This class focus on specific areas of app-sec and on advanced vulnerability identification and exploitation techniques (especially server side flaws). The class allows attendees to practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs.
The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known. This class talks about a wealth of hacking techniques to compromise web applications, APIs and associated end-points.
The following is the course outline:
- Authentication Bypass
- Token Hijacking attacks
- Logical Bypass / Boundary Conditions
- SAML / OAuth 2.0 / Auth-0 / JWT Attacks
- JWT Token Brute-Force attacks
- SAML Authentication and Authorization Bypass
- XXE through SAML
- Advanced XXE Exploitation over OOB channels
- Password Reset Attacks
- Cookie Swap
- Host Header Validation Bypass
- Case study of popular password reset fails.
- Breaking Crypto
- Known Plaintext Attack (Faulty Password Reset)
- Path Traversal using Padding Oracle
- Hash length extension attacks
- Business Logic Flaws / Authorization flaws
- Mass Assignment
- Invite/Promo Code Bypass
- Replay Attack
- API Authorization Bypass
- SQL Injection
- 2nd order injection
- Out-of-Band exploitation
- SQLi through crypto
- OS code exec via powershell.
- Advanced topics in SQli
- Remote Code Execution (RCE)
- Java Serialisation Attack
- Node.js RCE
- PHP object injection
- Ruby/ERB template injection
- Exploiting code injection over OOB channel
- Server Side Request Forgery (SSRF)
- SSRF to call internal files
- SSRF to query internal network
- Unrestricted File Upload
- Malicious File Extensions
- Circumventing File validation checks
- Miscellaneous Topics
- HTTP Parameter Pollution (HPP)
- XXE in file parsing
- A Collection of weird and wonderful XSS and CSRF attacks.
- Attack Chaining
- Combining Client-side and or Server-side attacks to steal internal secrets
Delegates will be given access to hands on LABs for a majority of the above topics. Attendees will also benefit from a state-of-art Hacklab and we will be providing
free 2 Weeks of lab access after the class to allow attendees more practice time.