Trainings

BASIC Infrastructure Hacking - 3 day (Onsite) with Warren Atkinson (13-15 Nov)

Overview

IT infrastructure is more complex and dynamic than it’s ever been, demanding comprehensive, modern, and well-rehearsed security skills to match. Join this hands-on, 3-day course to develop a strong baseline in infrastructure hacking and widen your career prospects. Get your hands dirty with our popular virtual labs and learn from experienced, practicing penetration testers with a legacy of training at Black Hat.This course uses a Defense by Offense methodology based on real world offensive research (not theory). That means everything we teach has been tried and tested on live environments and in our labs and can be applied once the course is over. By the end, you’ll know:

• Everything you need to about the risks associated with various infrastructure-based vulnerabilities
• How to think and behave like a real threat actor
• How to exploit vulnerabilities seen recently in the wild, as well as older but still prevalent vulnerabilities
• The fundamental principles of infrastructure hacking
• How to identify a list of IPs in your network all the way up to getting system level access on the domain controller.

Course Outline

• THE ART OF PORT SCANNING
• Methodology: basic concepts of hacking
• Enumeration techniques and port scanning
• THE ART OF ONLINE PASSWORD ATTACKS
• Configure online password attack
• Exploiting network service misconfiguration
• THE ART OF HACKING DATABASES
• MySQL and PostgreSQL
• Attack chaining techniques
• METASPLOIT BASICS
• Exploitation concepts: manual exploitation methodology
• Metasploit framework
• PASSWORD CRACKING
• Basic cryptography concepts
• Design an offline brute force attack
• HACKING UNIX
• Linux vulnerabilities and misconfigurations
• Privilege escalation techniques
• HACKING APPLICATION SERVERS ON UNIX
• Web server misconfiguration
• Multiple exploitation techniques
• HACKING THIRD PARTY CONTENT MANAGEMENT SYSTEM (CMS) SOFTWARE
• CMS software overview
• Vulnerability scanning and exploitation
• WINDOWS ENUMERATION
• Windows enumeration techniques and configuration issues
• Attack chaining
• CLIENT-SIDE ATTACKS
• Various Windows client-side attack techniques
• PRIVILEGE ESCALATION ON WINDOWS
• Post-exploitation techniques
• Windows privilege escalation techniques
• HACKING APPLICATION SERVERS ON WINDOWS
• Web server misconfiguration
• Exploiting application servers
• POST EXPLOITATION
• Metasploit post-exploitation techniques
• Window 10 security features and bypass techniques
• HACKING WINDOWS DOMAINS
• Understanding Windows authentication
• Gaining access to a domain controlle

Who should take this course

Students and graduates: improve your employability and enhance your CV

Infrastructure penetration testers (1-2 years’ experience): build up your ability with the guidance of experienced pentesters and researchers

Penetration testers in other fields (e.g., web, mobile): develop your infrastructure hacking skills and knowledge

Network admins: understand how your environment could be attacked

SOC analysts and engineers: develop your awareness of potential indicators of compromise (IoCs) and more complex malicious behaviors

Security/IT managers and team leads: update your knowledge of the threat landscape

This course is designed to help individuals bring their proficiency in infrastructure hacking and defense up to the industry baseline. It’s a foundation course that can lead on to our Advanced courses after a year or more spent using your new skills out in the wild.

Student requirements

The only requirement for this course is that you must bring your own laptop and have admin/root access on it. During the course, we will give you VPN access to our state-of-art Hacklab which is hosted in our data-center in the UK. Once you are connected to the lab, you will find all the relevant tools/VMs there. We also provide a dedicated Kali VM to each attendee on the hacklab, accessed using SSH. So, you don’t need to bring any VMs with you. All you need is admin access to install the VPN client and once connected, you are good to go! Attendees may optionally come prepared with an OpenVPN client (e.g. OpenVPN Client for Windows, we suggest Tunnelblick for Mac, the OpenVPN client is often included natively for Linux but may need installing/updating) and an SSH client (e.g. PuTTY for Windows, generally included natively for Linux/Mac) installed.

Trainings provides

If you are looking to develop your hacking skills further, either for working as a pen tester, or you need to understand how hackers work so that you are better able to defend against it, then this course is for you. In addition to increasing your knowledge and confidence, it provides excellent preparation for the advanced hacking examinations. By utilising the Hack-Lab following the Advanced Infrastructure Hacking course you are provided with time to test and hone your skills and your understanding of the tools and applications used throughout the course. You can take these away for working with on a day to day basis. There are guides, walkthroughs and examples for you to use as follow-up so that you can translate these modules into practical values within your business. Access to our Hack-Lab is not just for your work during the course, you will have access for 30 days after the course too. This gives you plenty of time to practice the concepts taught during the course. The Hack-Lab contains a wide variety of challenges from local privilege escalation to VLAN hopping etc. Numerous scripts and tools will also be provided during the course, along with Delegate handouts.

Advanced Infrastructure Hacking – 3 day (Onsite) with Tiago Carvalho

Overview

This course uses a Defence by Offence methodology based on real world engagements and offensive research (not theory). That means everything we teach has been tried and tested on live environments and in our labs, so you can put it into practice as soon as the training is over. By the end of the course, you’ll know:

• How to think and behave like an advanced, real world threat actor
• How to identify commonly used vulnerabilities known to have recently caused damage and disruption
• How to deploy the latest and most common network infrastructure and cloud hacks, (including many novel techniques that can’t be detected by scanners)
• How to analyse vulnerabilities within your own organisation and customise your hacking techniques in response
• A huge menu of hacks for Windows, Linux, Microsoft Azure, AWS, Google Cloud Platform (GCP), software development systems, and more...

Course Outline

• IIPV4/IPV6 BASICS
• IPv6 service discovery and enumeration
• Exploiting systems/services over IPv6
• Host discovery and enumeration
• Advanced OSINT and asset discovery
• Exploiting DVCS and CI-CD server
• HACKING DATABASES
• PostgreSQL / MySQL
• Oracle
• NoSQL
• WINDOWS EXPLOITATION
• Windows Enumeration and Configuration Issues
• Windows Desktop ‘Breakout’ and AppLocker Bypass Techniques (Win 10)
• Local Privilege Escalation
• Offensive PowerShell /Offsec Development
• AMSI bypass Techniques
• AV Evasion Techniques
• Post-exploitation Tips, Tools, and Methodology
• ACTIVE DIRECTORY (AD) ATTACKS
• Active Directory Delegation Reviews and Pwnage (Win 2016 server)
• Pass the Hash/Ticket
• Cross Domain and Forest attacks
• Pivoting, Port Forwarding and Lateral Movement Techniques
• Persistence and backdooring techniques (Golden and Diamond Ticket)
• Command and Control (C2) Frameworks
• LINUX EXPLOITATION
• Linux Vulnerabilities and Configuration Issues
• Treasure hunting via enumeration
• CONTAINER BREAKOUT
• Kerberos authentication
• Restricted shells breakouts
• Breaking hardened web servers
• Local privilege escalation
• MongoDB exploitation
• TTY “Teletype” hacks and pivoting
• Kernel exploitation
• Post exploitation
• Persistence techniques (Linux capabilities)
• Breaking and abusing Docker
• Exploiting Kubernetes vulnerabilities
• Breaking out of Kubernetes containers
• CLOUD HACKING
• AWS, MS Azure, and GCP specific attacks
• Storage misconfigurations
• Credentials, API’s and token Abuse
• Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), Container as a Service (CaaS), and serverless exploitation
• Azure AD attacks
• Exploiting insecure VPN configuration
• B33r 101

Who should take this course

System Administrators, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and if you want to take your skills to next level.

Student requirements

Students must bring their own laptop and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre installed. A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicated for the VM.

Trainings provides

If you are looking to develop your hacking skills further, either for working as a pen tester, or you need to understand how hackers work so that you are better able to defend against it, then this course is for you. In addition to increasing your knowledge and confidence, it provides excellent preparation for the advanced hacking examinations. By utilizing the Hack-Lab following the Advanced Infrastructure Hacking course you are provided with time to test and hone your skills and your understanding of the tools and applications used throughout the course. You can take these away for working with on a day to day basis. There are guides, walkthroughs and examples for you to use as follow-up so that you can translate these modules into practical values within your business. Access to our Hack-Lab is not just for your work during the course, you will have access for 30 days after the course too. This gives you plenty of time to practice the concepts taught during the course. The Hack-Lab contains a wide variety of challenges from local privilege escalation to VLAN hopping etc. Numerous scripts and tools will also be provided during the course, along with Delegate handouts.

Hacking Android, iOS and IoT apps by Example - 3 day (Onsite) with Abraham Aranguren

Overview

This course is a 100% hands-on deep dive into the OWASP Mobile Security Testing Guide (MSTG) and relevant items of the OWASP Mobile Application Security Verification Standard (MASVS), so this course covers and goes beyond the OWASP Mobile Top Ten. Learn about Android, iOS and IoT app security by improving your mobile security testing kung-fu. Ideal for Penetration Testers, Mobile Developers and everybody interested in mobile app security. All action, no fluff, improve your security analysis workflow and immediately apply these gained skills in your workplace, packed with exercises, extra mile challenges and CTF, self-paced and suitable for all skill levels, with continued education via unlimited email support, lifetime access, step-by-step video recordings and interesting apps to practice, including all future updates for free. Teaser Video: https://www.youtube.com/watch?v=Re5oqfVkgd4

Course Outline

Day 1: Hacking Android & IoT apps by Example

Part 0 - Android Security Crash Course

• The state of Android Security
• Android security architecture and its components
• Android apps and the filesystem
• Android app signing, sandboxing and provisioning
• Recommended lab setup tips

Part 1

• Static Analysis with Runtime Checks
• Tools and techniques to retrieve/decompile/reverse and review APKs
• Identification of the attack surface of Android apps and general information gathering
• Identification of common vulnerability patterns in Android apps
• Hardcoded secrets
• Logic bugs
• Access control flaws
• Intents
• Cool injection attacks and more
• The art of repackaging
• Tips to get around not having root
• Manipulating the Android Manifest
• Defeating SSL/TLS pinning
• Defeating root detection
• Dealing with apps in foreign languages and more

Part 2

• Dynamic Analysis
• Monitoring data: LogCat, Insecure file storage, Android Keystore, etc.
• The art of MitM: Intercepting Network Communications
• The art of Instrumentation: Hooking with Xposed
• App behaviour monitoring at runtime
• Defeating Certificate Pinning and root detection at runtime
• Modifying app behaviour at runtime

Part 3

• Test Your Skills
• CTF time, including finding IoT vulnerabilities through app analysis

Day 2: Hacking iOS & IoT apps by Example

Part 0

• iOS Security Crash Course
• The state of iOS Security
• iOS security architecture and its components
• iOS app signing, sandboxing and provisioning
• iOS apps and the filesystem
• Recommended lab setup tips

Part 1:

• Static Analysis with runtime checks
• Tools and techniques to retrieve/decompile/reverse and review IPAs
• Identification of the attack surface of iOS apps and general information gathering
• Identification of common vulnerability patterns in iOS apps:
• Hardcoded secrets
• Logic bugs
• Access control flaws
• URL handlers
• Cool injection attacks, and more Patching and Resigning iOS binaries to alter app behaviour
• Tips to test without a jailbreak

Part 2

• Dynamic Analysis
• Monitoring data: LogCat, Insecure file storage, Android Keystore, etc.
• The art of MitM: Intercepting Network Communications
• The art of Instrumentation: Hooking with Xposed
• App behaviour monitoring at runtime
• Defeating Certificate Pinning and root detection at runtime
• Modifying app behaviour at runtime

Part 3

• Test Your Skills
• CTF time, including finding IoT vulnerabilities through app analysis

Day 3: Leveling up your Android Instrumentation Kung-fu

Part 1: Frida & Objection on Android

• Focus on Dynamic Analysis
• Practical Frida scripts and labs
• Useful Objection labs and modules

Part 2: radare2 & r2frida on Android

• Introduction to radare2 & r2frida
• Multiple scenarios with radare2, r2frida and other tools to improve your instrumentation workflows
• Multiple case studies & exercises

Part 3: RMS on Android

• Automating instrumentation with RMS on Android
• MuDefeating certificate pinning with instrumentation
• MulRoot detection bypasses with instrumentation
• MulRoMultiple practical instrumentation exercises

Part 4

• Test Your Skills

Who should take this course

Any mobile developer, penetration tester or person interested in mobile security will benefit from attending this training regardless of the initial skill level: the course is for beginners, intermediate and advanced level students. While beginners are introduced to the nuances of mobile app security from scratch, intermediate and advanced level learners get to perfect both their knowledge and skills on the subject. Extra mile challenges are available in every module to help more advanced students polish their skills. The course is crafted in a way that regardless of your skill level you will significantly improve your mobile security skills. If you are new and cannot complete the labs during the class, that is OK, as you keep training portal access, you will learn a lot in the class but can continue from home with the training portal. If you are more advanced in mobile security you can try to complete the labs in full and then take the CTF challenges we have for each day, you will likely also attempt to complete some exercises from home later.

Student requirements

The requirements for attending this course are:

• Linux command line basics
• Android basics
• iOS basics

Trainings provides

Attendees will be provided with:

• Lifetime access to training portal, with all course materials
• Unlimited access to future updates and step-by-step video recordings
• Unlimited email support, if you need help while you practice at home later - Government-mandated and police apps in various countries
• Many other excitingly vulnerable real-world apps
• IoT apps controlling Toys, Drones, etc.
• Digital copies of all training material
• Custom Build Lab VMs
• Purpose Build Vulnerable Test apps
• Source code for test apps

Completing this training ensures attendees will be competent and able to:

• Intercept mobile app network communications
• Bypass certificate and public key pinning protections
• Bypass jailbreak/root detection
• Reverse engineer and analyze mobile apps from a blackbox perspective - Review mobile app source code to identify security flaws
• Perform a mobile app security review

Malware Analysis and Memory Forensics - (Online) by Monnappa (18-20 Nov)

This hands-on training teaches the concepts, tools, and techniques to analyse, investigate and hunt malware by combining two powerful techniques malware analysis and memory forensics.This course will introduce attendees to basics of malware analysis, reverse engineering, Windows internals and memory forensics, it then gradually progresses deep into more advanced concepts of malware analysis & memory forensics. Attendees will learn to perform static, dynamic, code and memory analysis. This course consists of scenario-based hands-on labs after each module which involves analysing real-world malware samples and infected memory images (crimeware, APT malware, fileless malware, Rootkits etc). This hands-on training is designed to help attendees gain a better understanding of the subject in short span. Throughout the course, the attendees will learn the latest techniques used by the adversaries to compromise and persist on the system. The training also demonstrates how to integrate the malware analysis and forensics techniques into a custom sandbox to automate the analysis of malicious code. After taking this course attendees will be better equipped with skills to analyse, investigate and respond to malware-related incidents.

The training provides practical guidance and attendees should walk away with the following skills:

• How malware and Windows internals work
• How to create a safe and isolated lab environment for malware analysis
• What are the techniques and tools to perform malware analysis
• How to perform static analysis to determine the metadata associated with malware
• How to perform dynamic analysis of the malware to determine its interaction with process, file system, registry and network
• How to perform code analysis to determine the malware functionality
• How to debug a malware using tools like IDA Pro, Ollydbg/Immunity debugger/x64dbg
• How to analyze downloaders, droppers, keyloggers, fileless malware, HTTP backdoors, etc.
• What is Memory Forensics and its use in malware and digital investigation
• Ability to acquire a memory image from suspect/infected systems
• How to use open source advanced memory forensics framework (Volatility)
• Understanding of the techniques used by the malwares to hide from Live forensic tools
• Understanding of the techniques used by Rootkits(code injection, hooking, etc.)
• Investigative steps for detecting stealth and advanced malware
• How memory forensics helps in malware analysis and reverse engineering
• How to incorporate malware analysis and memory forensics in sandbox
• How to determine the network and host-based indicators (IOC)
• Techniques to hunt malwares

COURSE OUTLINE

INTRODUCTION TO MALWARE ANALYSIS:

• What is Malware
• What they do
• Why malware analysis
• Types of malware analysis
• Setting up an isolated lab environment

STATIC ANALYSIS:

• Fingerprinting the malware
• Extracting strings
• Determining File obfuscation
• Pattern matching using YARA
• Fuzzing hashing & comparison
• Understanding PE File characteristics
• Disassembly
• Hands-on lab exercise involves analyzing real malware sample

DYNAMIC ANALYSIS/BEHAVIOURAL ANALYSIS:

• Dynamic Analysis Steps
• Understanding Dynamic Analysis tools
• Simulating services
• Performing Dynamic Analysis
• Monitoring process, filesystem, registry and network activity
• Determining the Indicators of compromise (host and network indicators)
• Demo – Showing the static & dynamic analysis of real malware sample
• Hands-on lab exercise involves analyzing real malware sample

AUTOMATING MALWARE ANALYSIS(SANDBOX):

• Custom Sandbox Overview
• Working of Sandbox
• Sandbox Features
• Demo – Analyzing malware in the custom sandbox

CODE ANALYSIS:

• Code Analysis Overview
• Disassembler & Debuggers
• Code Analysis Tools
• Basics of IDA Pro
• Basics of Ollydbg/x64dbg
• Understanding the API calls
• Reversing Malware functionalities(Downloader, dropper, keylogger, code injection, HTTP backdoor)
• Hands-on lab exercise involves analyzing real malware sample

INTRODUCTION TO MEMORY FORENSICS:

• What is Memory Forensics
• Why Memory Forensics
• Steps in Memory Forensics
• Memory acquisition and tools
• Acquiring memory From physical machine
• Acquiring memory from the virtual machine
• Hands-on exercise involves acquiring the memory

VOLATILITY OVERVIEW:

• Introduction to Volatility Advanced Memory Forensics Framework
• Volatility Installation
• Volatility basic commands
• Determining the profile
• Volatility help options
• Running the plugin

INVESTIGATING PROCESS:

• Understanding Process Internals
• Process(EPROCESS) Structure
• Process organization
• Process Enumeration by walking the double linked list
• process relationship (parent-child relationship)
• Understanding DKOM attacks
• Process Enumeration using pool tag scanning
• Volatility plugins to enumerate processes
• Identifying malware process
• Hands-on lab exercise(scenario based) involves investigating malware infected memory

INVESTIGATING PROCESS HANDLES & REGISTRY:

• Objects and handles overview
• Enumerating process handles using Volatility
• Understanding Mutex
• Detecting malware presence using mutex
• Understanding the Registry
• Investigating common registry keys using Volatility
• Detecting malware persistence
• Hands-on lab exercise(scenario based) involves investigating malware infected memory

INVESTIGATING NETWORK ACTIVITIES:

• Understanding malware network activities
• Volatility Network Plugins
• Investigating Network connections
• Investigating Sockets
• Hands-on lab exercise(scenario based) involves investigating malware infected memory

INVESTIGATION PROCESS MEMORY:

• Process memory Internals
• Listing DLLs using Volatility
• Identifying hidden DLLs
• Dumping malicious executable from memory
• Dumping Dll’s from memory
• Scanning the memory for patterns(yarascan)
• Hands-on lab exercise(scenario based) involves investigating malware infected memory

INVESTIGATING USER-MODE ROOTKITS & FILELESS MALWARES:

• Code Injection
• Types of Code injection
• Remote DLL injection
• Remote Code injection
• Reflective DLL injection
• Hollow process injection
• Demo – Case Study
• Hands-on lab exercise(scenario based) involves investigating malware infected memory

MEMORY FORENSICS IN SANDBOX TECHNOLOGY:

• Sandbox Overview
• Integrating Memory Forensics into a sandbox
• Demo – showing the use of memory forensics in a custom sandbox

INVESTIGATING KERNEL-MODE ROOTKITS:

• Understanding Rootkits
• Understanding Functional call traversal in Windows
• Level of Hooking/Modification on Windows
• Kernel Volatility plugins
• Hands-on lab exercise(scenario based) involves investigating malware infected memory
• Demo – Rootkit Investigation

MEMORY FORENSIC CASE STUDIES:

• Demo – Hunting an APT malware from Memory

Who should take this course

Forensic practitioners, incident responders, cyber-security investigators, security researchers, malware analysts, system administrators, software developers, students and curious security professionals who would like to expand their skills.

Anyone interested in learning malware analysis and memory forensics.

REQUIREMENTS

Students should:

• Be familiar with using Windows/Linux
• Have an understanding of basic programming concepts, while programming experience is not mandatory.

System Requirements

• Laptop with minimum 6GB RAM and 40GB free hard disk space
• The lab samples and custom Linux VM will be provided by the Trainer
• VMware Workstation or VMware Fusion (even trial versions can be used).
• Windows Operating system (preferably Windows 7 64-bit, even Windows 8 and above versions are fine) installed inside the VMware Workstation/Fusion. You must have full administrator access for the Windows operating system installed inside the VMware Workstation/Fusion.

Note: VMware player or VirtualBox is not suitable for this training. The lab setup guide will be sent you after registration.

Advanced Malware Unpacking - 3 day (Online) with Kyriakos Economou

Overview

What started as a hobby with reverse engineering software protection, later became a large part of our professional careers in deciphering and debugging heavily obfuscated malware.

Zeroperil has combined the most interesting aspects from reverse engineering software protection and malware into this fast paced and intense course.

The course aims to teach students how to deal with a large variety of executable packers, crypters and modern malware loaders.

Attendees will learn advanced tactics, techniques and procedures in order to be able to retrieve the original malware samples from within multiple layers of obfuscation. As a result, static analysis will be easier and indicators of compromise can be extracted. Unpacked malware binaries will be fully working, allowing for dynamic analysis.

Students will gain the confidence to approach unknown executable packers and crypters by learning and applying principles that we will be teaching throughout the course.

Techniques for automated sample unpacking by taking advantage of the x86dbg/x64dbg scripting engine will be covered. By the end of the course students will be able to write their own powerful debugger automation scripts.

Delivery

The training course is fully remote and sessions will be conducted over Microsoft Teams. Each student will be presented with a copy of the training materials.

Prerequisites

Although this course does go through the necessary introductory and background theory of several technical aspects, the following set of skills is desirable prior attending:

• Basic usage of user-mode debuggers (Olly, x64/x32Dbg)
• Basic understanding of x86/x64 assembly language
• Basic knowledge of programming concepts such as pointers, loops, functions etc…
• Experience with handling malware safely (i.e. Virtual Machines and network segregation)

Technical requirements

Although this course does go through the necessary introductory and background theory of several technical aspects, the following set of skills is desirable prior attending:

• Computer/laptop able to handle a VM with a minimum of 4 dedicated CPU cores, and 4 GB of RAM
• Good internet connectivity
• A virtualisation software that is able to take runtime snapshots of the guest OS
• A virtualisation software that is able to run modern Windows OS (10, 8.1, 7)

Target audience

With the increasing number of attacks involving malware of all kinds for example remote access trojans, ransomware and information stealers to name but a few; malware analysis skills have become a necessity for security operators. Having the ability and knowledge to deal with malware that use advanced techniques to hinder the analysis, is essential for the reverse engineer. Many malware analysts rely on third-party tools to automate their work, which instead should be part of their skillset simply because tools can and do fail.

If you always wanted to learn how to reverse engineer and unpack well-known executable packers such as UPX, ASPack, PECompact, WinUpack, ASProtect, and learn to deal with modern malware loaders, this is definitely the training course for you.

This training course is open to all information security professionals and reverse engineering enthusiasts who are interested in elevating their Windows malware analysis skills to ninja level. The course will provide advanced technical skills that will give an analyst the ability to unpack common executable packers and malware loaders by hand.

The following roles in information security will mostly benefit from this course:

• MALWARE ANALYSTS
• INCIDENT RESPONDERS

Content Outline

Day 1

• x86/x64 architecture refresher
• Microsoft Windows ABI
• PE file format refresher
• Debugging & Anti-Debugging
• x32/x64Dbg Tour
• Introduction to executable packers

Day 2

• Manual unpacking a variety of executable packers
• Unpacking automation with x32/x64Dbg scripting engine

Day 3

• Reverse engineering and unpacking of malware loaders of real malware samples.
• Unpacking automation with x32/x64Dbg scripting engine

Take aways

Hand-outs will be given in PDF format covering the unpacking process of the malware samples. You will also get a copy of our unpacking scripts that we will be showcasing during the course, as well as all source code that may be used during demos.

DISCLAIMER

During this course we will be dealing with real malware samples.

Some basic instructions will be given during the course on the safe handling of live malware samples; however, it is the attendee’s responsibility to ensure that correct procedures are carried out.

ZEROPERIL LTD ASSUMES NO RESPONSIBILITY FOR ANY DAMAGES CAUSED DUE TO INCORRECT HANDLING OF MALWARE SAMPLES.

ADVANCED Web Hacking - 3 day (Online) with Tom Large

Overview

This class teaches audience a wealth of hacking techniques to compromise modern day web applications, APIs and associated end-points. This class focus on specific areas of appsec and on advanced vulnerability identification and exploitation techniques. The class allows attendees to learn and practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known. Attendees can also benefit from a state-of-art Hacklab and we can provide 30 days lab access after the class to allow attendees more practice time. By the end of the course, you’ll know:

• How to think and behave like an advanced, real world threat actor
• How to identify commonly used vulnerabilities known to have recently caused damage and disruption
• How to deploy the latest and most common network infrastructure and cloud hacks, (including many novel techniques that can’t be detected by scanners)
• How to analyse vulnerabilities within your own organisation and customise your hacking techniques in response
• A huge menu of hacks for Windows, Linux, Microsoft Azure, AWS, Google Cloud Platform (GCP), software development systems, and more.

Course Outline

• Lab Setup and architecture overview
• Burp Basics and Advanced Features
• Attacking Authentication and SSO
• Token Hijacking attacks
• Logical Bypass / Boundary Conditions
• Authentication Bypass using Subdomain Takeover
• JWT Token Brute-Force attacks
• SAML Authorization Bypass
• OAuth Issues
• Password Reset Attacks
• Cookie Swap
• Host Header Validation Bypass
• Case study of popular password reset fails.
• Business Logic Flaws / Authorization flaws
• Mass Assignment
• Invite/Promo Code Bypass
• Replay Attack
• API Authorisation Bypass
• HTTP Parameter Pollution (HPP)
• XML External Entity (XXE) Attack
• XXE Basics
• Advanced XXE Exploitation over OOB channels
• XXE through SAML
• XXE in File Parsing
• Breaking Crypto
• Known Plaintext Attack (Faulty Password Reset)
• Padding Oracle Attack
• Hash length extension attacks
• Auth bypass using .NET Machine Key
• Code Execution (RCE)
• Java Serialisation Attack
• .Net Serialisation Attack
• Node.js Serialization Attack
• PHP Serialization Attack
• JSON Serialization Attack
• Server Side Template Injection
• SQL Injection Masterclass
• 2nd order injection
• Out-of-Band exploitation
• SQLi through crypto
• OS code exec via powershell.
• Advanced topics in SQli
• Advanced SQLMap Usage
• Exploiting code injection over OOB channel
• Tricky File Upload
• Malicious File Extensions
• Circumventing File validation checks
• Exploiting hardened web servers.
• Server Side Request Forgery (SSRF)
• SSRF to query internal network
• SSRF to call internal files
• Various Case studies
• Attacking the Cloud
• SSRF Exploitation
• Serverless exploitation
• Google Dorking in the Cloud Era
• Various Case Studies
• Attacking Hardened CMS
• Identifying and attacking various CMS
• Web Caching Attacks.
• Attack Chaining N tier vulnerability Chaining leading to RCE.
• Various Case Studies

Who should take this course

Developers, SOC analysts, entry level/intermediate level penetration testers, network engineers, security architects, security enthusiasts and anyone who wants to take their skills to next level.

Student requirements

Students must bring their own laptop and have admin/root access on it. The laptop should have at least 4 GB RAM and 20 GB of free disk space and a working copy of the latest Kali Operating System. Kali OS should be run inside a Virtual machine (e.g. VMware Workstation/Fusion/Player or Virtual Box).

Trainings provides

Access to a hacking lab not just during the course but for 15 days after the class too. This gives them plenty of time to practice the concepts taught in the class. Numerous scripts and tools will also be provided during the training, along with student handouts. Check out the Advanced Web Hacking website at https://www.notsosecure.com/hacking-training/advanced-web-hacking/#overview