Advanced Web Hacking

2020 Edition
3 Day Practical Class
Fast Track Available
  • Modern JWT, SAML, oauth bugs
  • Business logic and crypto flaws
  • RCE via Java Serialisation, Object, OGNL and template injection
  • Exploitation over DNS channels
  • Advanced SSRF, HPP, XXE and SQLi topics
  • Attack chaining and real life examples
The AWH course has been excellent with 100% positive feedback.
We've appreciated ourselves how much work must have gone into the labs, they are very strong and reflect the real world, so we've been thrilled.
The trainers are great, very knowledgable and engaging.Private Training Attendee – April 2018
Really liked the training. Advanced stuff covered a lot of not so easy to find scenarios. Hats off on the efforts in building the practice labs Attendee Appsec EU 2018

30 Day Lab Access

Option to extend hacking lab access for 30 days after the class

Wide Range of Challenges

Real world challenges from Authentication issues to RCE, SSRF, XXE and more

Continuously Developed

The labs are continuosly developed to include latest exploits and tools.

Class Overview

This class teaches audience a wealth of hacking techniques to compromise modern day web applications, APIs and associated end-points. This class focus on specific areas of appsec and on advanced vulnerability identification and exploitation techniques. The class allows attendees to learn and practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known. Attendees can also benefit from a state-of-art Hacklab and we can provide 30 days lab access after the class to allow attendees more practice time.

Class Details

This fast-paced class, gives attendees an insight into Advanced Web Hacking, the team has built a state of the art hacklab and recreated security vulnerabilities based on real life Pen Tests and real bug bounties seen in the wild.

Attacking Authentication and SSO

  • Token Hijacking attacks
  • Logical Bypass / Boundary Conditions
  • Bypassing 2 Factor Authentication
  • Authentication Bypass using Subdomain Takeover
  • JWT Token Brute-Force attacks
  • SAML Authorization Bypass
  • OAuth Issues

Password Reset Attacks

  • Cookie Swap
  • Unicode Normalization attacks
  • Host Header Validation Bypass
  • Case study of popular password reset fails

Business Logic Flaws / Authorization flaws

  • Mass Assignment
  • Invite/Promo Code Bypass
  • Replay Attack
  • API Authorisation Bypass
  • HTTP Parameter Pollution (HPP)

XML External Entity (XXE) Attack

  • XXE Basics
  • Advanced XXE Exploitation over OOB channels
  • XXE through SAML
  • XXE in File Parsing

Breaking Crypto

  • Known Plaintext Attack (Faulty Password Reset)
  • Padding Oracle Attack
  • Hash length extension attacks
  • Auth bypass using .NET Machine Key
  • Exploiting padding oracles with fixed IVs

Remote Code Execution (RCE)

  • Java Serialisation Attack
  • .Net Serialisation Attack
  • PHP Serialization Attack
  • Python serialization attack
  • Server Side Template Injection
  • Exploiting code injection over OOB channel

SQL Injection Masterclass

  • 2nd order injection
  • Out-of-Band exploitation
  • SQLi through crypto
  • OS code exec via powershell
  • Advanced topics in SQli
  • Advanced SQLMap Usage and WAF bypass
  • Exploiting code injection over OOB channel
  • Pentesting GraphQL

Tricky File Upload

  • Malicious File Extensions
  • Circumventing File validation checks
  • Exploiting hardened web servers
  • SQL injection via File Metadata

Server Side Request Forgery (SSRF)

  • SSRF to query internal network
  • SSRF to exploit templates and extensions
  • SSRF filter bypass techniques
  • Various Case studies

Attacking the Cloud

  • SSRF Exploitation
  • Serverless exploitation
  • Google Dorking in the Cloud Era
  • Cognito misconfiguration to data exfiltration
  • Post Exploitation techniques on Cloud-hosted applications
  • Various Case Studies

Attacking Hardened CMS

  • Identifying and attacking various CMS
  • Attacking Hardened WordPress, Joomla and Sharepoint

Misc Attacks

  • Unicode Normalization attacks
  • Second order IDOR attack
  • Exploiting misconfigured code control systems
  • HTTP Desync attack
  • Web Caching Attacks
  • Attack Chaining N tier vulnerability Chaining leading to RCE
  • Various Case Studies: A Collection of weird and wonderful XSS and CSRF attacks

Prerequisites

It is recommended students complete one of the following courses before taking this course:

Who Should Take This Class?

Web developers, SOC analysts, intermediate level penetration testers, DevOps engineers, network engineers, security architects, security enthusiasts and anyone who wants to take their skills to next level.

Student Requirements

Students must bring their own laptop and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre installed. A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicatedly for the VM.    

How to book




What courses are you interested in?



Delivery:

Also Available from our partners below

UK and Virtual

Visit

Hacking Training Classes

Lab-Based Training - Written by BlackHat Trainers - Available Globally

NotSoSecure classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure / web applications as a day job & wish to add to their existing skill set.

Download the Hacking Classes Brochure

Training Events

Web Hacking – Black Belt Edition 2 Day

1-2 August or 3-4 August

Black Hat USA 2020

Read More

Web Hacking – Black Belt Edition 4 Day

1-4 August

Black Hat USA 2020

Read More

Advanced Web Hacking – Live Online Training USA

1st-3rd Sep 2020 8am-4pm PDT

Live Online Training

Register

Advanced Web Hacking

14-16th Sep 2020, 09:00–17:00 BST

Live Online Training

Register

Web Hacking Black Belt Edition

September 29-30

Black Hat Singapore

Register

Advanced Web Hacking

18th-20th November 9am-5pm GMT

Live Online Training

Register

Advanced Web Hacking

February 2021

Hack in Paris

Register

NotSoSecure Training Journey:

Beginner Friendly

Hacking 101

The Art of Hacking

2020 Edition

The Art of Hacking

=
2020 Edition

Infrastructure Hacking

+
2020 Edition

Web Hacking

Specialist Offensive Classes

2020 Edition

Advanced Infrastructure Hacking

2020 Edition

Advanced Web Hacking

NEW

Hacking and Securing Cloud Infrastructure

Specialist Defence Classes

2020 Edition

AppSec for Developers

NEW

DevSecOps

NEW

AppSecOps