100% Real CompTIA Security+ Certification Exams Questions & Answers, Accurate & Verified By IT Experts
Instant Download, Free Fast Updates, 99.6% Pass Rate.
Includes 724 Questions & Answers
CompTIA Security+ Product Reviews
"I passed Security+ exam and got over 800 points! Very excited and relieved, and it was made possible by the vce dump from Examcollection. The exam didn't seem to hard, but some questions, like BYOD and threat prevention management, were just too unexpected if it hadn't been for the braindump. Awesome!
"I passed the SY0-401 exam! There have been a lot of questions on identity management, access control and cryptography which I found frustrating, but, fortunately, I got the vce dump days before the exam, and it truly helped me achieve the Security+ credential.
"I frankly didn't expect this CompTIA exam to be so hard. Some questions actually seemed like they were from some advanced Cisco exam as CompTIA exams are usually easier. Nevertheless, I passed thanks to the vce dumps available here. Very good prep, real questions, especially on cryptography, system access and threat prevention.
"Excellent way to prepare for IT exams! I am so glad I was referred to this website! CompTIA Security+ exam was a big more complex than I imagined, but the fact that the vce test I downloaded contained real exam questions made the whole thing a lot easier. I think this is the only exam that covers BYOD, so memorize your questions and answers before you enter the testing center.
What I expected
"I passed the SY0-401 exam with Examcollection premium VCE file. Just like in the braindump, the actual exam had a lot of cloud security questions, as well as SCADA and BYOD questions - all the modern security buzzwords. There were also a few basic network threat prevention questions. The braindump was great, exactly what I expected.
Download Free CompTIA Security+ Practice Test Questions VCE Files
CompTIA Security+ Certification Exam Dumps & Practice Test Questions
Prepare with top-notch CompTIA Security+ certification practice test questions and answers, vce exam dumps, study guide, video training course from ExamCollection. All CompTIA Security+ certification exam dumps & practice test questions and answers are uploaded by users who have passed the exam themselves and formatted them into vce file format.
In this video, I'm going to show you how to use a utility called Hashcat in order to crack passwords. And in this particular utility, it is very popular because it allows you to crack passwords using the power of your GPU, which is a whole lot faster than your CPU. So this is a very popular option when cracking passwords. If you know anything about hardware, GPUs are a whole lot faster than CPUs. Don't forget to use GPUs to mine Bitcoins and stuff like that. So if you can get powerful GPUs, it's probable that you can brute-force and crack some pretty large passwords. So Hashcat is the software you would use for this. I'm going to show you how to do it with a dictionary attack and a very famous file that has a bunch of common-use passwords. Call the rock. You file. I'll show you guys, from scratch, how to get everything and how to install it. so you can follow me. Now, I'm doing this on my Windows machine. I'm actually going to install Hashcat on my Windows machine, not on my Kali machine, for the reason that it's easier to access the GPU right on the desktop, and the machines, if they run on Windows, can do this. You just do this in Kali, if you want. Okay? So I'm going to go ahead and show you guys how to just get everything that you need. We're going to go here, and I'm going to type in hashcap net. And this is where you would download this from, all right? So you'd go here and download, so this is Windows, right? So you would go ahead and you would download this. Now, when you download this, you're going to have to open and unzip this. So what I did was copy this. I downloaded this and copied it onto the root of my C drive just to make it easier to access. I'll show you what I did with it. So I renamed it. I put it on the root of the C drop to make it easy to access. And I just called it Hashcap because we're going to have to access this thing through a command prompt. Now, when I got this, I went and downloaded this file called Rock You Text. Let me show you how to get this: Now, so the Rock You File is a very, very popular file of common passwords that hackers use. So you would just Google "TXT or "Rocky TXT." It's going to be one of the first links in here. So you just click on this. Note this out started to download. I've already downloaded, so I'm going to cancel that. So, just to make the command easier to use, I'm going to copy the Rock U file into that folder and paste it here. Now, I do want to open it and show you what it looks like. The Rock Your File basically has a giant list of common passwords. If I'm remembering right, it's like 14 million or something like that in terms of commonly used passwords that people use throughout the world. And if your password, if you ever do a search—let's say your password is password one, two, three—that's going to be in here somewhere. There it is. If your password falls into this file, maybe I don't know if it's in here. Some form of it is up to you go.So if your password falls in here, hackers have probably cracked this because it's a very popular password file. So what we're going to do is get some easy passwords, and we're going to try to use that software to crack them using this file. Okay? But first I need to get the hashes. So remember, hash it. They need to get the hashes. So to generate the hash, we're going to use an MD5 hasher. So I do MD Five online. I'm going to generate some MD-5 hashes. So let's say cats one, two, and three. We'll do dogs one, two, and three. And let's just do it one, two, and three. just need the passwords in there. Assume we treat each one separately. It's a separate string, so I can get each hash. Copy that. And what we're going to do is create a text file in that folder. So I already did that. Also create a text file in this folder called hashes TXT.And here are all the hashes for those. So we want hashcat to go through the entire RockU file and find the words that correspond to these hashes, which will give us the passwords. So I'm going to close this now. It doesn't need a name; it hashes TX. It's just what I named it. Okay? So let's go in there. So we've established that we do Dir. We're going to go into "let's make this a little bigger." Make it easy for everyone to see. OK? So we do dire. We see we have a hashcat there. So we'll do CD hashcat. Okay? So I'm in that folder. Now, I did run this command before the class, before I filmed the video, to make it a lot easier. So we don't have any mess-ups when we're typing it. Let me show what the command says. The command says "hashcat exe." That's the Hashcat software we're running here, right? That's this thing we're saying, "Mzero azero." What this is going to do is say do a dictionary attack. And we're using an MD-5 hash. And here's the hash. And I'd like you to make a comparison using this rocky text. So we're going to just press Enter. And now it's up and running. So it's running. It's running. And so it says that, you know what? It cracked. There you go. Hat one, two, three. So it says that it cracked something in there, right? So we want to see what it is. So you could just do you wouldrun it again, put tactics show. And look at that. It found the passwords. So one of them is "cat," one, two, three." The other one is "dog," one, two, three. The other one is hat, one, two, three. So it's showing me the output of what it found. And that's really what this does. Now, there are a whole bunch of commands with this, and there are a lot of tutorials online with this. I wanted to do a quick video just to show you guys this particular software. It's a very popular programme when it comes to the world of cracking. But you can see how a dictionary attack works in particular here, because you can see how we're comparing all the passwords against a dictionary of common passwords. And something like this will just run through it very quickly. This machine does have a pretty fast 2060 Gforce 2060 video card. I think that's a pretty fast video card. Some of you may be laughing at me for agamer, but hey, this is good enough for me. and I think it's pretty quick. All right, so we just learned a lot of interesting things. You guys can continue. I just gave a good introduction to it. You can follow your studies, do a lot more research into it, and have some fun using hashcap.
In this video, we're going to be talking about cracking passwords using what's known as a brute force attack and rainbow tables. Then we'll finish it off by discussing why passwords should never be in plain text or unencrypted. So let's get started. The first thing I want to show you is something called a rainbow table. A "rainbow table attack" is when you have a precomputed table of hashes and passwords. Now remember what I told you—passwords are stored as a hash. Passwords are not stored in plain text. So imagine if someone went out and got all the hashes and the corresponding passwords. In other words, they made a precomputed list of hashes and passwords. So what you need to do is all you have to do is give the table the hashes, and then what the table does is the table finds the corresponding password. Rainbow tables or lookup tables are really efficient at cracking passwords. In fact, it's one of the best ways to crack a password. And I'm going to show you someone with something called Crack Station. It's actually a website that does that. So let's go back here to my desktop. Where's my keyboard here? All right, so let's go to Google here, and we're going to just play on the web here for a minute. I'm going to do my MD five hashes again. Now, remember, in the cryptography section, we'll talk about different forms. We'll talk about different forms of hashing algorithms. So there'll be five online here and here. I'm going to go to the hash generator, and let's say your password was capital PFSW zero RD. You think you've got a complex password. You know what, we'll just add one, two, or three to it. Nice complex. You think it's a nice, complex password. You're pretty happy with this. But we're going to use a website called Crack Station. So Crackstation.net would be it. So what this does is basically create an associative precomputed lookup table to crack password hashes. Basically, you give this thing the hash and it will find the correspondent password. This is a great way to watch this So I'm going to go here and I'm going to take the hash. I'm going to copy this, and then I'm going to go into the table and I'm just going to give it to it and I'm going to say, "Hey, I'm not a bot." All right, taxis. That's a really ugly taxi, by the way. All right, so that wasn't a taxi. I thought I had that there. Okay, bicycle. Okay, so let's crack it just like that. No, here we go. just like that. We cracked it. Look at that. We took the hash that is this and converted it directly into the password. So this is a look-up table. You see how efficient this is? The good news here is this thing cancrack all types of hashes, windows hashes inparticular, NTLM hashes are cracked here also. So, MD Five, should I take a shot? 256 is a very popular hashing algorithm today. NTLM is what Windows uses. How big is this table? Very large. First of all, if you notice for MD5 and Sha1, it's 15 billion lookup entries, and for other hashes, we have 19 and one billion. So that's a lot of entries in this table for all different types of passwords. In my opinion, without using brute force methods, this is probably one of the most economical and fastest ways to crack a password economically.This means you won't need to invest in a lot of hardware. Okay? So that was a rainbow table. I'm telling you, if you're looking to crack a password, get the hash. That's the best way to do it. Now, the other way we're looking at it is something called a brute force attack. A brute force attack will attempt to crack a password by trying every possible combination of letters and characters. There are two ways of doing this: offline and online. Offline is when you grab the hash of itself and then use brute force to push it through. And brute force will put every human combination to the test. This can go on for millions of years to ensure that it cracks it.An online attack is when you try to basically hit the login prompt all the time because it's an online attack. So let's take a look at how to do a brute-force attack. So I have a piece of software running in my Windows 7 box called Cane Enable. So Cain enables my work because of my firewall. That's fine. Cain Enable is software that you can download. And to get this software, you would have just Googled "Cain Enable Password Cracker." It's like one of the first links here. I must give you a word of warning. If you're downloading this type of software, please be careful where you get it from. They could have malware in them. Cain Enable is actually considered malware. You have to shut your antivirus off. That's why I have it running here on Windows 7. Just turn your antivirus off. If you're doing this, the best thing to do is, of course, use a virtual machine. Do not use these. Do not attempt to download cracking tools on your actual computer. Okay? So I downloaded this, and I've installed it. So we're going to cracker now. What we're going to go here and do is go in here, and I'm going to dump the hashes from this computer. So, on this Windows machine, I'll right-click here, say "add to this," and we'll say "import hashes in the local system." So I have a user account called Bob. Now, this is the LM password. There's no LMS password. It's all Windows. But you notice we do have an Nt hashes in here. For Bob. Now, I know Bob's password; you don't, but let's see how we can crack it. Now, if I remember right, I had changed Bob's password to "cat," or it was "cat one, two, three." So I'm going to right-click on Bob here, and we're going to say brute force attempt. We're going to say NTLM hashes. Now watch what happens. I know Bob's password; I think it starts at three, and it's going to be no more than six characters. So you can actually specify the range. And then I'm going to go in here, and I'm going to say start. And it cracked just like that. His password was cap. That's all I changed it to, his cap. So basically it was really fast. But brute forcing can take really long. So here is Andy's password andI think Andy is just password. So I'm going to say brute force NTLM. And you know what I'm just going to say andnow look at all the different brute force methods. You know what, if we select just this, just use everycombination of lowercase characters and we go in there and wesay, well, try it from one to 16 digits. And you say "start." This can take a very long time. Do you notice how long that is? That's nine point something with an exponent. Billions of years, I guess, way too long to be here. So what I could do is I could say, you knowwhat, start at six, end at ten, and then go aheadand try to crack it and then it starts that. So it's like 116 days. The point is, brute force is not very efficient. The password here is actually just password. It would be more efficient to put this hash in arainbow table like we did just now with Crack station. Notice it's going to try somuch combination this thing is trying. And you can see this incredibly large number. It looks like 14 milliondifferent combinations a second. So it's really, really big. But look at the size of the key space there. It's a large key space of number ofkeys you see if you add in. So if you have a complex password, and thisis what I wanted to show you, hackers knowyour password will be minimum of eight characters. And hackers know that most people are not going to make it more than twelve. But if you make a complex, you know what, if wejust leave it as if your password was just lower case,it would take them 200 and about 40 years again onthis computer, with this processing power, with this software. I'll talk about other ways ofspeeding this up in a minute. But just to show you the difference, watch. If we go in there, we add in everything,symbols, uppercase, lowercase, so it was 214 years there. And if I say this now, it's nine. It's one with nine zerosyears, millions of years there. It'll take the cracks. It's significantly more when trying to crack this. If you up this to even 13characters now it even gets bigger. Now it's a plus twelve, nine with a twelve or 100. So really, really long time. OK, so that's a brute force attack. So what have you noticed about brute force attack? Brute force attack is really, first of all, bruteforce will crack every password known to mankind, period. It might take 10 million years. So now, here's the thing. This machine, it only has two cores in it. So it wasn't a very quick machine. Even though this desktop I'm using is very fast. I don't think Cain enables a really old softwareand I don't think it uses multiple threads. It's not an optimised software for today. But we do have different software out there, andI'm not going to get into the different cracking software is not an ethical hacking class. Take my ethical hacking class for that andI'll show you some pretty cool software. But there are other software out there that uses theGPU to crack the graphics processor from video cards. If you remember from hashcat that I used to crack ahash using a dictionary attack that actually used the GPU. So you could have different software usingGPU, which would significantly speed up theamount of time to crack a password. So the best thing we can do to protectourselves something like dictionary brute force rainbow tables to have a complex password; make them at least eight characters long, uppercase and lowercase, and, of course, change them every 60 days or so (numbers and symbols). The last part I want to mentionin this video is going to beplain text, unencrypted data, especially passwords. One of the things we have to do inapplications is we have to make sure that theapplications we're using always encrypts your password. That's like mandatory. All applications should store thepassword in an encrypted format. And if the password is moving around the network, youwant to make sure that that password is encrypted. Because if they sniff the line and theyjust get it, they will just see it. Now, certain protocols will put your password inplain text later on in the course. I'll show you a video when we talkabout FTP and different types of protocols. You'll see how FTP, when you authenticate to an FTP server, actually sends your password in plain text, allowing anybody sniffing the network traffic to actually see the password. You'll see me do an illustration of that later in this class. Okay, so we learned quite a lot in this video. I showed you guys rainbow table with crack station. If you ever try to crack a password, try that first. It's amazing how many passwords it can crack. And of course, the brute force is probably one of thehardest, the longest way, but it is the shortest way. You might have to wait couple 100 millionyears, depending on how complex that password is. And then, of course, make sure your passwordis never in plain text at all.
In this video, we're going to be talking about privilege escalation, SSL stripping, and passing a hash. Let's get started. So the first thing up is privilege escalation. Privilege escalation is a pretty simple concept to understand. Basically when you have lower level privileges or you havea very small privileges or low privileges on a computer,then you want to rise it up to a higherlevel privilege to commit more malicious acts. Take, for example, the case where you're working in an accounting department or as a receptionist and have just normal user access to a computer. You can't even change the system time. Definitely, you can't install anything. The objective here would be to then gain admin access to the computer. So you could change different things on the computer, so you could become the administrator and maybe change the time, install malicious applications, and so on. Now, privilege escalations play with something that you should be familiar with. And this is going to be the protection ring of an operating system. So I have a good diagram here in Wikipedia that we'll take a look at. So this Wikipedia is under privilege escalation. I'm going to give you guys a link to all of these links that we're about to use in this video, in the description of the video, okay? So, here I have this thing called protection rings. Let's give it a quick zoom here. So protection rings Now the protection rings are basically how the operating system is layered: a structured layer of an operating system that protects the OS. And look at the different layers here. So here you have the centre layer, ring zero. and this is called the kernel of the operating system. This is where the kernel resides in the OS. Nothing should ever be executed or installed here because this basically controls the entire operating system of Windows. Also, ring one and ring two are where you install your device drivers. And ring three is where you install your applications. So basically, a privilege escalation would try to get from ring three to ring one or ring zero to have full, complete access to the OS itself. Now I'm going to zoom out here, and I want to show you guys that there are two privilege escalations that your exam may trigger. And again, it may or may not. You definitely need to know what it is, but they may or may not go so deep into this. So there's vertical privilege escalation. And what that means is where there's a lowerprivilege user is trying to get higher privileges. So vertically, it's a lower-privilege application trying to access or gain access to higher-privilege applications. Then there's horizontal, which is when one normal user attempts to access the content of another normal user. It's called vertical. So one is a horizontal I'm sorry, one is vertical going upwards, and one is horizontal right across. So on the horizontal, you're just trying to get access to other users. In a vertical escalation, you basically take a regular user account and try to gain admin access or permission to specific things. One simple example in horizontal is attempting to obtain the same access as other users in order to commit access to them. So maybe you have a checking account at one bank, and then I'm going to try to access your bank just as you have access to your checking account, not to gain any more access than what you have, just to get the same access that you have. So that would be horizontal. Now you're probably seeing some examples of this thing.Yes, the most well-known examples are when you jailbreak an iPhone or root your Android device. You're basically going from this normal user account into this admin access, or admin, account in your iPhone, allowing you to install, manipulate, and change anything in the operating system that you like. So you can see you're going from this higher level of ring three to maybe ring one or zero. also involves rooting your Android phone. How would you stop this? This is generally malware. Keep your machine updated, and anti-malware would solve this. Okay, the next thing we're going to talk about is something called SSL stripping. So what is this? SSL stripping occurs when you remove the SSL from an https request, turn it into plain text, and if you're an attacker in the middle of this connection, you can then read all the data. So let me give you an example. Let's say I go. Let's say I'm a normal user, and then there is a hacker on this side here. Let's say hacker on the side of the room. And on that side of the room, there is a server that I want to get to. It's a banking server. So when I go to the banking server on a normalrequest, I would say, hey bank, give me your login page. The bank would give me the login page. I would type in my username and password. I'm thinking it's all encrypted with HTTP, and I sent it back to the bank. The bank authenticates me and logsme in a normal function. But what happens in SSL stripping is when I go to the bank and I say, Hey bank, give me a web page. What happens? The hacker intercepts this connection, goes to the bank himself, gets an HTTPS page, brings it back, and then removes the SSN and gives it to me as plain text. I think I'm on an SSL connection, but it's not. It's a normal clear text connection. This may sound complex, but I have a good diagram that I found here that we should look at. So this is what I'm explaining here to you first. Let's do it one more time with the diagram. So let's say example.com is bank of America.comor Chase.com or whatever bank you use. So the user—let's say this is me— This is a hacker. And this is the bank and the server. So the user sends a request. I'm going to say, "Hey bank, please send me Bank of America.com." This is going to have to work with a man in a minute. He's going to have to intercept the connection. Notice there is a man in the middle of it. So he intercepts the connection and says to the bank and server, "Hey, send me. Send me Bank of America.com." Bank of America.com responds back with the web page itself, right? But what he does is remove the Https, resulting in the service sending back Https. And this poor guy, which is me, is receiving an HTTP page that I haven't even seen, that I'm not seeing, and that I haven't even known is happening. So this is bad now because anything I type on this page is all clear text and the hacker can read it, including my username and password. Now, this is the stripping part, where he strips off the Https from the actual webpage and sends it to me as a Http. So how do you secure against something like this? Now, this is generally done with a man-in-the-middle attack. Later in this course, when I do a man in the middle attack, we'll do a lab with that. I'll show you how to do ARP spoofing in it. The way to solve this, first of all, is to enable HTTP on pages on your website. And this means throughout the website—back in the day, sometimes they wouldn't have HTTP on all web pages. But if you go to Amazon right now, you'll notice that it's HTTPS throughout the entire website, from its home page to its sign-in page. And one way to definitely try to kill this thing is to use HSTs. This is an abbreviation for HTTPS strict transport security. As a result, HTTP S (strict transport security) is used. And what this means is that it's a strict policy under which a browser would not open a page unless that thing has HTTP in it. Do you see this? Have you recently visited a website that lacked HTTPS and may not even load? So let's go back to Amazon. here and remove this HTTP, right? And you'll notice Amazon is like, "Hey, I'm not allowing that." Did you guys notice that? Watch. Let's try it again. If I go and just delete the app, yeah, I don't want a secure web page. Amazon is like, "Nope, I'm not allowing that." So this year would help solve that. OK, the next attack we're talking about is something called pass the hash. This was a little bit easier to understand. So passwords are hashed, right? We talked about this previously, when cracking a password: passwords are hashes. So cracking a password or cracking a password hash is sometimes difficult to do because, remember, if that password is really long, it's really complex. Then you try, and especially if you use the hashing algorithm of a 256 with a giant hash on it, going through all the possible combinations of brute force can be difficult. One attack that may work is called Pass the Hash. So when you authenticate to a computer, let's say you authenticate to a server, what you would do is send the hash. What the attacker does is capture the hand and then pass it back as you, and the actual computer thinks it's you. So you have a little diagram of this here. So how fast does the hash work? First of all, the attacker has to steal the hash somehow. Now, whether that's sniffing the network or getting access to something like the Sam Finale Windows, which has a user and a password, he then uses the hash to authenticate. He basically takes the hash and places it back on the server. Now you can access resources. Assume now that one particular system that's very vulnerable to this idea of passing the hash is Windows NTLM. Windows, with domains and so on, is very prone to this. So you want to make sure that your operating system is updated. And there are different policies in the US. You can apply to help stop this. Okay? So in this video, we went through quite a few different attacks. Guys, we talked about privilege, escalation of your job, and the horizontal and vertical. We talked about SSL stripping. By the way, this is SSL stripping. really doesn't work in today's world. Very difficult. I do a lab in my ethical hacking class. With it, there is a command in Kali Linux that does it, but against modern websites, it is probably not going to work. And then pass the hash. also a later version of Windows. Keep your Windows updated. It's probably not going to work either. So as you can see, keeping stuff updated helps to solve many of these attacks.
In this video, we're going to be talking about quite a lot of stuff, particularly pointers or objects, the reference directory traversal, buffer overflows, race conditions, error handling, improper input handling, and a lot of other stuff. Right, let's get started. So most of these things here in this video are going to be about programming. So we're going to have to take a look at some codes in this video, and I'm going to try to make sure I minimise that as much as possible. It's not a code in class, but as a security administrator, you should be familiar with these terms. Not to mention, it's in the exam objectives. Let's knock them out. The first one is something called pointer object" to reference. Now pointer object to reference, and I'm on the tutorialspoint.com website. Pointer object dereference is basically being able to point to and manipulate data in a certain part of memory. And this is generally done in asterisks, right? So if you want to point to a particular part of memory, you may just use a particular asterisk to point to a particular part of memory. So that's all you need to know about that. Just remember, a pointer object to reference is generally just an asterisk. Now the other one I want to mention is the direct reversal. Now what is that? Direct retroversal. So, I am going to open I made a website on this computer called Local Host. I'm just going to go to this website. It's actually a little host on this computer. This is my personal website. So as you can see, I just pulled up a website there. Now, directly traversal" is when a website is misconfigured and it allows you to see all the files. So our website is not just one file. It's not just one HTML file; it's many HTML files; it's scripting files; it's images. So when the webmasters build their website, they put the files into folders, and they're actually traversed. If the Web server is misconfigured, it allows us to browse these folders and see the files. This is a significant attack on web servers because software such as Web rippers can now steal websites directly from the web server. Let me show you this one. So back here at my website, if I just click here, I just have a page about me here. Go back to my home page. So right now I'm at this HTML index HTML.So if I just go in there and type images and press Enter, Notice how it brought up this folder that has images. You can actually try this on our website. Just go to our website and just type "images." Generally, a smaller website may just pop up a whole bunch of images that are there. If I click on "book," Here's the book that I have. And I actually have another folder in here called Docs. So you notice Doc is here, and I have a password: TXT. On this particular web server, if I click on a text file to load it, the username is ending and the password is password. So this is a directory traversal. So the way you fix it now is to run it on the older Windows 7 box. This is IAS 7.0. And I have to go in and enable direct traversal on this web server for this to even work to show you guys what it is. Well, some web servers are still configured like this. So you want to make sure that you understand that. You know what? If you configure your web server right, you shouldn't allow this because then people can steal your data. The next topic we're talking about is something called a buffer overflow. This is more of a coding thingand you don't need to know code. You've just got to understand what it is. So first of all, you have to understand that when people write programmes where there are particular applications and different types of scripts, and so on, they have to allocate parts of memory to store their data. So what happens is they allocate a certain portion of RAM to say, "Hey, let's say, "Hey, RAM, store this much memory for this part of the application." So let's say they have an application that is going to use up eight bites to store a particular thing, maybe a particular field that stores names or last names or something like that. What happens if you go and you put in ten bites or twelve bites? Then what happens? Now I have an example of this. Let me show you something. So in this example, this is the website here. So in this example, I'll show you what I mean. So somebody went ahead and made an application, and in the username field, they coded the application to only support eight characters. But what happens when someone went there and typed in ten characters? Now you have an extra two. Well, the application was only allocated eight characters. The buffer by itself was limited to eight. But when the memory buffers empty, what happens to the other two? Well, the other two go into the next portion of memory or the next set of buffers. This is why it's called a buffer overflow, because it's overflowing. So the buffer is up to eight. You're overflowing this by ten. So you've got another two over there. What does this lead to? So what can happen? So what happens if they go into the next buffers? Well, what happens here is that now you're executing more things than the application expected. You can put a payload in there. So you can, instead of the username being eight characters, like in this example, put the username, put a space, and then put, Hey, execute this code against the application, put a space, or attach more code and say open up a shell and give me remote access to this machine. In other words, you can run pretty much any type of malicious code using a buffer overflow. You're probably saying, Sandra, how do you fix this? You fix this by actually having good coding practices. Good coding standards are the way to fix this because using older applications to write programmes with could make this happen, even with some of the newer ones. So many good programming practices exist that almost all programmers know about them. They have to protect the way they write their codes. Okay, now for something you should be familiar with: exams like to talk about race conditions, and in particular, something called a time of check to time of use. So here's what this is. In applications, there is a time difference between when a system checks a particular programme and when somebody actually uses it. This is generally done with security credentials. So it may check if a credential is good. And then you can log in, and then you can start to use it. There's always a time difference, but I'll show you an example of what it looks like in coding. Here we go. So this is a time to use the Wikipedia article on this. But I thought I had a really good example here without getting into the coding aspect of it. So look at this here. Basically. Now I'm just going to read the code here for you. If you don't understand it, that's fine. Just know what this is. So it's saying that to access this file, you want to be able to open it and write to it. So this is just a piece of code that will open the file and allow you to write and read from it. So what happens is there's a time difference between thisaccess the file and open and write to the file. So the time of check to time of use race condition occurs here because an attacker can exploit the actual time difference between these two, allowing the attacker to insert a command that allows him to write or overwrite information in the password database. So imagine you go to Access, imagine you go to access a file, and by the time you try to open the file because it's going to check your permission, it says, "Okay, you do have access to that." And now it's using your permission to then overwrite a password found in another part of the system. So it's using your credentials to do something it didn't even have to before it even checked them. That's why it's called a time of check or time of use. You're probably saying, How do you fix this? good programming practices. Once again, there are a lot of different programming and coding practises that will help to defeat this. And sometimes the best thing to do is to follow the best practises in that industry about it.Okay? Another thing is something called error-handling and improper input handling. All right? improper input handling. Error handling. Let's fix improper input handling first. So when you have an application, any application, let's go to Amazon. So if you have an application, all of these boxes here are basically fields to handle input. If I sign in, here's a field that handles input. I'm just going to type some stuff in there and, hey, there's a problem. I couldn't find an account with that email address. That's good input handling. What happens when people insert improper data into fields in your Web application? Well, it has to be handled correctly. In other words, like Amazon has here, they're ensuring that something is not correct here.And also, it's not executing or causing any errors or problems in their Web application. So we need to be able to predict what users will enter, what kind of nonsense people will type into your application's input fields. There are different kinds of tests for this, like fuzzers or fuzzing, which we'll get to later in this class. And the next thing I want to talk about is something called impairment. So a lot of this happens on Web servers. So you noticed I have a website, right? So nothing is wrong with my website here, unless I put a space in there. And so I have this image folder. What if I created a folder that didn't exist? What is the Web server going to do? See, this is not good. So I did this purposely because I wanted to show what a bad one looks like. So you'll notice that the Web application is not handling errors very well because it's giving away way too much information. It's telling us right off the bat that this weird website is okay to see in the Internet Pub/wwwroute folder because it's running on this port. This is an ICS Web server that gives away a lot of information. So I need to go in and not use that Web server. It's a very old web server, by the way. Oh, you know what? I forgot to show you. Look. It even has a kind of new web version of it, 7.5. This is a Windows 7 web server, by the way. I use that on purpose to show you, hey, some of the problems that can happen. So, with error handling, what happens when an error occurs on the website or the application? How does the application handle that? It may freeze. It should simply display an error message that provides information to users while not divulging information about the server that is hosting it. These are just the default web pages that I had used on this particular web application. And I should have replaced them with more generic things that say, Sorry, this page does not exist. Please go back to the home page. Right? So you have to replace these types of error pages. Okay. In this video, we learned a lot. We talked about pointer object references at the asteroids; you also have directory traversal buffer overflow rates; we talked about error handling just now and improper input handlers.
ExamCollection provides the complete prep materials in vce files format which include CompTIA Security+ certification exam dumps, practice test questions and answers, video training course and study guide which help the exam candidates to pass the exams quickly. Fast updates to CompTIA Security+ certification exam dumps, practice test questions and accurate answers vce verified by industry experts are taken from the latest pool of questions.
CompTIA CompTIA Security+ Video Courses
Top CompTIA Certification Exams
SPECIAL OFFER: GET 10% OFF
Pass your Exam with ExamCollection's PREMIUM files!
SPECIAL OFFER: GET 10% OFF
Use Discount Code:
A confirmation link was sent to your e-mail.
Please check your mailbox for a message from firstname.lastname@example.org and follow the directions.
Download Free Demo of VCE Exam Simulator
Experience Avanset VCE Exam Simulator for yourself.
Simply submit your e-mail address below to get started with our interactive software demo of your free trial.