Hacking Your Organization (One step at a time) 2018

30-31 Octobre & 1er Novembre

Hackfest is proud to present “Hacking Your Organization (One step at a time)” by Ben Sadeghipour @nahamsec and Olivier Beg @smiegles

Hacking Your Organization (One step at a time) covers OWASP top 10 and the most commonly found vulnerabilities in web applications followed by a series of labs based on real life scenarios in bug bounties or pentests.

Formation en anglais

Inscription

Training includes

Badge for the conference on November 2-3rd
Lunch (October 30-31st, November 1st)
Coffee breaks

Schedule

Day1

Reflected XSS
Stored XSS
Dom XSS
Angular XSS
BREAK
CSRF
BREAK
IDOR
BREAK
LAB

Day 2

Local file inclusion
Path Traversal
BREAK
Server-Side Request Forgery (SSRF)
Blind Server-Side Request Forgery (SSRF) for XSPA
Server-Side Request Forgery (SSRF) with output
Server-Side Request Forgery (SSRF) that allows AWS 302?
Server-Side Request Forgery (SSRF) via redirect header / open redirect
BREAK
Arbitrary file upload
Unvalidated PHP upload
Path traversal to root
RCE in filename
XSS
LAB

Day 3

SQL Injection
SQL Inection with output
Blind SQL Inection
SQL Inection by turing the parameter into an array
BREAK
Recon
Sublister / knock
Cert Transparency
Nmap/Massdns
Dirsearch
Information Disclosure
Default or weak credentials
Component with known vulnerabilties
BREAK
LAB

Technical prerequisites

Your laptop

Biograhpies

Olivier

Olivier Beg, @smiegles

Olivier Beg works as Head of researchers at Zerocopter, is a bug bounty researcher since 2013 and an active member of the security community. He is also known for sending Jobert a PHP t-shirt which he accepted with great gratitude.

Ben

Ben Sadeghipour, @nahamsec

Ben Sadeghipour is a Security Associate at HackerOne, Ben is an active member of the security community and security research education. Ben has led workshops for new hackers and created / moderates a community of hundreds of active bug bounty hackers who share ideas and their experience to make the internet safer.