Web Hacking - Black Belt Edition 2019

Much like our popular Advanced Infrastructure Hacking class, this class talks about a wealth of hacking techniques to compromise web applications, APIs, cloud components and other associated end-points. This class focus on specific areas of appsec and on advanced vulnerability identification and exploitation techniques (especially server side flaws). The class allows attendees to practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known. Note: Attendees will also benefit from a state-of-art Hacklab and we will be providing free 30 days lab access after the class to allow attendees more practice time. The following is the course outline: Day 1 Authentication Attacks Logical Bypass / Boundary Conditions Token Hijacking attacks Attacking SSO SAML / OAuth 2.0 / JWT Attacks SAML Authentication and Authorization Bypass Advanced XXE Attacks XXE through SAML XXE in file parsing XXE Exploitation over OOB channels Complex Password Reset Attacks Cookie Swap Host Header Validation Bypass Case study of popular password reset fails. Breaking Crypto Known Plaintext Attack (Faulty Password Reset) Path Traversal using Padding Oracle Hash length extension attacks Complex Business Logic Flaws / Authorization flaws Mass Assignment bugs Invite/Promo Code Bypass Replay Attack API Authorization Bypass Server Side Request Forgery (SSRF) SSRF to call internal files SSRF to query internal network Day 2 SQL Injection Masterclass 2nd Order Injection Out-of-Band exploitation SQLi through crypto OS code exec via powershell Advanced topics in SQli Remote Code Execution (RCE) Java Serialisation Attack Node.js RCE PHP object injection Ruby/ERB template injection Exploiting code injection over OOB channel Cloud Attacks Google dorking in the Cloud era Serverless Exploitation PaaS Exploitation Tricky File Uploads Malicious File Extensions Circumventing File validation checks Miscellaneous Topics HTTP Parameter Pollution (HPP) A Collection of weird and wonderful XSS and CSRF attacks. Attack Chaining Combining Client-side and or Server-side attacks to steal internal secrets B33r 101 Note: This is a fast paced version of the 4 day class, cut down to 2 days. Some of the exercises have been replaced by demos which will be shown by the instructor. Students will receive FREE 1-month lab access to practice each exercise after the class.