Advanced Web Hacking

2019 Edition
Flexible formats available 2 Days up-to 5 Days
  • Modern JWT, SAML, oauth bugs
  • Business logic and crypto flaws
  • RCE via Java Serialisation, Object, OGNL and template injection
  • Exploitation over DNS channels
  • Advanced SSRF, HPP, XXE and SQLi topics
  • Attack chaining and real life examples
HOW TO BOOK
The AWH course has been excellent with 100% positive feedback.
We've appreciated ourselves how much work must have gone into the labs, they are very strong and reflect the real world, so we've been thrilled.
The trainers are great, very knowledgable and engaging.Private Training Attendee – April 2018
Really liked the training. Advanced stuff covered a lot of not so easy to find scenarios. Hats off on the efforts in building the practice labs Attendee Appsec EU 2018

30 Day Lab Access

Option to extend hacking lab access for 30 days after the class

Wide Range of Challenges

Real world challenges from Authentication issues to RCE, SSRF, XXE and more

Continuously Developed

The labs are continuosly developed to include latest exploits and tools.

Class Overview

This class teaches audience a wealth of hacking techniques to compromise modern day web applications, APIs and associated end-points. This class focus on specific areas of appsec and on advanced vulnerability identification and exploitation techniques. The class allows attendees to learn and practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known. Attendees can also benefit from a state-of-art Hacklab and we can provide 30 days lab access after the class to allow attendees more practice time.

Class Details

This fast-paced class, gives attendees an insight into Advanced Web Hacking, the team has built a state of the art hacklab and recreated security vulnerabilities based on real life Pen Tests and real bug bounties seen in the wild.

Attacking Authentication and SSO

Token Hijacking attacks

Logical Bypass / Boundary Conditions

Bypassing 2 Factor Authentication

Authentication Bypass using Subdomain Takeover

JWT Token Brute-Force attacks

SAML Authorization Bypass

OAuth Issues

Password Reset Attacks

Cookie Swap

Host Header Validation Bypass 

Case study of popular password reset fails.

Business Logic Flaws / Authorization flaws

Mass Assignment

Invite/Promo Code Bypass

Replay Attack

API Authorisation Bypass

HTTP Parameter Pollution (HPP)

XML External Entity (XXE) Attack

XXE Basics

Advanced XXE Exploitation over OOB channels

XXE through SAML

XXE in File Parsing

Breaking Crypto

Known Plaintext Attack (Faulty Password Reset)

Padding Oracle Attack

Hash length extension attacks

Auth bypass using .NET Machine Key

Remote Code Execution (RCE)

Java Serialisation Attack

.Net Serialisation Attack

Node.js Serialization Attack

PHP Serialization Attack

JSON Serialization Attack

Server Side Template Injection

SQL Injection Masterclass

2nd order injection

Out-of-Band exploitation

SQLi through crypto

OS code exec via powershell

Advanced topics in SQli

Advanced SQLMap Usage and WAF bypass

Exploiting code injection over OOB channel

Tricky File Upload

Malicious File Extensions 

Circumventing File validation checks 

Exploiting hardened web servers

Server Side Request Forgery (SSRF)

SSRF to query internal network

SSRF to call internal files

Various Case studies

Attacking the Cloud

SSRF Exploitation

Serverless exploitation

Google Dorking in the Cloud Era

Post Exploitation techniques on Cloud hosted applications

Various Case Studies

Attacking Hardened CMS

Identifying and attacking various CMS

Attacking Hardened WordPress, Joomla and Sharepoint

Misc Attacks

Identifying Blind XSS via OOB channel

Exploiting Self XSS

CSP bypass

Various Case Studies on weird and wonderful XSS and CSRF attacks

Web Caching Attacks

Attack Chaining N tier vulnerability Chaining leading to RCE

Prerequisites

Who Should Take This Class?

Web developers, SOC analysts, intermediate level penetration testers, DevOps engineers, network engineers, security architects, security enthusiasts and anyone who wants to take their skills to next level.

Student Requirements

Students must bring their own laptop and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre installed. A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicatedly for the VM.

 

 

Upcoming Classes

3-6 Aug 2019

Mandalay Bay, Las Vegas, USA

More information

5-6 August 2019

Mandalay Bay, Las Vegas, USA

More information

October, 17-18 2019

ALEXANDRIA, VA

More information

Hacking Training Classes

Lab-Based Training - Written by BlackHat Trainers - Available Globally

NotSoSecure classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure / web applications as a day job & wish to add to their existing skill set.


Download the NotSoSecure Hacking Classes Brochure

Beginner Friendly

Hacking 101

The Art of Hacking

The Art of Hacking

=

Infrastructure Hacking

+

Web Hacking

Specialist Offensive Classes

2019 Edition

Advanced Infrastructure Hacking

2019 Edition

Advanced Web Hacking

NEW

Hacking and Securing Cloud Infrastructure

Specialist Defence Classes

2019 Edition

AppSec for Developers

NEW

DevSecOps

NEW

AppSecOps

Book Your Training

Working exclusively with 3 training delivery partners, NotSoSecure Hacking Training is available around the world.


UNITED KINGDOM

REST OF THE WORLD