Ruxcon Training

web

PENTESTERLAB'S ADVANCED WEB HACKING

Louis Nyffenegger & Luke Jahnke

October 22 - 23, Melbourne, Australia

EARLY BIRD

$2000

ENDS June 30

REGULAR

$2300

ENDS August 31

LATE

$2500

STARTS September 01

Prices do not include GST

OVERVIEW

Tired of alert(1)? You think there is more too life than Burp scanner? You went through PentesterLab's exercises and thought "I WANT MORE!!"? This training is for you!

This 2-day training will get you to the next level. We will look into CORS, the exploitation of recent vulnerabilities (Struts RCE, Shellshock, Heartbleed). We will also get shells using serialisation in multiple languages and find vulnerabilities that you may have missed in the past. Non public variants to known issues will also be detailed.

After a quick overview of what you need to know to attack web applications, we will directly jump to the interesting stuff: Hands-on training and real attacks. The class is a succession of 15 minute explanations on what you need to know, followed by hands-on examples to really understand and exploit vulnerabilities. After the training, you will go home with the course (slides based) and the systems (Linux ISO) to be able to play and refresh your memory!

SYLLABUS

The following subjects will be covered:

  • Cross-origin resource sharing
  • Struts RCE
  • Multiple Serialisation attacks (PHP, Python, Java)
  • Jboss web-console
  • Blind XML entities attacks
  • Heartbleed
  • Tricky SQL injections