Training Course USA: Advanced Web Hacking

Provided by

About the course

Much like our popular Advanced Infrastructure Hacking class, this class talks about a wealth of hacking techniques to compromise web applications, APIs, cloud components and other associated end-points. This class focuses on specific areas of AppSec and on advanced vulnerability identification and exploitation techniques (especially server side flaws). The class allows attendees to practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug- bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.

Note: Attendees will also benefit from a state-of-art Hacklab and we will be providing free 30 days lab access after the class to allow attendees more practice time.

30 Day Lab Access
Option to extend hacking lab access for 30 days after the class

Wide Range of Challenges
Real world challenges from Authentication issues to RCE, SSRF, XXE and more

Continuously Developed
The labs are continuously developed to include latest exploits and tools.

Class Overview
The latest hacks in the world of web hacking. The class content has been carefully handpicked to focus on some neat, new and ridiculous attacks.

We provide a custom kali image for this class. The custom kali image has been loaded with a number of plugins and tools (some public and some NotSoPublic) and these aid in quickly identifying and exploiting vulnerabilities discussed during the class.

The class is taught by a real Pen Tester and the real-world stories shared during the class help attendees in putting things into perspective.

Class Details
This fast-paced class, gives attendees an insight into Advanced Web Hacking, the team has built a state of the art hacklab and recreated security vulnerabilities based on real life Pen Tests and real bug bounties seen in the wild.

Lab Setup And Architecture Overview

Introduction To Burp Features

Attacking Authentication and SSO
Token Hijacking attacks
Logical Bypass / Boundary Conditions
Bypassing 2 Factor Authentication
Authentication Bypass using Subdomain Takeover
JWT/JWS Token attacks
SAML Authorization Bypass
OAuth Issues

Password Reset Attacks
Session Poisoning
Host Header Validation Bypass
Case study of popular password reset fails

Business Logic Flaws / Authorization flaws
Mass Assignment
Invite/Promo Code Bypass
Replay Attack
API Authorisation Bypass
HTTP Parameter Pollution (HPP)

XML External Entity (XXE) Attack
XXE Basics
Advanced XXE Exploitation over OOB channels
XXE through SAML
XXE in File Parsing

Breaking Crypto
Known Plaintext Attack (Faulty Password Reset)
Padding Oracle Attack
Hash length extension attacks
Auth bypass using .NET Machine Key
Exploiting padding oracles with fixed IVs

Remote Code Execution (RCE)
Java Serialisation Attack
.Net Serialisation Attack
PHP Serialization Attack
Python serialization attack
Server Side Template Injection
Exploiting code injection over OOB channel

SQL Injection Masterclass
2nd order injection
Out-of-Band exploitation
SQLi through crypto
OS code exec via powershell
Advanced topics in SQli
Advanced SQLMap Usage and WAF bypass
Exploiting code injection over OOB channel
Pentesting GraphQL

Tricky File Upload
Malicious File Extensions
Circumventing File validation checks
Exploiting hardened web servers
SQL injection via File Metadata

Server Side Request Forgery (SSRF)
SSRF to query internal network
SSRF to exploit templates and extensions
SSRF filter bypass techniques
Various Case studies

Attacking the Cloud
SSRF Exploitation
Serverless exploitation
Google Dorking in the Cloud Era
Cognito misconfiguration to data exfiltration
Post Exploitation techniques on Cloud-hosted applications
Various Case Studies

Attacking Hardened CMS
Identifying and attacking various CMS
Attacking Hardened WordPress, Joomla and Sharepoint
Web Caching Attacks

Miscellaneous Vulnerabilities
Unicode Normalization attacks
Second order IDOR attack
Exploiting misconfigured code control systems
HTTP Desync attack

Attack Chaining N Tier Vulnerability Chaining Leading To Rce

Various Case Studies
A Collection of weird and wonderful XSS and CSRF attacks

It is recommended students complete one of the following courses before taking this course:

  • The Art of Hacking 2020 Edition
  • Web Hacking 2020 Edition

Who Should Take This Class?

  • Web developers
  • SOC analysts
  • Intermediate level
  • penetration testers
  • DevOps engineers, network engineers
  • Security architects
  • Security enthusiasts
  • Anyone who wants to take their skills to the next level

Student Requirements
Students must bring their own laptop and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre installed. A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicatedly for the VM. Users are also encouraged to familiarize themselves with Burp Suite to gain maximum out of the class.

Related article

Join our cyber security training courses this spring!