- Online Training
- Advanced Web Hacking Bitesize Edition
Trainer Names: Dhruv Shah
Title: Advanced Web Hacking Bitesize Edition
Duration: 4 Days
Dates: 13th - 16th August 2020
Time: 10.00 AM to 2.00 PM
Type: Online Training on Zoom platform
Advanced Web Hacking Bitesize Edition course talks about a wealth of hacking techniques to compromise web applications, APIs and associated end-points. This course focuses on specific areas of app-sec and on advanced vulnerability identification and exploitation techniques (especially server-side flaws). This hands-on course covers neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. In this course vulnerabilities selected are ones that typically go undetected by modern scanners or the exploitation techniques are not so well known.
This course is an action-packed web hacking course exploiting modern web application vulnerabilities such as SSRF, Template Injection, 2nd Order SQLi, Deserialization, Crypto flaws and more. Attacking authentication schemes such as JWT, SAML, OAuth. Learning esoteric Out-of-Band techniques and attack chaining.
- ATTACKING AUTHENTICATION AND SSO
- Token Hijacking attacks
- Logical Bypass / Boundary Conditions
- Bypassing 2 Factor Authentication
- Authentication Bypass using Subdomain Takeover
- SAML Authorization Bypass
- JWT Token Brute-Force attacks
- PASSWORD RESET ATTACKS
- Cookie Swap
- Host Header Validation Bypass
- Case study of popular password reset fails.
BUSINESS LOGIC FLAWS / AUTHORIZATION FLAWS
- Mass Assignment
- Replay Attack
- API Authorisation Bypass
- HTTP Parameter Pollution (HPP)
XML EXTERNAL ENTITY (XXE) ATTACK
- XXE Basics
- Advanced XXE Exploitation over OOB channels
- XXE through SAML
- XXE in File Parsing
TRICKY FILE UPLOAD
- Malicious File Extensions
- Circumventing File validation checks
- Exploiting hardened web servers
SERVER SIDE REQUEST FORGERY (SSRF)
- SSRF to query internal network
- SSRF to call internal files
- Various Case studies
- Known Plaintext Attack (Faulty Password Reset)
- Padding Oracle Attack
- Hash length extension attacks
- Auth bypass using .NET Machine Key
REMOTE CODE EXECUTION (RCE)
- Java Binary Serialisation Attack
- Java XML Serialisation Attack
- Node.js Serialization Attack
- Node.js RCE
- Server Side Template Injection
SQL INJECTION MASTERCLASS
- 2nd order injection
- Out-of-Band exploitation
- OS code exec via powershell
- Exploiting code injection over OOB channel
- CMS Exploitation
- Case Studies
On Completion of this course
Attendees will be able to:
- Obtain a hands-on introduction to application security vulnerabilities like SQL Injection, XXE, Authentication and authorization flaws on our purposely built vulnerable web applications.
- Identify and perform Out of Band Injections for Vulnerabilities like SQL Injection and XXE to exfiltrate Data
- Learn how to perform Remote Code execution and find Deserialization Vulnerability
- Lastly learn how to attack weak key cryptography and how to fuzz and find vulnerabilities in completely encrypted parameters
Who Should Attend?
- Web Developers, SOC Analysts and anyone who wonders about the types of attacks Pen Testers use to find flaws in applications
- Entry/Intermediate level Pen Testers who want to know; what’s next? What are the advanced level attacks through which they can exploit vulnerabilities?
- Network Engineers, Security Architects, enthusiasts who want to stay updated with the latest trends in Web application Hacks
- Any technical person having a basic knowledge of how web applications work
Is this course right for you?
If you wonder:
- Are there a ways to effectively exfiltrate data using Out of Band Techniques for certain Vulnerabilities?
- Are there ways to Pen Test encrypted parameters to find vulnerabilities?
- Are there ways to bypass SSO functionalities?
- Are there ways to find SQL injection vulnerabilities not detected by Automated tools?
- Are there ways to break weak crypto implementations?
- Would there be an effective way to bypass password reset functionalities?
- What are the different things I can do with an SSRF vulnerabilities?
- How can deserialization vulnerabilities be exploited?
Then you have come to the right place. Advanced Web Hacking Bitesize Edition teaches you all of these.
The requirement for this course is that you have your own laptop with at least 4 GB RAM and 20 GB of free disk space and have admin/root access, along with the capability to run our custom Kali Linux Image from Virtual Box. Familiarity with Burp Suite will be beneficial for this course.
- Delegates can access our online lab which is purposely riddled with multiple vulnerabilities during the course
- Delegates will receive demonstrations and hands-on practice of the vulnerabilities to better understand and grasp the issues
- Numerous scripts and tools for advanced attacks
- A PDF copy of all course materials used during the course including instructor slide deck, tool cheat sheets and walkthrough guides
Advanced Web Hacking Bitesize Edition is an interactive hands-on course, here is an outline of few of the activities Delegates will carry out:
- Bypassing Custom Authentication
- Attacking JWT to bypass authentication
- Understanding Password reset flaws and exploiting them
- Bypassing the application’s Business logic flaws and exploiting them
- Performing Out of Band XXE attacks
- Perform Out of Band SQL injection attacks
- Practicing Second order SQL injection
- Identifying and exploiting deserialization vulnerabilities
- Identifying and exploiting vulnerabilities leading to RCE
Dhruv Shah is an information security professional working as a Principal Security Consultant at NotSoSecure. He has over 10+ years of experience in application, mobile, and network security. He has co-authored the book 'Kali Linux Intrusion and Exploitation' and 'Hands-on Pentesting with BurpSuite' by Packtpub. He is also a trainer of NotSoSecure's much-acclaimed Advanced Web Hacking class and has been a trainer at several leading public conferences such as Black Hat Vegas, Chicago, Alexandria, Japan, Hack in Paris, Texas Cyber Summit, OWASP Appsec Israel, etc. He has provided security training to various clients in the UK, EU, and USA via corporate training. His online presence is with the handle @snypter and is an active member and moderator of one of the Null chapters in India.