocoles
Bloquer les ports et services non utilisés
Favoriser les protocoles sécurisés
Tunneling
![Page 90: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/90.jpg)
Une formation
Comptes
Désactiver les extensions inutiles
Désactiver les comptes par défaut
Permissions NTFS
Principe du privilège moindre
Politique de mots de passe
![Page 91: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/91.jpg)
Une formation
Répertoires
Supprimer les fichiers non utilisés
Désactiver Directory Listings
Modifier les extensions
Supervision
![Page 92: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/92.jpg)
Une formation
Mesures défensives
Ports
Certificats
Code Access Security
URL
Services
Politique
Firewalling
![Page 93: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/93.jpg)
Une formation
Web Cache Poisoning
• Principe du less app
• Patch management
• Scanning de vulnérabilités
AdministrateurAdministrateur
• ACL
• Carriage return
• RFC 2616
DévellopeursDévellopeurs
• Supervision
• Maintain request host headerServeurs proxyServeurs proxy
![Page 94: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/94.jpg)
Une formation
DNS Hijacking
ICANN
Safeguard
Incident response and business continuity planning
Supervision
Antivirus
Mots de passe par défaut
![Page 95: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/95.jpg)
Une formation
Lab : mesures anti Hacking
![Page 96: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/96.jpg)
Merci
![Page 97: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/97.jpg)
Patch Management
Une formation
Hamza KONDAH
![Page 98: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/98.jpg)
Une formation
MéthodologieIdentification des SourcesImplémentationLab : Patch Management
Plan
![Page 99: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/99.jpg)
Une formation
Méthodologie
Detect
Assess
Aquire
Test
Deploy
Maintain
![Page 100: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/100.jpg)
Une formation
Identification des Sources
Plan de Patch Management
Mises à jour et patches
Vérification des sources
Approche proactive
Alertes
![Page 101: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/101.jpg)
Une formation
Implémentation
Vérification des sources
Programme de patch management
Supervision
La team ☺
![Page 102: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/102.jpg)
Une formation
Lab : Patch Management
![Page 103: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/103.jpg)
Merci
![Page 104: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/104.jpg)
Outils de sécurité des serveurs web
Une formation
Hamza KONDAH
![Page 105: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/105.jpg)
Une formation
OutilsLab: Outils de sécurité
Plan
![Page 106: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/106.jpg)
Une formation
Outils
Syhunt Nessus Nikto
Acunetix Metasploit Qualys
![Page 107: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/107.jpg)
Une formation
Lab: Outils de sécurité
![Page 108: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/108.jpg)
Merci
![Page 109: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/109.jpg)
Introduction aux Applications Web
Une formation
Hamza KONDAH
![Page 110: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/110.jpg)
Une formation
FonctionnementArchitectureWeb 2.0Vulnérabilités WebLab : Introduction APP Web
Plan
![Page 111: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/111.jpg)
Une formation
Introduction
Interface entre l’utilisateur et le serveur
Vulnérable à plusieurs attaques
SQLi
Web 2.0 : Boite de pandore
![Page 112: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/112.jpg)
Une formation
Fonctionnement
![Page 113: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/113.jpg)
Une formation
ArchitectureClients
Smart Phones
WebAppliance
Business Layer
Application Server
Web Server
Web Browser
Presentation Layer
FlashSilverlightJava Script
External Web Services
Presentation Layer
Firewall
HTTP Request Parser
Proxy Server Cache
ServletContainer
Ressource Handler
Authentication and Login
J2EE .NET ComBusiness
Logic
XCODE C++ Com+
Legacy Application
Data Access
Web Services Internet
Database Layer
Database Server
Cloud Services
B2B
![Page 114: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/114.jpg)
Une formation
Web 2.0
Interactive Data Sharing
Interoperability
User Centered Design
Collaboration on the Web
Blog (Wordpress)
New Technlogies Like AJAX( Gmail Youtube )
Mobile Application( Iphone )
Flash Rich Interface Web Sites
Framwork( Yahoo ! UI Library jQuerry)
Cloud Computing Websites like( amazon.com)
Interactive EncyclopediasAnd Dictionnares
Online office Software (Google docs ans microsoft light )
Advanced gaming
Dynamic as opposed to static site sontent
RSS-generated syndication
Social networking sites ( Facebook , Twitter ,
Linkedin , etc )
Mash-ups ( Email , Ims , Electronic payment systems )
Wikis and other collaborative applications
Google Base and other free Web services ( Google Maps )
Ease of data creation , modification , or deletionby individual users
![Page 115: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/115.jpg)
Une formation
Lab : Introduction APP web
![Page 116: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/116.jpg)
Merci
![Page 117: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/117.jpg)
Menaces sur les applications web
Une formation
Hamza KONDAH
![Page 118: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/118.jpg)
Une formation
Introduction
Hidden field manipulation
Security misconfiguration
Directory Traversal
Parameter/Form Tampering
Unvalidated input
Plan
![Page 119: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/119.jpg)
Une formation
Introduction
Cookie Poisoning
Attaques par injection
Problématique des inputs
Dénis de service
Erreurs de configuration
Attaque sur les sessions
![Page 120: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/120.jpg)
Une formation
Hidden field manipulation
![Page 121: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/121.jpg)
Une formation
Security misconfiguration
ServerSoftware
Flaws
ServerConfiguration
Problems
Enabling Unnecessary
Services
ServerSoftware
Flaws
Unpatched Security Flaws
![Page 122: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/122.jpg)
Une formation
Directory Traversal
![Page 123: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/123.jpg)
Une formation
Parameter/Form Tampering
Tempring with the URL Parameters
Others Parameters can be changed
including attribute parameters
![Page 124: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/124.jpg)
Une formation
Unvalidated input
![Page 125: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/125.jpg)
Merci
![Page 126: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/126.jpg)
Les Attaques par injection
Une formation
Hamza KONDAH
![Page 127: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/127.jpg)
Une formation
IntroductionLAB : OWASP Injection de commandesLab : Injection de commandesLDAP Injection
Plan
![Page 128: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/128.jpg)
Une formation
Introduction
Injection de données
Interprétation et exécution
Manipulation des requêtes
Commandes
Exemple : LDAP, SQL, XPATH
![Page 129: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/129.jpg)
Une formation
Lab : OWASP
![Page 130: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/130.jpg)
Une formation
Injection de commandes
Shell Injection
HTML Embedding
File Injection
![Page 131: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/131.jpg)
Une formation
Lab : Injection de commandes
![Page 132: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/132.jpg)
Une formation
LDAP Injection
Validation des inputs
Bypasser les filtres � Notre but
Accès complet la BDD
Annuaire
Attribues
Client/Serveur
![Page 133: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/133.jpg)
Une formation
LDAP Injection
![Page 134: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/134.jpg)
Merci
![Page 135: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/135.jpg)
Cross Site Scripting
Une formation
Hamza KONDAH
![Page 136: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/136.jpg)
Une formation
IntroductionExemple de scénarioLab : Cross Site Scripting
Plan
![Page 137: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/137.jpg)
Une formation
Introduction
Injection de code JavaScript
Problématique des INPUT
JS, VbScript, HTML, FLASH
Session Hijacking
Vol d’informations
IFrames
![Page 138: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/138.jpg)
Une formation
Exemple de scénarios
![Page 139: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/139.jpg)
Une formation
Lab : Cross Site Scripting
![Page 140: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/140.jpg)
Merci
![Page 141: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/141.jpg)
CSRF
Une formation
Hamza KONDAH
![Page 142: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/142.jpg)
Une formation
IntroductionExempleLab : CSRF
Plan
![Page 143: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/143.jpg)
Une formation
Introduction
Cross Site Request Forgery
Envoi de données confidentielles
Actions malveillantes
Injection de requêtes HTTP
Session
Intégrité
![Page 144: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/144.jpg)
Une formation
Scénarios d’exemple
![Page 145: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/145.jpg)
Une formation
Lab : CSRF
![Page 146: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/146.jpg)
Merci
![Page 147: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/147.jpg)
Denial of Service
Une formation
Hamza KONDAH
![Page 148: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/148.jpg)
Une formation
IntroductionExemples de DoSLab : DoS
Plan
![Page 149: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/149.jpg)
Une formation
Introduction
Epuiser les ressources de la cible
Différentes méthodes
Requête dans notre cas
Malformation
CPU, BP, Processus
Implémentation, validation ou Buffer overflow
![Page 150: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/150.jpg)
Une formation
Exemples de DOS
Enregistrement des utilisateurs
Login
Enumération
Lock-out de compte
![Page 151: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/151.jpg)
Une formation
Lab : DOS
![Page 152: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/152.jpg)
Merci
![Page 153: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/153.jpg)
Attaques sur les sessions
Une formation
Hamza KONDAH
![Page 154: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/154.jpg)
Une formation
Cookie session poisoningSession fixationSSLImproper error handlingInsecure cryptographic storage
Plan
![Page 155: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/155.jpg)
Une formation
Cookie session Poisoning
![Page 156: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/156.jpg)
Une formation
Session Fixation
![Page 157: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/157.jpg)
Une formation
SSL
MITM
Denial Of Service
SSLSTRIP
Certificat
Erreurs de configuration
![Page 158: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/158.jpg)
Une formation
Improper error handling
Gestion des erreurs
Exceptions
Exposition d’informations
![Page 159: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/159.jpg)
Une formation
Insecure cryptographic storage
Vulnerable Code Secure Code
![Page 160: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/160.jpg)
Une formation
Lab : Hacking de sessions
![Page 161: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/161.jpg)
Merci
![Page 162: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/162.jpg)
Attaques sur les services web
Une formation
Hamza KONDAH
![Page 163: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/163.jpg)
Une formation
ArchitectureAttaques sur les services webFootprintingXML PoisoningLab : Hacking de WS
Plan
![Page 164: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/164.jpg)
Une formation
Architecture
![Page 165: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/165.jpg)
Une formation
Attaques sur les webservices
![Page 166: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/166.jpg)
Une formation
Footprinting
![Page 167: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/167.jpg)
Une formation
XML Poisoning
![Page 168: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/168.jpg)
Une formation
Sécurité des webservices
![Page 169: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/169.jpg)
Une formation
Lab : Hacking de WS
![Page 170: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/170.jpg)
Merci
![Page 171: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/171.jpg)
Méthodologie d'attaque
Une formation
Hamza KONDAH
![Page 172: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/172.jpg)
Une formation
IntroductionMéthodologie
Plan
![Page 173: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/173.jpg)
Une formation
Introduction
Structuration de l’approche
Customisation de l’approche
Etude préalable
Amélioration continue
![Page 174: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/174.jpg)
Une formation
Méthodologie
Footprinting
Attack web servers
Analyze web applications
Attack authentication
mecanisms
Attack authorization
schemes
Attack session magementmechanism
Performinjection attacks
Attack on Data Connectivity
Attack web appclient
Attack web services
![Page 175: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/175.jpg)
Merci
![Page 176: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/176.jpg)
Outils d'attaque sur les applications web
Une formation
Hamza KONDAH
![Page 177: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/177.jpg)
Une formation
Liste des outils d’attaqueLab : Outils d’attaque
Plan
![Page 178: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/178.jpg)
Une formation
Liste d’outils d’attaque
AcunetixWatcher
Web SecurityQualys
Netsparker Skipfish Wapiti
![Page 179: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/179.jpg)
Une formation
Lab : Outils d’attaque
![Page 180: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/180.jpg)
Merci
![Page 181: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/181.jpg)
Sécurité des applications web
Une formation
Hamza KONDAH
![Page 182: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/182.jpg)
Une formation
Encodage des schémasProtection contre les SQLiProtection contre les CMDiProtection contre les XSSProtection contre les DoS
Plan
![Page 183: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/183.jpg)
Une formation
Encodage des schemas
Unicode
Base64
Hex
![Page 184: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/184.jpg)
Une formation
Protection contre les SQLi
Contrôler les inputs des utilisateurs
Messages d’erreurs customisés
Supervision
Utilisation de requêtes en POST
Contrôle des privilèges
![Page 185: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/185.jpg)
Une formation
Protection contre les CMDi
Validation des inputs
Contrôle des librairies
Modular Shell Dissossiaction
Requêtes SQL paramétrées
Safe API
![Page 186: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/186.jpg)
Une formation
Protection contre les XSS
WAF
Validation des headers
Filtres
HTTPS
Contrôle des inputs
![Page 187: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/187.jpg)
Une formation
Protection contre les DOS
Firewalling
Stress Testing
Plan RDP
Haute disponibilité
Validation des inputs
![Page 188: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/188.jpg)
Merci
![Page 189: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/189.jpg)
Le concept De la SQL Injection
Une formation
Hamza KONDAH
![Page 190: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/190.jpg)
Une formation
Introduction Criticité des SQLiServer-sideScénarioLab : SQli
Plan
![Page 191: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/191.jpg)
Une formation
Introduction
Input non validé
Commandes SQL
Base de données
Informations
Gain d’accès
![Page 192: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/192.jpg)
Une formation
Criticité des SQLi
Authentication bypass
Information disclosure
Compromise data integrity
Compromised availibility data
Remote code execution
![Page 193: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/193.jpg)
Une formation
Server-side
Technologie
Exploit
BDD
Attaque
![Page 194: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/194.jpg)
Une formation
Scénario
![Page 195: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/195.jpg)
Une formation
Lab : SQli
![Page 196: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/196.jpg)
Merci
![Page 197: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/197.jpg)
Types SQL Injection
Une formation
Hamza KONDAH
![Page 198: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/198.jpg)
Une formation
IntroductionError based SQL injectionBlind SQL injectionLab : Types de SQLi
Plan
![Page 199: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/199.jpg)
Une formation
Introduction
![Page 200: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/200.jpg)
Une formation
Error based sql injection
ProcédureRetours à la ligneRequête illogiqueTautologyUnion SQL injection
![Page 201: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/201.jpg)
Une formation
Blind SQL injection
Pas de messages d’erreursPage génériqueTime intensive
![Page 202: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/202.jpg)
Une formation
Lab : Types de SQLi
![Page 203: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/203.jpg)
Merci
![Page 204: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/204.jpg)
Méthodologie SQL Injection
Une formation
Hamza KONDAH
![Page 205: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/205.jpg)
Une formation
IntroductionLab : Méthodologie SQLi
Plan
![Page 206: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/206.jpg)
Une formation
Introduction
Information gathering
Detection
Lunch SQLi
Advanced SQLi
![Page 207: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/207.jpg)
Une formation
Lab : Méthodologie SQLi
![Page 208: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/208.jpg)
Merci
![Page 209: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/209.jpg)
Les Outils deSQL Injection
Une formation
Hamza KONDAH
![Page 210: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/210.jpg)
Une formation
IntroductionLab : Outils SQLi
Plan
![Page 211: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/211.jpg)
Une formation
Introduction
BSQLHacker
Marathon tool
SQL Power Injector
havij
![Page 212: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/212.jpg)
Une formation
Lab : Outils SQLi
![Page 213: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/213.jpg)
Merci
![Page 214: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/214.jpg)
Techniques d‘évasion d'IDS
Une formation
Hamza KONDAH
![Page 215: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/215.jpg)
Une formation
Techniques d’évasion
In line comment
Char encoding
String concatenation
Obfuscation de codes
Manipulation white spaces
Hex encoding
Sophisticated matches
![Page 216: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/216.jpg)
Merci
![Page 217: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/217.jpg)
Contremesures SQLi
Une formation
Hamza KONDAH
![Page 218: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/218.jpg)
Une formation
IntroductionContremesures SQLi
Plan
![Page 219: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/219.jpg)
Une formation
Introduction
![Page 220: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/220.jpg)
Une formation
Contremesures
Contrôle des inputTester le contenu des variablesWhitelistWAF Pas de transact sql
![Page 221: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/221.jpg)
Une formation
Contremesures
Vérification multicoucheConstruction de requêtes statiqueIDSSafe API
![Page 222: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/222.jpg)
Une formation
Lab : Contremesures
![Page 223: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/223.jpg)
Merci
![Page 224: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/224.jpg)
Conclusion
Une formation
Hamza KONDAH
![Page 225: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/225.jpg)
Une formation
Bilan
Session Hijacking
Hacking de serveurs web
Hacking d’applications web
SQL Injection
![Page 226: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/226.jpg)
Une formation
Prochaine formation
• Hacking de réseaux sans fils• Hacking de Smartphones• Evasion IDS, Firewalls et
Honeypot• Cloud computing• Cryptographie
3
![Page 227: Alphorm.com Formation CEHV9 III](https://reader033.vdocuments.net/reader033/viewer/2022052202/58e8027f1a28abf13f8b6011/html5/thumbnails/227.jpg)
Merci