Modern IT systems are increasingly complex, making full-stack expertise more essential than ever. That's why diving into full-stack pentesting is crucial—you will gain the skills needed to master modern attack vectors and implement effective defensive countermeasures.
For each attack, vulnerability and technique presented in this training, there is a lab exercise to help you develop your skills step by step. What's more, when the training is over, you can take the complete lab environment home to hack again at your own pace.
The instructor has found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this training I'll share my experience with you.
To get the most of this training intermediate knowledge of web application security is needed. Students should have experience in using a proxy, such as Burp Suite Proxy or Zed Attack Proxy (ZAP), to analyze or modify the traffic.
About the instructor: Dawid Czagan
Dawid Czagan is an internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security bugs in Apple, Google, Mozilla, Microsoft and many others. Due to the severity of many bugs, he received numerous awards for his findings.
Dawid Czagan shares his offensive security experience in his hands-on trainings. He delivered trainings at key industry conferences such as DEF CON (Las Vegas), OWASP Global AppSec EU (Barcelona), Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), NorthSec (Montreal), HITB GSEC (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector
DAY 1
1. Hacking cloud applications (90 minutes)
- Amazon S3: directory listing via AWS CLI tool
- Amazon S3: bruteforcing buckets
- Amazon S3: bruteforcing objects in a given bucket
- Amazon EC2: reading the SecretAccessKey (3 techniques)
- Bypassing Cloudflare firewall
2. API hacking tips & tricks (60 minutes)
- API hacking with X-HTTP-Method-Override:
- API hacking with X-Override-URL:
- API hacking with callback
- API hacking with JSON enforcement (in request)
- API hacking with JSON enforcement (in response)
3. OSINT asset discovery tools (60 minutes)
- Subdomain enumeration with dnscan and amass
- Subdomain enumeration with Certificate Transparency log
- Subdomain enumeration with SubDomainizer
- Domain enumeration with nerdydata.com
- Top-level domain enumeration with dnscan
4. Hacking with special characters (45 minutes)
- Visual impersonation with ASCII control characters
- Visual impersonation with Unicode control characters
- XSS via response splitting
5. XML attacks (45 minutes)
- XML External Entity attack (XXE)
- XML XInclude attack
- XSS via XML
6. Server-side template injection (SSTI) (60 minutes)
- RCE via template injection in PHP Smarty
- RCE via template injection in Python Jinja
- RCE via template injection in Java FreeMarker
7. Hacking git repos (45 minutes)
- gitleaks (finding sensitive data based on regular expressions)
- trufflehog (finding sensitive data based on entropy checking)
- dumping git repo with git-dumper
- finding sensitive data in git commit history
DAY 2
Google hacking techniques (45 minutes)
- finding directory listings and backup files
- finding SQL syntax errors
- finding URLs with API keys
- finding internal server errors
- finding insecure HTTP web pages
2. Automated SQL injection detection and exploitation (45 minutes)
- sqlmap: full test case coverage, dumping database table entries
- sqlmap: installing a backdoor (from SQL injection to remote code execution)
- sqlmap: bypassing web application firewalls with tamperscripts
3. File read attacks (60 minutes)
- Alternate Data Streams notation
- 8dot3 notation
- Windows NTFS (2 techniques)
4. Data exfiltration tools and techniques (90 minutes)
- DNS exfiltration using dnscat2
- ICMP exfiltration using Data Exfiltration Toolkit
- text-based steganography using cloakify
- image-based steganography exfiltration using LSBSteg
- video-based steganography using CCVS
5. GitHub hacking techniques (45 minutes)
- web config files
- database config files
- private keys
- IDE config files
- Amazon AWS keys
6. Non-standard XSS attacks (30 minutes)
- XSS attack with two slashes
- XSS via URL
7. Smart password cracking with hashcat (45 minutes)
- cracking NTLM password
- cracking password-protected PDF document
- benchmarking
8. Other tools and techniques (45 minutes)
- Retire.js: finding JavaScript libraries with known vulnerabilities
- Extracting passwords with LaZagne
- NTLM hash hijacking with Responder
DAY 3
1. File upload attacks (45 minutes)
- via .htaccess
- via SVG file
- via AddHandler
2. CLI hacking scripts (60 minutes)
- using waybackurls
- using photon
- using nmap + nikto
- nmap vs. masscan
3. Hacking with wrappers (60 minutes)
- RCE with data: wrapper
- RCE with php://input wrapper
- RCE with zip: wrapper
4. NoSQL injection detection and exploitation (45 minutes)
- Elasticsearch
- MongoDB
- CouchDB
5. Bypassing restrictions (60 minutes)
- with X-Forwarded-For:
- with Forwarded:
- with IP address
- with hex encoding in JavaScript
6. Modern full-stack web attacks (45 minutes)
- HTTP parameter pollution
- Web cache deception attack
7. Hacking Electron applications (45 minutes)
- from XSS to RCE
- from insecure framing to RCE
8. Miscellaneous (45 minutes)
- Finding metadata with exiftool
- Reverse shell connection with ShellPop
- XSS polyglot
What Students Should Bring
Students will need a laptop with 64-bit operating system, at least 8 GB RAM, 35 GB free hard drive space, administrative access, ability to turn off AV/firewall and VMware Player/Fusion installed (64-bit version). Prior to the training, make sure there are no problems with running x86_64 VMs.
Special Bonus
The ticket price includes FREE access to my 6 online courses:
- Fuzzing with Burp Suite Intruder
- Exploiting Race Conditions with OWASP ZAP
- Case Studies of Award-Winning XSS Attacks: Part 1
- Case Studies of Award-Winning XSS Attacks: Part 2
- How Hackers Find SQL Injections in Minutes with Sqlmap
- Web Application Security Testing with Google Hacking
1. Hva koster kurset?
Prisen er 24 900 NOK.
2. Hvor lenge varer kurset?
Kurset går over 3 dager (full-day instruktørledet trening).
3. Hvordan foregår kurset?
Dette er et intensivt, praktisk kurs med 100% hands-on lab-øvelser. Undervisningen kombinerer korte faglige forelesninger, demonstrasjoner og praktiske øvelser i et ferdig oppsatt lab-miljø. Etter kurset får du livstids-tilgang til hele lab-miljøet (leveres som VMware image) slik at du kan øve videre hjemme.
4. Hvem passer kurset for?
Kurset er rettet mot deltakere som har grunnleggende erfaring med web-sikkerhet og ønsker å ta ferdighetene sine til et avansert, praktisk nivå, typisk:
- Web-applikasjons-sikkerhetstester / penetration testers
- Security engineers og red-/blue-team medlemmer
- DevSecOps-personell som ønsker offensive ferdigheter
- Sikkerhetskonsulenter og granskere
5. Hvilke forkunnskaper bør jeg ha?
For å få maksimalt utbytte bør du ha:
- Intermediær kunnskap om webapplikasjonssikkerhet (OWASP-nivå)
- Erfaring med proxy-verktøy som Burp Suite eller ZAP
- Grunnleggende Linux- og nettverkskunnskap anbefales
6. Hva lærer jeg i kurset?
Du får praktisk trening og erfaring med blant annet:
- Hacking av cloud-applikasjoner og S3/EC2 teknikker
- API-hacking, SSTI, XXE, NoSQL/SQLi og RCE-vektorer
- OSINT og subdomain discovery, Google/GitHub hacking
- File upload, file read, web cache deception og HTTP parameter pollution
- XSS (inkl. polyglot / avanserte varianter), SSTI, og moderne full-stack angrep
- NTLM-hijacking, hash-extraction, smart password cracking (hashcat)
- Hacking Electron-applikasjoner, metadata-analyse, reverse shells m.m.
- Praksis: hver teknikk demonstreres og øves i labs.
7. Er dette kurset praktisk? (labs & tilgang)
Ja — tungt praktisk fokus. Deltakerne mottar et ferdig oppsatt VMware-image med hele labmiljøet. Etter kurset kan du ta med labmiljøet hjem og fortsette å øve (krever signert NDA). I tillegg får du livstids tilgang til labmiljøet.
8. Hva får jeg inkludert?
- 3 dager instruktørledet hands-on trening med Dawid Czagan
- VMware-image med komplett labmiljø (take-home etter NDA)
- Gratis tilgang til 6 online bonuskurs listet i kursbeskrivelsen
- Kursmateriell og øvingsguider
9. Er det noen eksamen eller sertifisering?
Kurset inneholder ingen offisiell sertifisering eller eksamen. Fokus er praktisk ferdighetsbygging og «real-world» erfaring.
10. Hva må jeg ha med / systemkrav?
Deltakerne må ha med egen laptop med følgende minimumskrav:
- 64-bit OS (Windows/macOS/Linux)
- Minst 8 GB RAM (anbefalt mer for stabile VMer)
- Minst 35 GB ledig diskplass
- VMware Player/Fusion (64-bit) installert og fungerende
- Administrative rettigheter for å slå av AV/firewall ved behov
- Sørg for at din maskin kan kjøre x86_64-VMer før kurstart.
11. Hvem er instruktøren?
Instruktør er Dawid Czagan, internasjonalt anerkjent sikkerhetsforsker og trener (bl.a. funnet bugs i Apple, Google, Mozilla). Dawid har holdt kurs og foredrag ved store konferanser som DEF CON, OWASP AppSec, HITB m.fl.
12. Hva slags oppfølging og ressurser får jeg etter kurset?
- Livstids tilgang til lab-image (etter signert NDA) slik at du kan gjenta øvelsene hjemme.
- Tilgang til online bonuskursene som følger med billetten.
- Referanser og videre læringsressurser anbefalt av instruktøren.
13. Er dette kurset egnet for nybegynnere?
Kurset krever noe forhåndskunnskap innen web-sikkerhet og bruk av proxy-verktøy. Dersom du er helt ny, anbefales et grunnleggende web-sikkerhetskurs først før dette avanserte, praktiske kurset.
Explore other security courses within pentesting:
