Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified at some of the greatest companies? If that sounds interesting, join this unique 100% hands-on training.
The instructor will present security bugs found in a number of bug bounty programs (including Google, Yahoo, Mozilla, Twitter and others). You will learn how bug hunters think and how to hunt for and exploit vulnerabilities effectively.
To be successful in bug hunting, you need to go beyond automated scanners. If you are not afraid of going into detail and diving into full-stack exploitation, then this 100% hands-on training is for you. There is a lab exercise for each attack presented in this training + students can take the complete lab environment home after the training session.
To get the most of this training intermediate knowledge of web application security is needed. Students should be familiar with common web application vulnerabilities and have experience in using a proxy, such as Burp Suite Proxy, or similar, to analyze or modify the traffic.
DAY 1
1) Advanced SSRF attacks (90 minutes)
- SSRF: reading the SecretAccessKey of an application hosted on AWS
- SSRF: Jenkins shutdown
- SSRF: deleting ElasticSearch database
2) Exploiting type confusion and DB truncation (45 minutes)
- Bypassing authentication via type confusion
- DB truncation: changing the admin’s password
3) Hacking AngularJS applications (75 minutes)
- AngularJS: Template injection and $scope hacking
- AngularJS: Going beyond the $scope
- AngularJS: Hacking a static template
4) Bypassing Content Security Policy (75 minutes)
- Bypassing CSP via Google’s ajax libraries CDN
- Bypassing CSP via Flash file
- Bypassing CSP via polyglot file
- Bypassing CSP via AngularJS
5) Hacking with wrappers (45 minutes)
- Source code disclosure via wrappers
- RCE via data: wrapper
- RCE via PHP input stream wrapper
6) Bypassing authorization and protection mechanisms (45 minutes)
- HTTP parameter pollution
- Bypassing XSS protection with Shift_JIS encoding
7) NoSQL injection attacks (45 minutes)
- NoSQL injection: MongoDB
- NoSQL injection: ElasticSearch
8) Exploiting race conditions (60 minutes)
- Race condition: stealing money from a bank (for educational purposes only)
- Race condition: reusing a one-time discount code
DAY 2
1) Non-standard XML attacks (45 minutes)
- SSRF via XML DOCTYPE
- SSRF via XML XInclude
- SSRF via XML External Entity
2) DOM XSS exploitation (90 minutes)
- DOM XSS via location.hash
- DOM XSS via JSON
- DOM XSS via cookie
3) Browser-dependent exploitation (90 minutes)
- Token hijacking via PDF file
- Account takeover via clickjacking
- XSS via Path-Relative Stylesheet Import Vulnerability (PRSSI)
4) Reflected file download vulnerability (60 minutes)
- Reflected File Download (RFD) with callback
- Reflected File Download (RFD) with callback and JScript
- Reflected File Download (RFD) without callback
5) Deserialization attacks (60 minutes)
- RCE via deserialization (Python)
- RCE via deserialization (Java)
- Path traversal via deserialization (PHP)
6) Advanced full-stack attacks (60 minutes)
- Subdomain takeover
- User redirection via window.opener tabnabbing
- RCE via AddHandler
7) Q&A session (30 minutes)
What Students Should Bring
Students will need a laptop with 64-bit operating system, at least 8 GB RAM, 35 GB free hard drive space, administrative access, ability to turn off AV/firewall and VMware Player/Fusion installed (64-bit version). Prior to the training, make sure there are no problems with running x86_64 VMs. Please also make sure that you have Internet Explorer 11 installed on your machine or bring an up-and-running VM with Internet Explorer 11 (for a few labs).
Special Bonus
The ticket price includes FREE access to my 6 online courses:
- Start Hacking and Making Money Today at HackerOne
- Keep Hacking and Making Money at HackerOne
- Case Studies of Award-Winning XSS Attacks: Part 1
- Case Studies of Award-Winning XSS Attacks: Part 2
- DOUBLE Your Web Hacking Rewards with Fuzzing (aka Fuzzing with Burp Suite Intruder)
- How Web Hackers Make BIG MONEY: Remote Code Execution
1. Hva koster kurset?
Prisen er 17 900 NOK.
2. Hvor lenge varer kurset?
Kurset går over 2 dager (full-day instruktørledet trening).
3. Hvordan foregår kurset?
Dette er et intensivt, 100 % hands-on kurs hvor korte fagforedrag etterfølges av praktiske lab-øvelser. Undervisningen kombinerer demonstrasjoner, veiledede øvelser og «live» hacking-labs i et ferdig oppsatt miljø.
4. Hvem passer kurset for?
Kurset er beregnet for deltakere med grunnleggende web-sikkerhetskompetanse som vil videreutvikle ferdigheter innen bug-hunting og full-stack utnyttelse. Typiske deltakere:
- Bug bounty-jegere og penetration testers
- Security engineers og red/blue-team medlemmer
- DevSecOps-personell og sikkerhetskonsulenter
5. Hvilke forkunnskaper bør jeg ha?
For å få mest mulig ut av kurset bør du ha:
- Intermediær kunnskap om webapplikasjonssikkerhet (OWASP-nivå)
- Erfaring med proxy-verktøy (f.eks. Burp Suite eller ZAP)
- Grunnleggende Linux- og nettverksforståelse
6. Hva lærer jeg i kurset?
Du får praktisk trening i en rekke avanserte webangrep og teknikker, blant annet: SSRF, type-confusion, NoSQL/SQLi, DOM XSS, bypass av CSP, deserialisering, race conditions, RFD, subdomain takeover, token hijacking, RCE-vektorer, og mye mer. Hver teknikk følges av en labøvelse.
7. Hva slags labs og øvelser inngår?
Kurset inneholder dedikerte labøvelser for alle temaer — bl.a. SSRF, AngularJS-angrep, CSP-bypass, NoSQL-injection, race conditions, DOM XSS, deserialisering, RFD, og praktiske full-stack-scenarier. Deltakerne får hands-on trening gjennom hele programmet.
8. Hva får jeg inkludert?
- 2 dagers instruktørledet trening med Dawid Czagan
- Ferdig oppsatt VMware-image med labmiljø (take-home etter signert NDA)
- Gratis tilgang til 6 tilhørende online bonuskurs som følger med billetten
- Kursmateriell og øvingsguider
9. Kan jeg ta med labmiljøet hjem?
Ja — etter kurset kan deltakerne ta med seg hele lab-VM-imagen hjem, forutsatt at de signerer en NDA (non-disclosure agreement) og følger arrangørens regler for ansvarlig bruk.
10. Er det eksamen eller sertifisering?
Nei — kurset inneholder ingen offisiell sertifisering eller eksamen. Fokus er praktisk ferdighetsbygging og reelle bug-jegingsmetoder.
11. Hva må jeg ha med / systemkrav?
Deltakerne må ha egen laptop med minimum:
- 64-bit operativsystem
- Minst 8 GB RAM (anbefalt mer ved bruk av flere VMer)
- Minst 35 GB ledig diskplass
- VMware Player/Fusion (64-bit) installert og fungerende
- Administrative rettigheter og mulighet til å midlertidig deaktivere AV/firewall ved behov
- Merk: Noen labs krever Internet Explorer 11 — ha dette tilgjengelig eller en VM med IE11.
12. Hvem underviser?
Instruktør er Dawid Czagan, internasjonalt anerkjent sikkerhetsforsker og bug-hunter (prisvinnende funn hos store aktører). Dawid har bred erfaring fra konferanser og bedriftsopplæring internasjonalt.
Explore other security courses within pentesting:
