Skip to content
defcontrainings
Shopping Cart 0
Close Back
  • Call for Trainers 2023
  • Training Review Board
  • Code of Conduct
    • Login
    Close
    Your cart is currently empty.
    0

    Total: $0.00

    Shipping & taxes are calculated at checkout.
    View Cart
    Continue browsing
    Ben Sadeghipour - Hacking Organizations: Phishing Not Required $1,800 EARLY $1,450

    DEF CON Training

    Ben Sadeghipour - Hacking Organizations: Phishing Not Required $1,800 EARLY $1,450

    Name of training:
    Hacking Organizations: Phishing Not Required

    Trainer bio:
    Ben Sadeghipour, also known as NahamSec, is a hacker, content creator, trainer, public speaker, and conference organizer. He has extensive experience in ethical hacking and bug bounty hunting, having identified and exploited thousands of security vulnerabilities for companies such as Apple, Yahoo, Google, Airbnb, Snapchat, the US Department of Defense, and Yelp. Sadeghipour was formerly the head of Hacker Education at HackerOne. In addition to his professional pursuits, Sadeghipour also creates content on YouTube and Twitch to help others get into ethical hacking, bug bounty, web hacking and reconnaissance.


    Trainer(s) social media links:
    Twitter.com/NahamSec

    YouTube.com/NahamSec

    Do you have links to sites that promoted your past training so we can better understand how you presented it to the public?
    https://hackfest.ca/en/trainings/web/

    https://appsecus2018.sched.com/event/EyjH/3-day-training-hacking-your-organization-one-step-at-a-time


    Class overview:

    “Hacking Organizations: Phishing Not Required” is a comprehensive course designed to teach students how to identify vulnerabilities in web applications and digital assets from an external perspective. The first two days of the course is cover the ten most common vulnerabilities found in web applications as well as principles of reconnaissance. On the third day, students will apply these skills to develop a technique for identifying impactful vulnerabilities that potentially allow access to an organization's internal infrastructure. This training is appropriate for anyone interested in web application penetration testing, bug bounties, or joining a red team with a web and reconnaissance focus.


    Class outline:


    Day 1
    Burp Suite Basics
    HTTP Basic Refresher

    Request Types

    Headers


    Respond Codes
    Status Codes

    Open Redirects + Labs
    Whitelisting

    Blacklisting

    Basics of open redirects


    Cross-Site Scripting (XSS) + Lab
     Reflected Cross-Site Scripting Stored Cross-Site Scripting Dom Cross-Site Scripting
    Blind XSS Break

    Cross Site Request forgery (CSRF) + Lab No CSRF token Reusable CSRF token


    Insecure Direct Object References (IDOR) + Lab
     Incrementing IDs Weak encryption (B64) UUID from other vulnerabilities

    Local file Read & Path Traversal + Lab


    Path Traversal Basics


    Local File read


    Path traversal bypasses


    Advanced Path Traversal and local file read


    Server-Side Request Forgery (SSRF) + Lab
    Understanding SSRF + Protocols
    Local File Read
    Blind SSRF and Port Scan
    Accessing Local Network via SSRf
    White Listing and Black Listing
    Exploiting PDF Generators and Similar


    Day 2

    Privilege Escalation + Lab
    Understanding user roles

    Priv Esc through IDOR
    Priv Esc via password brute force
    Elevating user access roles

    Arbitrary file upload + Lab
    Unvalidated upload (php, asp, etc)
    Path Traversal in uploaders

    XML external entity (XXE) + Lab
    Basics of XXE XXE in excel, docx, etc
    XXE in PDF Generators

    Remote Command / Code Execution
    Understanding RCE
    RCE via file uploads
    Remote Command Injection in URL parsing


    Weak or default credentials
    Weak or default credential Basics
    Wordlists
    Looking through previous password dumps
    Default Credentials
    Password Guessing

    Components with Known Vulnerabilities

    SSRF
    RCE via known vulnerabilities
    Image Magick
    Tomcat
    Struts2

    Shellshock
    log4j


    Reconnaissance - Asset Discovery + Hands on demo
    DNS Basics
    ASN Ranges (Cloud vs in house)
    Subdomain Brute Forcing
    Certificate Transparency
    3rd Party tools (Shodan, Censys, etc)
    Permutation and Environments
    Automation Demo

    Reconnaissance - Content Discovery + Lab
    Creating and maintaining word list
    Contextualizing directory/file brute forcing
    Port scanning
    Information gathering using https
    Approaching APIs

    Leveraging search engines for reconnaissance
    Google Dorking
    Leaked credentials
    Finding additional information about your target

    Methodology
    Understanding company infrastructure
    Identifying and prioritizing interesting assets
    Combining asset discovery and content discovery
    Looking for leads (documentation, API specs, etc)
    Looking for patterns of mistake across an infrastructure
    DNS Misconfigurations (subdomain or DNS takeover)
    Understanding SSO
    SSO Bypass or priv escalation

    Final Lab + Test


    Technical difficulty of the class:

    This class is designed for beginner to intermediate level. While this training will offer and cover the foundations of web application hacking, it is highly suggested that students have a solid foundation in web application hacking and in web development.


    Suggested prerequisites for the class:
    HTTP Basics:
    https://developer.mozilla.org/en-US/docs/Web/HTTP


    How to set up burp suite:
    https://portswigger.net/burp/documentation/desktop/getting-started/download-and-install


    Understanding DNS:
    https://www.cloudflare.com/learning/dns/what-is-dns


    Items students will need to provide:
    Students should bring in a laptop (Mac OS, Windows, or a Linux distribution of your choice) with a working browser. Please make sure you have installed Burp Suite and are able to intercept your browsers traffic.

    $1,450.00

    DEF CON Communications, Inc.

    1100 Bellevue way NE

    8A-85

    Bellevue, WA 98004

    American Express Apple Pay Diners ClubDiscoverMeta Pay Google Pay MastercardPayPalShop PayVenmo Visa
    Copyright © 2023 defcontrainings. Powered by Shopify
    Attention!

    This site uses cookies to provide you with the best user experience possible. By continuing to use this site, you accept our use of cookies.

    Read our privacy policy.

    }