Description

Price: 10 USD | Size: 9.31 GB | Duration : 5 Days Seasons |  ⭐️⭐️⭐️⭐️⭐️ 4.8

BRAND : Expert TRAINING | ENGLISH | Bonus : Web Hacking Guides |  INSTANT DOWNLOAD 

Course Overview

Advanced Web Hacking course talks about a wealth of hacking techniques to compromise web applications, APIs and associated end-points. This course focuses on specific areas of app-sec and on advanced vulnerability identification and exploitation techniques (especially server side flaws). This hands-on course covers neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. In this course vulnerabilities selected are ones that typically go undetected by modern scanners or the exploitation techniques are not so well known.

Course Details

You will be able to:

Effectively exfiltrate data using Out of Band Techniques for certain vulnerabilities

Pen Test encrypted parameters to find vulnerabilities

Learn how to bypass SSO functionalities

Find SQL injection vulnerabilities not detected by Automated tools

Break weak crypto implementations

Learn ways to bypass password reset functionalities

What you can take away from the course:

The latest hacks in the world of web hacking. The class content has been carefully handpicked to focus on some neat, new and ridiculous attacks.

We provide a custom kali image for this class. The custom kali image has been loaded with a number of plugins and tools (some public and some NotSoPublic) and these aid in quickly identifying and exploiting vulnerabilities discussed during the class.

The class is taught by a real Pen Tester and the real-world stories shared during the class help attendees in putting things into perspective.

Details of the course content:

INTRODUCTION

Lab Setup And Architecture Overview

Introduction To Burp Features

ATTACKING AUTHENTICATION AND SSO

Token Hijacking attacks

Logical Bypass / Boundary Conditions

Bypassing 2 Factor Authentication

Authentication Bypass using Subdomain Takeover

JWT/JWS Token attacks

SAML Authorization Bypass

OAuth Issues

PASSWORD RESET ATTACKS

Session Poisoning

Host Header Validation Bypass

Case study of popular password reset fails

BUSINESS LOGIC FLAWS / AUTHORIZATION FLAWS

Mass Assignment

Invite/Promo Code Bypass

Replay Attack

API Authorisation Bypass

HTTP Parameter Pollution (HPP)

XML EXTERNAL ENTITY (XXE) ATTACK

XXE Basics

Advanced XXE Exploitation over OOB channels

XXE through SAML

XXE in File Parsing

BREAKING CRYPTO

Known Plaintext Attack (Faulty Password Reset)

Padding Oracle Attack

Hash length extension attacks

Auth bypass using .NET Machine Key

Exploiting padding oracles with fixed IVs

REMOTE CODE EXECUTION (RCE)

Java Serialisation Attack

Binary

XML

SerialVersionUID Mismatch

.Net Serialisation Attack

PHP Serialization Attack

Python serialization attack

Server Side Template Injection

Exploiting code injection over OOB channel

SQL INJECTION MASTERCLASS

2nd order injection

Out-of-Band exploitation

SQLi through crypto

OS code exec via powershell

Advanced topics in SQli

Advanced SQLMap Usage and WAF bypass

Pentesting GraphQL

Introspection based attacks on GraphQL

TRICKY FILE UPLOAD

Malicious File Extensions

Circumventing File validation checks

Exploiting hardened web servers

SQL injection via File Metadata

SERVER SIDE REQUEST FORGERY (SSRF)

SSRF to query internal network

SSRF to exploit templates and extensions

SSRF filter bypass techniques

Various Case studies

Prerequisites

Who Should Take This Class?

Web developers

SOC analysts

Intermediate level penetration testers

DevOps engineers, network engineers

Security architects

Security enthusiasts

Anyone who wants to take their skills to the next level

You will need:

Students must bring their own laptop and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre installed. A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicatedly for the VM