(Class provided by NotSoSecure (NSS)). This class is being offered at Blackhat for $5,100 and is being offered beforehand to those affiliated with WSC that can provide feedback on its content. You do not need to be a paying member to register.
Location: City? or online
Much like our popular Advanced Infrastructure Hacking class, this class talks about a wealth of hacking techniques to compromise web applications, APIs, cloud components and other associated end-points. This class focus on specific areas of appsec and on advanced vulnerability identification and exploitation techniques (especially server side flaws). The class allows attendees to practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.
Note: Attendees will also benefit from a state-of-art Hacklab and we will be providing free 30 days lab access after the class to allow attendees more practice time.
The following is the course outline:
- Lab Setup and architecture overview
- Advanced Burp Features
- Attacking Authentication and SSO
- Token Hijacking attacks
- Logical Bypass / Boundary Conditions
- Bypassing 2 Factor Authentication
- Authentication Bypass using Subdomain Takeover
- JWT Token Brute-Force attacks
- SAML Authorization Bypass
- oAuth Issues
- Password Reset Attacks
- Cookie Swap
- Host Header Validation Bypass
- Case study of popular password reset fails.
- Business Logic Flaws / Authorization flaws
- Mass Assignment
- Invite/Promo Code Bypass
- Replay Attack
- API Authorization Bypass
- HTTP Parameter Pollution (HPP)
- XML External Entity (XXE) Attack
- XXE Basics
- Advanced XXE Exploitation over OOB channels
- XXE through SAML
- XXE in File Parsing
- Breaking Crypto
- Known Plaintext Attack (Faulty Password Reset)
- Padding Oracle Attack
- Hash length extension attacks
- Auth bypass using .NET Machine Key
- Remote Code Execution (RCE)
- Java Serialisation Attack
- .Net Serialisation Attack
- Node.js Serialization Attack
- PHP Serialization Attack
- JSON Serialization Attack
- Server Side Template Injection
- Exploiting code injection over OOB channel
- SQL Injection Masterclass
- 2nd order injection
- Out-of-Band exploitation
- SQLi through crypto
- OS code exec via powershell.
- Advanced topics in SQli
- Advanced SQLMap Usage and WAF bypass
- Tricky File Upload
- Malicious File Extensions
- Circumventing File validation checks
- Exploiting hardened web servers.
- Server Side Request Forgery (SSRF)
- SSRF to query internal network
- SSRF to call internal files
- Various Case studies
- Attacking the Cloud
- SSRF Exploitation
- Serverless exploitation
- Google Dorking in the Cloud Era
- Post Exploitation techniques on Cloud hosted applications
- Various Case Studies
- Attacking Hardened CMS
- Identifying and attacking various CMS
- Attacking Hardened Wordpress, Joomla and Sharepoint.
- Client side attacks
- Identifying Blind XSS via OOB channel
- Exploiting Self XSS
- CSP bypass
- Various Case Studies on weird and wonderful XSS and CSRF attacks
- Web Caching Attacks.
- Attack Chaining N tier vulnerability Chaining leading to RCE.
- Various Case Studies
- The latest hacks in the world of web hacking. The class content has been carefully handpicked to focus on some neat, new and ridiculous attacks.
- We provide a custom kali image for this class. The custom kali image has been loaded with a number of plugins and tools (some public and some NotSoPublic) and these aid in quickly identifying and exploiting vulnerabilities discussed during the class.
- The class is taught by a real pentester and the real world stories shared during the class help attendees in putting things into perspective.
Who Should Take this Course
Web developers, SOC analysts, intermediate level penetration testers, DevOps engineers, network engineers, security architects, security enthusiasts and anyone who wants to take their skills to next level.
Audience Skill Level
Students must bring their own laptop and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre installed. A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicatedly for the VM.
What Students Should Bring
See student requirement
What Students Will Be Provided With
Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class. Numerous scripts and tools will also be provided during the training, along with student handouts.
Sunil works as Head of Research for NotSoSecure, a Claranet group company. He has 10 years of experience in application security. He has also been a trainer for the Web Hacking - Black Belt Edition and Basic Web Hacking courses at Black Hat and other leading conferences. He has provided security training to various clients in UK, EU and USA via corporate trainings. Sunil has won credits and accolades from several organizations like Microsoft, LinkedIn, Yahoo, Nokia, PayPal, Apache and Oracle for identifying and reporting security vulnerabilities in their products.