Regarding the question on amplification... There are numerous protocols that have an amplification factor such as DNS, NTP, Chargen, etc. These protocols have functionality whereby a user can craft a request packet, that generates a reply which is several factors larger. NTP may have the largest amplification factor currently known. An attack looks like: - botnet or malicious individual/group send NTP request to a bunch of Open NTP servers on the internet that are vulnerable to this amplification technique - The request packet has a spoofed source (the victim) - The NTP servers receive the request, generate the significantly LARGER response packet, and fire it off to the spoofed victim - The victim receives the traffic and network services are impacted due to the size of each packet and sheer number of them It is one of the most effective and popular DoS strategies in use today and very common in the wild. Defensive strategies are a combination of hardening DNS, NTP, chargen, etc service, not placing them on the web, upgrading to implementations that are not vulnerable to such amplification weaknesses, and utilizing anycast routing services such as cloudflare.
SubliminalX7 HSTS is a Server Header that instructs the browser to always serve the content over HTTPS for every user of the site as opposed to a plugin which works for an individual user. In essence, HSTS and HTTPS everywhere both force the communication over HTTPS but the key difference is HSTS does it for the web application (one with the HSTS header set) only and HTTPS everywhere attempts to force usage of HTTPS for every website. Hope that helps.
@@a.n.7338 yes ofcourse. You can check out many such videos on websites like security tube which is kinda okay for a beginner. Also check our owasp to learn more about exploiting web vulnerabilities. They have decent information in there. Good luck !
Regarding the question on amplification... There are numerous protocols that have an amplification factor such as DNS, NTP, Chargen, etc. These protocols have functionality whereby a user can craft a request packet, that generates a reply which is several factors larger. NTP may have the largest amplification factor currently known. An attack looks like:
- botnet or malicious individual/group send NTP request to a bunch of Open NTP servers on the internet that are vulnerable to this amplification technique
- The request packet has a spoofed source (the victim)
- The NTP servers receive the request, generate the significantly LARGER response packet, and fire it off to the spoofed victim
- The victim receives the traffic and network services are impacted due to the size of each packet and sheer number of them
It is one of the most effective and popular DoS strategies in use today and very common in the wild.
Defensive strategies are a combination of hardening DNS, NTP, chargen, etc service, not placing them on the web, upgrading to implementations that are not vulnerable to such amplification weaknesses, and utilizing anycast routing services such as cloudflare.
In 2023, watching this was this very informative for me.
Very informative, Thank you.
07:46 Proxy 11:08 XXS, Javascript or HTML Injection
Great job - as good as any in covering this in a practical way.
Was so happy to find a tech talk by a native English speaker, only to find out he slurs his words to the point he's virtually incomprehensible
Fantastic! Thanks, Michael/CernerEng
Clear and concise!
Great video!
Is HSTS the same as HTTPS everywhere plugin, or essentially the same thing?
SubliminalX7 HSTS is a Server Header that instructs the browser to always serve the content over HTTPS for every user of the site as opposed to a plugin which works for an individual user. In essence, HSTS and HTTPS everywhere both force the communication over HTTPS but the key difference is HSTS does it for the web application (one with the HSTS header set) only and HTTPS everywhere attempts to force usage of HTTPS for every website. Hope that helps.
muziklovershello That makes good sense. Thank you for that!
@@aatifshahdadable is there any video regarding exploiting vulnerability of maybe web or anything?
@@a.n.7338 yes ofcourse. You can check out many such videos on websites like security tube which is kinda okay for a beginner. Also check our owasp to learn more about exploiting web vulnerabilities. They have decent information in there. Good luck !
Really interesting! Nice one.
very much interesting....thank you so much.
Very informative session..
excellent video
Very informative. Thanks.
Great talk!
I appreciate this video.
great video
Thank You!