Advanced Web Hacking

Virtual Learning: 3,180€ + IVA

REF: NSSAWH Catálogo: Cybersecurity Área: Claranet Cyber Security (NotSoSecure), Cybersecurity

Duração icon

Duração:

5 dias

Próxima Data icon

Próxima Data:

Consulte-nos

Local icon

Local:

Online

Descrição

Web application security is one of the biggest and fastest moving specializations within cybersecurity today. Only with a comprehensive, well-rehearsed arsenal of modern ethical hacking skills can it be mastered. Join this hands-on, 5-day course to push your web hacking to the next level and widen your career prospects. Get your hands dirty with our popular virtual labs and learn from experienced, practicing penetration testers with a legacy of training at Black Hat.

This course uses a Defense by Offense methodology based on real world engagements and offensive research (not theory). That means everything we teach has been tried and tested on live environments and in our labs, so you can put it into practice as soon as the training is over. By the end of the course, you’ll know:

  • How to think and behave like an advanced, real world threat actor
  • How to identify commonly used vulnerabilities known to have caused damage and disruption in recent months
  • How to deploy the latest and most common web application hacks (including many novel techniques that can’t be detected by scanners)
  • How to analyze vulnerabilities within your own organization and customize your hacking techniques in response

*PVP por participante. A realização do curso nas datas apresentadas está sujeita a um quórum mínimo de inscrições.

Destinatários

  • Penetration testers and red teamers
  • Security consultants and architects
  • CSIRT/SOC analysts and engineers/blue teams
  • Developers with in-depth security experience
  • Security/IT managers and team leads

This course is suitable for in-house security teams from intermediate to pro level. It’s also relevant to other security and IT practitioners and managers who want to understand the current threat landscape and defend their organization.

  • Área: Cybersecurity

  • Certificação Associada: Advanced Web Hacking

Quero inscrever-me.

Programa:

INTRODUCTION

  • Lab setup and architecture overview
  • Burp Suite features recap

ATTACKING AUTHENTICATION AND SINGLE SIGN ON (SSO)

  • Token hijacking attacks
  • Logical bypass/boundary conditions
  • Bypassing 2-Factor Authentication (2FA)
  • Authentication bypass using subdomain takeover
  • JSON Web Token (JWT) and JSON Web Signature (JWS) attacks
  • Security Assertion Markup Language (SAML) authorization bypass
  • Open Authorization (OAuth) issues

PASSWORD RESET ATTACKS

  • Session poisoning
  • Host header validation bypass
  • Case study: common password reset fails

BUSINESS LOGIC FLAW AND AUTHORISATION FLAWS

  • Mass assignment
  • Invite/promo code bypass
  • Replay attack
  • API authorization bypass
  • HTTP Parameter Pollution (HPP)

EXTENSIBLE MARKUP LANGUAGE (XML) EXTERNAL ENTITY (XXE) ATTACK

  • XXE basics
  • Advanced XXE exploitation over out-of-band (OOB) channels
  • XXE through SAML
  • XXE in file parsing

BREAKING CRYPTOGRAPHY

  • Known plaintext attack (faulty password reset)
  • Padding oracle attack
  • Hash length extension attacks
  • Auth bypass using .NET machine key
  • Exploiting padding oracles with fixed initialization vectors (IVs)
  • ECDSA nonce reuse attack

REMOTE CODE EXECUTION (RCE)

  • Java deserialization attack: Binary XML SerialVersionUID mismatch
  • .Net deserialization attack
  • PHP deserialization attack
  • Python deserialization attack
  • Server-side template injection
  • Exploiting code injection over OOB channels

SQL INJECTION (SQLi) MASTERCLASS

  • Second-order injection
  • OOB exploitation
  • SQLi through cryptography
  • OS code execution via PowerShell
  • Advanced topics in SQLi
  • Advanced SQLMap usage and web application firewall (WAF) bypass

TRICKY FILE UPLOAD

  • Malicious File Extensions
  • Circumventing File validation checks
  • Exploiting hardened web servers
  • SQL injection via File Metadata

SERVER-SIDE REQUEST FORGERY (SSRF)

  • SSRF to query internal network
  • SSRF to exploit templates and extensions
  • SSRF filter bypass techniques

Attacking the Cloud

  • SSRF Exploitation
  • Serverless exploitation -Google Dorking in the Cloud era
  • Cognito misconfiguration to data exfiltration
  • Post Exploitation techniques on Cloud-hosted applications
  • Case studies: SSRF to RCE in containers SSRF to Amazon Elastic Compute Cloud (EC2) takeover AWS credentials Leaked (Netflix, TD Bank)

ATTACKING HARDENED CONTENT MANAGEMENT SYSTEMS (CMS)

  • Identifying and attacking various CMS
  • Attacking Hardened WordPress, Joomla and Microsoft Sharepoint

WEB CACHING ATTACKS

  • Web cache deception attack
  • Web cache poisoning attack Web cache poisoning in Drupal 8

MISCELLANEOUS VULNERABILITIES

  • Unicode Normalization attacks
  • Second order insecure direct object references (IDOR) attack
  • Exploiting misconfigured code control systems
  • Pentesting GraphQL Introspection based attacks on GraphQL
  • HTTP desync attack

Various Case Studies

  • A Collection of weird and wonderful XSS and CSRF attacks

Pré-requisitos:

Delegates must have the following to make the most of the course:

  • Intermediate knowledge of web application security (at least 2 years’ experience)
  • Common command line syntax competency
  • Experience using virtual labs for pentesting and/or offensive research
  • Basic working knowledge of Burp Suite (download here)

Quero inscrever-me.

Partilha:

We meet future and then we make it spark slogan

Precisas de ajuda a encontrar o teu futuro?

The answer you entered for the CAPTCHA was not correct.

A background of the Ignit sparks