PENTESTERLAB'S ADVANCED WEB HACKING
Louis Nyffenegger & Luke Jahnke
October 22 - 23, Melbourne, Australia
ENDS June 30
ENDS August 31
STARTS September 01
Prices do not include GST
Tired of alert(1)? You think there is more too life than Burp scanner? You went through PentesterLab's exercises and thought "I WANT MORE!!"? This training is for you!
This 2-day training will get you to the next level. We will look into CORS, the exploitation of recent vulnerabilities (Struts RCE, Shellshock, Heartbleed). We will also get shells using serialisation in multiple languages and find vulnerabilities that you may have missed in the past. Non public variants to known issues will also be detailed.
After a quick overview of what you need to know to attack web applications, we will directly jump to the interesting stuff: Hands-on training and real attacks. The class is a succession of 15 minute explanations on what you need to know, followed by hands-on examples to really understand and exploit vulnerabilities. After the training, you will go home with the course (slides based) and the systems (Linux ISO) to be able to play and refresh your memory!
The following subjects will be covered:
- Cross-origin resource sharing
- Struts RCE
- Multiple Serialisation attacks (PHP, Python, Java)
- Jboss web-console
- Blind XML entities attacks
- Tricky SQL injections
ABOUT THE TRAINER
Louis Nyffenegger is an experienced and sought-after security consultant specialising in web penetration testing. He is a regular guest speaker at local security conferences including Ruxcon and Owasp, and has conducted a web application security training at both conferences. In his spare time Louis helps set up Ruxcon’s Capture the Flag competition. In 2011, Louis started PentesterLab, a company specialising in security training. A free version of some of the PentesterLab exercises are available here. Recently, Louis published Bootcamp, a learning path for getting into penetration testing.
Luke Jahnke is the creator of Bitcoin CTF, one of the hardest CTF dedicated to web security. In 2014, he talked at Ruxcon on "Safe cracking on a budget".
This training is aimed at penetration testers and security professionals who want to improve their Web mojo.
The following skills/knowledge are required:
- Exposure to information security technologies
- The ability to use a web proxy like Burp Suite, Paros.
- The ability to write basic scripts in Ruby, Python or Perl.