Web Hacking Black Belt Edition
Provided by QA
Overview
This class teaches the audience a wealth of hacking techniques to compromise modern-day web applications, APIs and associated end-points. This class focuses on specific areas of appsec and on advanced vulnerability identification and exploitation techniques. The class allows attendees to learn and practice some neat, new and ridiculous hacks which affected real-life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.
Attendees will also benefit from a state-of-art Hacklab during the course.
Some of the highlights of the class include:
Learning Outcomes
Lab Setup and architecture overview
Introduction to Burp Features
Attacking Authentication and SSO
Miscellaneous Vulnerabilities
Various Case Studies
This class teaches the audience a wealth of hacking techniques to compromise modern-day web applications, APIs and associated end-points. This class focuses on specific areas of appsec and on advanced vulnerability identification and exploitation techniques. The class allows attendees to learn and practice some neat, new and ridiculous hacks which affected real-life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.
Attendees will also benefit from a state-of-art Hacklab during the course.
Some of the highlights of the class include:
- Modern JWT, SAML, OAuth bugs
- Core business logic issues
- Practical cryptographic flaws.
- RCE via Serialization, Object, OGNL and template injection.
- Exploitation over DNS channels
- Advanced SSRF, HPP, XXE and SQLi topics.
- Serverless exploits
- Web Caching issues
- Attack chaining and real life examples.
- Web developers
- Intermediate level penetration testers
- DevOps engineers, network engineers
- Security researchers / analysts
- Security architects
- Security professionals & enthusiasts
- Anyone who wants to take their skills to the next level
Learning Outcomes
- The latest hacks in the world of web hacking. The class content has been carefully handpicked to focus on some neat, new and ridiculous attacks.
- We provide a custom kali image for this class. The custom kali image has been loaded with a number of plugins and tools (some public and some NotSoPublic) and these aid in quickly identifying and exploiting vulnerabilities discussed during the class.
- The class is taught by a real pentester and the real-world stories shared during the class help attendees in putting things into perspective.
- Access to a hacking lab during the course and numerous scripts and tools will also be provided during the training, along with student handouts.
- Our courses also come with detailed answer sheets. That is a step by step walkthrough of how every exercise within the class needs to be solved. These answer sheets are also provided to students at the end of the class.
Lab Setup and architecture overview
Introduction to Burp Features
Attacking Authentication and SSO
- Token Hijacking attacks
- Logical Bypass / Boundary Conditions
- Bypassing 2 Factor Authentication
- Authentication Bypass using Subdomain Takeover
- JWT/JWS Token attacks
- SAML Authorization Bypass
- OAuth Issues
- Session Poisoning
- Host Header Validation Bypass
- Case study of popular password reset fails
- Mass Assignment
- Invite/Promo Code Bypass
- Replay Attack
- API Authorisation Bypass
- HTTP Parameter Pollution (HPP)
- XXE Basics
- Advanced XXE Exploitation over OOB channels
- XXE through SAML
- XXE in File Parsing
- Known Plaintext Attack (Faulty Password Reset)
- Padding Oracle Attack
- Hash length extension attacks
- Auth bypass using .NET Machine Key
- Exploiting padding oracles with fixed IVs
- Java Serialization Attack
- .Net Serialization Attack
- PHP Serialization Attack
- Python serialization attack
- Server Side Template Injection
- Exploiting code injection over OOB channel
- 2nd order injection
- Out-of-Band exploitation
- SQLi through crypto
- OS code exec via PowerShell
- Advanced topics in SQli
- Advanced SQLMap Usage and WAF bypass
- Pentesting GraphQL
- Malicious File Extensions
- Circumventing File validation checks
- Exploiting hardened web servers
- SQL injection via File Metadata
- SSRF to query internal network
- SSRF to exploit templates and extensions
- SSRF filter bypass techniques
- Various Case studies
- SSRF Exploitation
- Serverless exploitation
- Google Dorking in the Cloud Era
- Cognito misconfiguration to data exfiltration
- Post Exploitation techniques on Cloud-hosted applications
- Various Case Studies
- Identifying and attacking various CMS
- Attacking Hardened Wordpress, Joomla, and Sharepoint
Miscellaneous Vulnerabilities
- Unicode Normalization attacks
- Second order IDOR attack
- Exploiting misconfigured code control systems
- HTTP Desync attack
Various Case Studies
- A Collection of weird and wonderful XSS and CSRF attacks
Enquire
| Start date | Location / delivery | |
|---|---|---|
| No fixed date | United Kingdom | Book now |
01132207150
01132207150
Related article
CYBER PULSE: EDITION 179 | 18 MARCH 2022
QA's practice director of Cyber Security, Richard Beck, rounds up the latest cyber security news.