Hacking Your Organization (One step at a time) 2018

30-31 Octobre & 1er Novembre

Hackfest is proud to present “Hacking Your Organization (One step at a time)” by Ben Sadeghipour @nahamsec and Olivier Beg @smiegles

Hacking Your Organization (One step at a time) covers OWASP top 10 and the most commonly found vulnerabilities in web applications followed by a series of labs based on real life scenarios in bug bounties or pentests.

Formation en anglais


Training includes

  • Badge for the conference on November 2-3rd
  • Lunch (October 30-31st, November 1st)
  • Coffee breaks



  • Reflected XSS
  • Stored XSS
  • Dom XSS
  • Angular XSS
  • CSRF
  • IDOR
  • LAB

Day 2

  • Local file inclusion
  • Path Traversal
  • Server-Side Request Forgery (SSRF)
  • Blind Server-Side Request Forgery (SSRF) for XSPA
  • Server-Side Request Forgery (SSRF) with output
  • Server-Side Request Forgery (SSRF) that allows AWS 302?
  • Server-Side Request Forgery (SSRF) via redirect header / open redirect
  • Arbitrary file upload
  • Unvalidated PHP upload
  • Path traversal to root
  • RCE in filename
  • XSS
  • LAB

Day 3

  • SQL Injection
  • SQL Inection with output
  • Blind SQL Inection
  • SQL Inection by turing the parameter into an array
  • Recon
  • Sublister / knock
  • Cert Transparency
  • Nmap/Massdns
  • Dirsearch
  • Information Disclosure
  • Default or weak credentials
  • Component with known vulnerabilties
  • LAB

Technical prerequisites

  • Your laptop



Olivier Beg, @smiegles

Olivier Beg works as Head of researchers at Zerocopter, is a bug bounty researcher since 2013 and an active member of the security community. He is also known for sending Jobert a PHP t-shirt which he accepted with great gratitude.


Ben Sadeghipour, @nahamsec

Ben Sadeghipour is a Security Associate at HackerOne, Ben is an active member of the security community and security research education. Ben has led workshops for new hackers and created / moderates a community of hundreds of active bug bounty hackers who share ideas and their experience to make the internet safer.