25.9.2
This website uses cookies to ensure you get the best experience on our website. Learn more
NYU Tandon School of Engineering

OS Command Injection with Cybr Micro-badge

Share

Sheikh Younus

Program Summary

OS Command injections can be used to attack systems running an operating system, such as: web servers, IoT devices, office devices (ie: printers), and more. In the worst of cases, vulnerabilities can provide an attacker with complete control of a system. From there, systems can be modified, backdoors can be created for persistence, and attackers can attempt to pivot to other systems within the organization. Given this risk, understanding what OS Command injections are, how they work and can be exploited, and how to prevent vulnerabilities, is important for any application developer and technical business leader. Thus why OS Command Injections are part of the OWASP Top 10 Web Application Security Risks. This course explores OS Command Injections all the way from concepts to practice. Starting by creating a safe and legal environment to perform attacks. The content covers the core concepts of command injections and teaches techniques that can be used to exploit vulnerable targets. Then going full-on offensive, learners perform manual injection attacks as well as automated attacks with a tool called Commix. Once vulnerabilities are found, we generate and plant persistent backdoors that can be exploited to create shells, giving access to the target server any time. After successfully attacking and compromising the targets, it’s time to take a step back and discuss defensive controls at the application layer. Also, to look at actual vulnerable code and explore ways of fixing that vulnerable code to prevent injections.

Outcomes/Objectives
By completing this course, badge earners have the:

  • Knowledge of OS Command injections

  • Ability to perform OS Command injections manually

  • Ability to perform OS Command injections with Commix

  • Ability to leverage tools such as MSFvenom and Weevely to generate, upload, and use backdoor shells on remote servers

  • Knowledge of what backdoors are and the threat they pose

  • Ability to find vulnerabilities by looking at code

  • Knowledge of coding best practices to prevent vulnerabilities


Deliverable

  1. Enroll in the Introduction to OS Command Injections course.

  2. Complete all lessons and quizzes to receive the course certificate.

Program Duration

2 hours

Skills / Knowledge

  • Software Development
  • Software Testing & Evaluation
  • Vulnerabilities Assessment
  • Web Technology
  • Risk Management

Issued on

September 26, 2024

Expires on

Does not expire