Cyber security discipline of web application pentesting. Hands-on course that will require you to set up your own pentesting environment.
You should have familiarity with virtualized environments such as VMWare or VirtualBox and also understand how to configure a browser’s proxy settings.
Into the training sessions, trainer will make presentation of live demo examples and provide in depth learning of research and exploit techniques. From fuzzing techniques to discover security holes to ROP gadgets and egg-hunters to build shellcode, this workshop will cover all parts that a security researcher must know. The approach will be in learn-by-example methodology. There will be advance techniques for bypassing DEP and ASLR, heap spraying and a lot of examples to learn including real application vulnerabilities.
Practical exercises in this workshop are labs based on BYOD (Bring Your Own Device) lab execution. This means that attendant must bring his own laptop and conduct lab exercises there. Minimum requirements for lab exercises at least 25GB HDD space, 4GB RAM memory and installed VMware Player 7.1.2 with ability to run virtual machines. All lab exercises are done on virtual machines (Linux OS and Windows OS) that will be delivered on external media to the attendance at the beginning of the workshop. A wired network will be available in the room with access to internet, so attendant must make sure his laptop can connect to a wired network and bring USB Ethernet adapter if he needs one. The method of BYOD lab execution must be selected at the workshop registration form.
Unlike traditional courses, this workshop is intensive, very long and has highest level of difficulty.
Learning foundations (Day 1)
Web-Application Ethical Hacking
Mobile-App Ethical Hacking
Reporting
Approach method
Way to find a door
First doorstep activity
Ending infinity
Engineering Exploit Code · Exercises
You should have familiarity with virtualized environments such as VMWare or VirtualBox and also understand how to configure a browser’s proxy settings.
Into the training sessions, trainer will make presentation of live demo examples and provide in depth learning of research and exploit techniques. From fuzzing techniques to discover security holes to ROP gadgets and egg-hunters to build shellcode, this workshop will cover all parts that a security researcher must know. The approach will be in learn-by-example methodology. There will be advance techniques for bypassing DEP and ASLR, heap spraying and a lot of examples to learn including real application vulnerabilities.
Practical exercises in this workshop are labs based on BYOD (Bring Your Own Device) lab execution. This means that attendant must bring his own laptop and conduct lab exercises there. Minimum requirements for lab exercises at least 25GB HDD space, 4GB RAM memory and installed VMware Player 7.1.2 with ability to run virtual machines. All lab exercises are done on virtual machines (Linux OS and Windows OS) that will be delivered on external media to the attendance at the beginning of the workshop. A wired network will be available in the room with access to internet, so attendant must make sure his laptop can connect to a wired network and bring USB Ethernet adapter if he needs one. The method of BYOD lab execution must be selected at the workshop registration form.
Unlike traditional courses, this workshop is intensive, very long and has highest level of difficulty.
Learning foundations (Day 1)
Web-Application Ethical Hacking
- HTTP and HTTPS basics
- Examine packet structure and how packets can be manipulated by attackers
- Why sites get hacked – sites get hack for a number of reasons... The main ones are because websites provide a large attack surface and the technologies that run on them are subject to common vulnerabilities such as SQLI, XSS, LFI, and RFI.
- Hacker methodology – the steps followed by an attacker which consist of footprinting, scanning, enumeration, gaining access, maintaining access, and covering one’s tracks.
- A host of essential tools will be presented throughout the course - Manual and automated approaches
- Attack vectors included:
- SQLI – structured query language injection is a common exploit that takes advantage of improperly-filtered user input.
- XSS – cross site scripting takes advantage of a client-side vulnerability that allows an attacker to inject code that can execute malicious scripts.
- LFI and RFI – local file inclusion and remote file inclusion respectively, are attacks where malicious files are installed on a vulnerable server.
- A bunch of Hacking Tools are included
Mobile-App Ethical Hacking
- SmartPhone Penetration Framework Intro
- AppUse Intro
- Zante Intro
Reporting
- Reporting best practices – this is what sets straight-up hackers apart from the professionals.
Approach method
Way to find a door
First doorstep activity
Ending infinity
Engineering Exploit Code · Exercises