On This Page

Web Hacking - Black Belt Edition

NotSoSecure | August 4-5 & August 6-7



Overview

NotSoSecure is pleased to launch their much awaited advanced Web Hacking class. Much like the Advanced Infrastructure Hacking class, this class talks about a wealth of hacking techniques to compromise web applications, APIs and associated end-points. This class focus on specific areas of app-sec and on advanced vulnerability identification and exploitation techniques (especially server side flaws). The class allows attendees to practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known. Attendees will also benefit from a state-of-art Hacklab and we will be providing free 30 days lab access after the class to allow attendees more practice time.

The following is the course outline:


Day 1
  • Authentication Bypass
    • Token Hijacking attacks
    • SQL column truncation attack
    • Logical Bypass / Boundary Conditions
  • SAML / OAuth 2.0 / Auth-0 / JWT Attacks
    • JWT Token Brute-Force attacks
    • SAML Authentication and Authorization Bypass
    • XXE through SAML
    • Advanced XXE Exploitation over OOB channels
  • Password Reset Attacks
    • Cookie Swap
    • Host Header Validation Bypass
    • Case study of popular password reset fails.
  • Breaking Crypto
    • Known Plaintext Attack (Faulty Password Reset)
    • Path Traversal using Padding Oracle
    • Hash length extension attacks
  • Business Logic Flaws / Authorization flaws
    • Mass Assignment
    • Invite/Promo Code Bypass
    • Replay Attack
  • SQL Injection
    • 2nd order injection
    • Out-of-Band exploitation
    • SQLi through crypto
    • NoSQL Injection
    • OS code exec via powershell.
    • Advanced topics in SQli

Day 2
  • Remote Code Execution (RCE)
    • Java Serialisation Attack
    • Node.js RCE
    • PHP object injection
    • RCE through XXE (with blind XXE)
    • RCE through XSLT
    • Rails' Remote Code Execution
    • Ruby/ERB template injection
    • Exploiting code injection over OOB channel
  • Server Side Request Forgery (SSRF)
    • SSRF to query internal network
    • SSRF to code exec
  • Unrestricted File Upload
    • Malicious File Extensions
    • Circumventing File validation checks
    • Web shells for modern platforms
  • Miscellaneous Topics
    • HTTP Parameter Pollution (HPP)
    • XXE in file parsing
    • A Collection of weird and wonderful XSS and CSRF attacks.
  • Attack Chaining
    • Combining Client-side and Server-side attacks to steal internal secrets
    • B33r 101

Who Should Take this Course

Web developers, SOC analysts, entry level/intermediate level penetration testers, network engineers, security architects, security enthusiasts and anyone who wants to take their skills to next level

Student Requirements

Students must bring their own laptop and have admin/root access on it. The laptop should have at least 4 GB RAM and 20 GB of free disk space and a working copy of the latest Kali Operating System. Kali OS should be run inside a Virtual machine (e.g. VMware Workstation/Fusion/Player or Virtual Box).

What Students Should Bring

See student requirement

What Students Will Be Provided With

Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class. Numerous scripts and tools will also be provided during the training, along with student handouts.

Trainers

Sunil Yadav is an information security professional over 8+ years of experience in application security, mobile security, and source code review. Consulting experience with large organizations across different sectors assessing network, system and application security. Conducted national and international training and seminars on web application security, threat modeling, mobile security and secure coding. Won credits and accolades from organizations like Microsoft, LinkedIn, Yahoo, Nokia, PayPal, Apache and Oracle for identifying and reporting security vulnerabilities in their products

Sudhanshu Chauhan is an information security professional working as a Principal Security Consultant at NotSoSecure. He is one of the core contributors to Datasploit (Open Source OSINT Framework). Sudhanshu has written various articles on a wide range of topics including Cyber Threats, Vulnerability Assessment, Honeypots, Metadata etc. and Co-authored 'Hacking Web Intelligence'. He has been a speaker at various conferences such as Ground Zero Summit (New Delhi) 2015, CyberHackathon Bar-Ilan University (Israel) 2016), BlackHat Arsenal (Las Vegas, US) 2017. Sudhanshu has identified multiple critical vulnerabilities in various applications of organisations like Adobe, ATT, Freelancer, Yandex etc.

Sumit Siddharth (Sid) is the founder of NotSoSecure (www.notsosecure.com), a specialist IT security firm delivering high-end IT security consultancy and Training. Prior to NotSoSecure, he worked as Head of Penetration Testing for a leading IT security company in UK. He has more than 9 years of experience in Penetration Testing. Sid has authored a number of whitepapers and tools. He has been a Speaker/Trainer at many security conferences including numerous Black Hat, DEF CON, OWASP Appsec, HITB etc. Sid is also a co-author of the book SQL Injection: Attacks and Defence (2nd edition). Over the years, Sid has identified several critical flaws in leading software and helped fix these bugs. These include products from Microsoft, Oracle, Intel, Wordpress etc. He has trained several security consultants/penetration testers and helped them get better at their job.