This class teaches audience a wealth of hacking techniques to compromise modern day web applications, APIs and associated end-points. This class focus on specific areas of appsec and on advanced vulnerability identification and exploitation techniques. The class allows attendees to learn and practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.
Attendees will also benefit from a state-of-art Hacklab and we will be providing FREE 30 days lab access after the class to allow attendees more practice time. Some of the highlight of the class includes:
- Modern JWT, SAML, oauth bugs
- Core business logic issues
- Practical cryptographic flaws.
- RCE via Serialisation, Object, OGNL and template injection.
- Exploitation over DNS channels
- Advanced SSRF, HPP, XXE and SQLi topics.
- Serverless exploits
- Web Caching issues
- Attack chaining and real life examples.
OVERVIEW Much like our popular Advanced Infrastructure Hacking class, this class talks about a wealth of hacking techniques to compromise web applications, APIs, cloud components and other associated end-points. This class focus on specific areas of appsec and on advanced vulnerability identification and exploitation techniques (especially server side flaws). The class allows attendees to practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.
Note: Attendees will also benefit from a state-of-art Hacklab and we will be providing free 30 days lab access after the class to allow attendees more practice time.
The following is the course outline:
- Authentication Attacks
- Logical Bypass / Boundary Conditions
- Token Hijacking attacks
- Attacking SSO
- SAML / OAuth 2.0 / JWT Attacks
- SAML Authentication and Authorization Bypass
- Advanced XXE Attacks
- XXE through SAML
- XXE in file parsing
- XXE Exploitation over OOB channels
- Complex Password Reset Attacks
- Cookie Swap
- Host Header Validation Bypass
- Case study of popular password reset fails.
- Breaking Crypto
- Known Plaintext Attack (Faulty Password Reset)
- Path Traversal using Padding Oracle
- Hash length extension attacks
- Complex Business Logic Flaws / Authorization flaws
- Mass Assignment bugs
- Invite/Promo Code Bypass
- Replay Attack
- API Authorization Bypass
- Server Side Request Forgery (SSRF)
- SSRF to call internal files
- SSRF to query internal network
- SQL Injection Masterclass
- 2nd Order Injection
- Out-of-Band exploitation
- SQLi through crypto
- OS code exec via powershell
- Advanced topics in SQli
- Remote Code Execution (RCE)
- Java Serialisation Attack
- Node.js RCE
- PHP object injection
- Ruby/ERB template injection
- Exploiting code injection over OOB channel
- Cloud Attacks
- Google dorking in the Cloud era
- Serverless Exploitation
- PaaS Exploitation
- Tricky File Uploads
- Malicious File Extensions
- Circumventing File validation checks
- Miscellaneous Topics
- HTTP Parameter Pollution (HPP)
- A Collection of weird and wonderful XSS and CSRF attacks.
- Attack Chaining
- Combining Client-side and or Server-side attacks to steal internal secrets
- B33r 101
Note: This is a fast paced version of the 4 day class, cut down to 3 days. Some of the exercises have been replaced by demos which will be shown by the instructor. Students will receive FREE 1 month lab access to practice each exercise after the class.
WHO SHOULD TAKE THIS COURSEWeb developers, SOC analysts, intermediate level penetration testers, DevOps engineers, network engineers, security architects, security enthusiasts and anyone who wants to take their skills to next level.
STUDENT REQUIREMENTS Students must bring their own laptop and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre installed. A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicatedly for the VM.
WHAT STUDENTS SHOULD BRINGsee student requirement
WHAT STUDENTS WILL BE PROVIDED WITHAccess to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class. Numerous scripts and tools will also be provided during the training, along with student handouts.
TRAINERSDhruv Shah is an information security professional working as a Principal Security Consultant at NotSoSecure. He has over 7+ years of experience in application, mobile and network security. He has co-authored the book 'Kali Linux Intrusion and Exploitation' by Packtpub. His work can be found on security-geek.in. He is also a trainer of NotSoSecure's much acclaimed advanced web hacking class and has been a trainer at several leading public conferences such as Black Hat USA and Europe. He has provided security training to various clients in UK, EU and USA via corporate trainings
Sunil works as Head of Research for NotSoSecure, a Claranet group company. He has 10 years of experience in application security. He has also been a trainer for the Web Hacking - Black Belt Edition and Basic Web Hacking courses at Black Hat and other leading conferences. He has provided security training to various clients in UK, EU and USA via corporate trainings. Sunil has won credits and accolades from several organizations like Microsoft, LinkedIn, Yahoo, Nokia, PayPal, Apache and Oracle for identifying and reporting security vulnerabilities in their products.
