))
Through following this course, students will gain a basic understanding of the principles behind network security and the working of the main protocols, mechanisms and techniques in the area of security. The course consists of three parts: security mechanisms within network protocols, systems security and lab sessions. In the first part (security mechanisms within network protocols), the following topics will be discussed: IPSec, SSH, SSL, HTTPS and security for wireless networks. The second ...
…
continue reading
If you know how attacks work, you’ll know exactly where to look—whether you’re breaking in as an ethical hacker or defending as a blue teamer. Hacked & Secured: Pentest Exploits & Mitigations breaks down real-world pentest findings, exposing how vulnerabilities were discovered, exploited, and mitigated. Each episode dives into practical security lessons, covering attack chains and creative exploitation techniques used by ethical hackers. Whether you're a pentester, security engineer, develop ...
…
continue reading
1
Ep. 8 – OTP Flaw & Remote Code Execution: When Small Flaws Go Critical
15:45
15:45
Play later
Play later
Lists
Like
Liked
15:45
A broken logout flow let attackers hijack accounts using just a user ID. A self-XSS and an IDOR exposed stored data. And a forgotten internal tool—running outdated software—ended in full Remote Code Execution. This episode is all about how small bugs, missed checks, and overlooked services can lead to serious consequences. Chapters: 00:00 - INTRO 0…
…
continue reading
1
Ep. 7 – IDOR & SSTI: From File Theft to Server-Side Secrets
19:35
19:35
Play later
Play later
Lists
Like
Liked
19:35
A predictable ID exposed private documents. A crafted name leaked backend files. In this episode, we break down two high-impact flaws—an IDOR that let attackers clone confidential attachments, and an SSTI hidden in an email template that revealed server-side files. Simple inputs, big consequences. Learn how they worked, why they were missed, and ho…
…
continue reading
1
Ep. 6 – 403 Bypass & Request Smuggling: Tiny Tricks, Total Takeover
17:14
17:14
Play later
Play later
Lists
Like
Liked
17:14
A single uppercase letter unlocked an admin panel. One malformed request hijacked user sessions. In this episode, we break down two real-world exploits—a 403 bypass and a request smuggling attack—that turned small oversights into full system compromise. Learn how they worked, why they were missed, and what should have been done differently. Chapter…
…
continue reading
1
Ep. 5 – Stored XSS & SQL Injection: Small Flaws, Big Breaches
16:08
16:08
Play later
Play later
Lists
Like
Liked
16:08
A simple filename triggered stored XSS, hijacking accounts and stealing API keys. A SQL injection bypassed a web firewall, dumping an entire database in one request. Both attacks exploited basic security flaws—flaws that should have been caught. Learn how these exploits worked, why they were missed, and what should have been done differently. Want …
…
continue reading
1
Ep. 4 – Exposed Secrets & Silent Takeovers: How Misconfigurations Open the Door to Attackers
21:15
21:15
Play later
Play later
Lists
Like
Liked
21:15
Exposed secrets, overlooked permissions, and credentials hiding in plain sight—each one leading to a critical breach. In this episode, we break down three real-world pentest findings where a forgotten file, a misconfigured setting, and a leaked credential gave attackers full control. How did they happen? How can you find similar issues? And what ca…
…
continue reading
1
Ep. 3 – One Request, One URL, One Bluetooth Hack: Three Takeovers That Shouldn’t Have Happened
21:30
21:30
Play later
Play later
Lists
Like
Liked
21:30
How can attackers take over accounts, networks, and devices—without credentials? In this episode, we break down three real-world security flaws that prove authentication alone isn’t enough: Account Takeover – A single request bypassed email verification, locking out store owners. Internal Network Compromise – A hidden admin URL and hardcoded access…
…
continue reading
1
Ep. 2 – Chaining IDORs, CSRF Account Takeovers & Token Manipulation for Privilege Escalation
19:16
19:16
Play later
Play later
Lists
Like
Liked
19:16
What if you could take over an account—not by cracking a password, but by chaining two overlooked vulnerabilities? What if a single CSRF exploit let attackers reset security questions and hijack accounts? And what if manipulating an authorization token could escalate privileges? In this episode of Hacked & Secured: Pentest Exploits & Mitigations, w…
…
continue reading
1
Ep. 1 – Breaking OTP Security, Exploiting Static Domains & Privilege Escalation via Role Misconfigurations
19:12
19:12
Play later
Play later
Lists
Like
Liked
19:12
What if your OTP security wasn’t secure at all? What if a static domain—something most people ignore—could lead to full account takeover? And what if flawed role management allowed admins to escalate privileges? In this episode of Hacked & Secured: Pentest Exploits & Mitigations, we break down three real-world security failures that turned minor ov…
…
continue reading
1
Intro to Hacked & Secured: Pentest Exploits & Mitigations – What to Expect!
2:28
2:28
Play later
Play later
Lists
Like
Liked
2:28
If you know how attacks work, you’ll know exactly where to look—whether you’re breaking in as an ethical hacker or defending as a blue teamer. Welcome to Hacked & Secured: Pentest Exploits & Mitigations—the podcast that breaks down real-world pentest findings and exposes critical security flaws before attackers do. Red team tactics – How vulnerabil…
…
continue reading
This lecture discusses two main techniques to protect your network: Intrusion Detection Systems (IDS) and Firewalls. The IDS part discusses host-based versus network-based ID systems, passive versus reactive systems, as well as the main operation of an IDS (data capturing, signature versus anomaly-based operation). The firewall part compares differ…
…
continue reading
In this short video we provide some examples of possible security related assignments and projects at the DACS group. The lecture concludes with information regarding the exam.By Aiko Pras
…
continue reading
This guest lecture is provided by Frank van Vliet, from the companyBy Aiko Pras
…
continue reading
In the first part of this lecture we discuss the operation of the SSL/TLS protocol, which is used for secure web browsing (HTTPs), as well as the SSH protocol, which is used, amongst others, for remote login. In the second part of this lecture the concept of AAA (Authentication, Authorization and Access Control) is introduced, followed by a discuss…
…
continue reading
In this lecture we will discuss the IPSec protocol. We start with comparing IPSec usage to that of other secure protocols, such as SSH and TLS. An overview of the various IPSec standards is given, followed by a discussion of the two modes in which IPSec can operate: transport mode and tunnel mode. We than provide some details regarding the two vari…
…
continue reading
