Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 75 today we're going to discuss about Hijacking, next we have hijacking which is the exploitation of a computer session in an attempt to gain unauthorized access to data,services, or other resources on a computer or server.There are eight types of session hijacking that can be performed.Session theft, TCP/IP hijacking, blind hijacking,clickjacking, Man-in-the-Middle,Man-in-the-Browser, the watering hole attack and cross-site-scripting attacks.The first type of hijacking is known as session theft.With session theft the attacker is going to guess the session ID for a web session and that enables them to takeover the already authorized and established session of that client.Each session is uniquely identified with a random string but if the attacker can determine or guess that string they can take over the authenticated session with the server.And this example, you can see this is occurring at the session layer of the OSI model but it can also occur at the network or transport layer too.Now when it does it's called TCP/IP hijacking.Because it occurs when an attacker takes over a TCP session between two computers without the need of a cookie or other host access.Because TCP sessions only authenticate during the initial three-way handshake the attacker can jump into the session at any time they want if they can guess the next number in the packet sequence.This can also be used to create a denial of service attack against the initial host that way they can take it over and not let that person jump back into the session.Now, the next type of hijacking is called blind hijacking because it occurs when the attacker blindly injects data into a communication stream and won't be able to see the results whether they're successful or not.Clickjacking is our next type.This attack uses multiple transparent layers to trick a user into clicking on a button or link on a page when they were intending to click on something else.Basically the hyperlink to the malicious content is hidden under some legitimate clickable content.So you think you're clicking on an image and you're actually clicking on some link that takes you elsewhere.Now a Man-in-the-Middle attack is probably the attack you've heard most before.This is also one that is commonly used in session hijacking.A Man-in-the-Middle attack causes data to flow through the attacker's computer where it can then be intercepted or manipulated as it passes through.This is considered an active type of interception.So let's pretend that you've got some kind of malware on your computer and now all of your traffic is going to route through this attacker's machine. Well, if you wanted to transfer $50 from your bank account to your friend's but the attacker changes the amount and the destination of the account you may now be sending $5000 to the attacker instead of the $50 to your friend.This is the idea of a Man-in-the-Middle.Since the attacker is sitting right in the middle of that connection they can see and manipulate any data as it's being sent back and forth.Now a Man-in-the-Browser is very similar to the Man-in-the-Middle except it's limited to your browser's web communication instead of looking at the entire communication.This can occur because you have a Trojan that's infected your vulnerable web browser and it modifies web pages or transactions that are being done within that browser.To prevent this you should insure you have a good anti-malware solution installed and you have the latest security updates for your web browser because this will pretty much eliminate the Man-in-the-Browser attack.Next you have a watering hole.And a watering hole is something that we described all the way back in the beginning of this course.It occurs when malware is laced on a website that the attacker knows his potential victims are going to access. --- This episode is sponsored by · Anchor: The easiest way to make