Hacking Your Organization (One step at a time) 2018

30-31 Octobre & 1er Novembre

Hackfest is proud to present “Hacking Your Organization (One step at a time)” by Ben Sadeghipour @nahamsec and Olivier Beg @smiegles

Hacking Your Organization (One step at a time) covers OWASP top 10 and the most commonly found vulnerabilities in web applications followed by a series of labs based on real life scenarios in bug bounties or pentests.

Register

Training includes

  • Badge for the conference on November 2-3rd
  • Lunch (October 30-31st, November 1st)
  • Coffee breaks

Schedule

Day1

  • Reflected XSS
  • Stored XSS
  • Dom XSS
  • Angular XSS
  • BREAK
  • CSRF
  • BREAK
  • IDOR
  • BREAK
  • LAB

Day 2

  • Local file inclusion
  • Path Traversal
  • BREAK
  • Server-Side Request Forgery (SSRF)
  • Blind Server-Side Request Forgery (SSRF) for XSPA
  • Server-Side Request Forgery (SSRF) with output
  • Server-Side Request Forgery (SSRF) that allows AWS 302?
  • Server-Side Request Forgery (SSRF) via redirect header / open redirect
  • BREAK
  • Arbitrary file upload
  • Unvalidated PHP upload
  • Path traversal to root
  • RCE in filename
  • XSS
  • LAB

Day 3

  • SQL Injection
  • SQL Inection with output
  • Blind SQL Inection
  • SQL Inection by turing the parameter into an array
  • BREAK
  • Recon
  • Sublister / knock
  • Cert Transparency
  • Nmap/Massdns
  • Dirsearch
  • Information Disclosure
  • Default or weak credentials
  • Component with known vulnerabilties
  • BREAK
  • LAB

Technical prerequisites

  • Your laptop

Biographies

Olivier

Olivier Beg, @smiegles

Olivier Beg works as Head of researchers at Zerocopter, is a bug bounty researcher since 2013 and an active member of the security community. He is also known for sending Jobert a PHP t-shirt which he accepted with great gratitude.

Ben

Ben Sadeghipour, @nahamsec

Ben Sadeghipour is a Security Associate at HackerOne, Ben is an active member of the security community and security research education. Ben has led workshops for new hackers and created / moderates a community of hundreds of active bug bounty hackers who share ideas and their experience to make the internet safer.