Hacking Your Organization (One step at a time) 2018
Hackfest is proud to present “Hacking Your Organization (One step at a time)” by Ben Sadeghipour @nahamsec and Olivier Beg @smiegles
Hacking Your Organization (One step at a time) covers OWASP top 10 and the most commonly found vulnerabilities in web applications followed by a series of labs based on real life scenarios in bug bounties or pentests.
Register
Training includes
- Badge for the conference on November 2-3rd
- Lunch (October 30-31st, November 1st)
- Coffee breaks
Schedule
Day1
- Reflected XSS
- Stored XSS
- Dom XSS
- Angular XSS
- BREAK
- CSRF
- BREAK
- IDOR
- BREAK
- LAB
Day 2
- Local file inclusion
- Path Traversal
- BREAK
- Server-Side Request Forgery (SSRF)
- Blind Server-Side Request Forgery (SSRF) for XSPA
- Server-Side Request Forgery (SSRF) with output
- Server-Side Request Forgery (SSRF) that allows AWS 302?
- Server-Side Request Forgery (SSRF) via redirect header / open redirect
- BREAK
- Arbitrary file upload
- Unvalidated PHP upload
- Path traversal to root
- RCE in filename
- XSS
- LAB
Day 3
- SQL Injection
- SQL Inection with output
- Blind SQL Inection
- SQL Inection by turing the parameter into an array
- BREAK
- Recon
- Sublister / knock
- Cert Transparency
- Nmap/Massdns
- Dirsearch
- Information Disclosure
- Default or weak credentials
- Component with known vulnerabilties
- BREAK
- LAB
Technical prerequisites
- Your laptop
Biographies
Olivier Beg, @smiegles
Olivier Beg works as Head of researchers at Zerocopter, is a bug bounty researcher since 2013 and an active member of the security community. He is also known for sending Jobert a PHP t-shirt which he accepted with great gratitude.
Ben Sadeghipour, @nahamsec
Ben Sadeghipour is a Security Associate at HackerOne, Ben is an active member of the security community and security research education. Ben has led workshops for new hackers and created / moderates a community of hundreds of active bug bounty hackers who share ideas and their experience to make the internet safer.