Ben Sadeghipour - Hacking Organizations: Phishing Not Required $1,500 (Early $1,300)

Name of Training:

Hacking Organizations: Phishing Not Required

Description:

Teach students how to identify vulnerabilities in web applications and digital assets from an external perspective.

Training description:

“Hacking Organizations: Phishing Not Required” is a comprehensive course designed to teach students how to identify vulnerabilities in web applications and digital assets from an external perspective. The first two days of the course is cover the ten most common vulnerabilities found in web applications as well as principles of reconnaissance. On the third day, students will apply these skills to develop a technique for identifying impactful vulnerabilities that potentially allow access to an organization's internal infrastructure. This training is appropriate for anyone interested in web application penetration testing, bug bounties, or joining a red team with a web and reconnaissance focus.

Past content:
https://hackfest.ca/en/trainings/web/

https://appsecus2018.sched.com/event/EyjH/3-day-training-hacking-your-organization-one-step-at-a-time

Trainer(s) bio:

Ben Sadeghipour, also known as NahamSec, is a hacker, content creator, trainer, public speaker, and conference organizer. He has extensive experience in ethical hacking and bug bounty hunting, having identified and exploited thousands of security vulnerabilities for companies such as Apple, Yahoo, Google, Airbnb, Snapchat, the US Department of Defense, and Yelp. Sadeghipour was formerly the head of Hacker Education at HackerOne. In addition to his professional pursuits, Sadeghipour also creates content on YouTube and Twitch to help others get into ethical hacking, bug bounty, web hacking and reconnaissance.

Trainer(s) social media links:

https://twitter.com/NahamSec
https://youtube.com/NahamSec

Outline:

Day 1:
Burp Suite Basics
HTTP Basic Refresher

Request Types

Headers
Respond Codes
Status Codes
Open Redirects + Labs
Whitelisting

Blacklisting

Basics of open redirects
Cross-Site Scripting (XSS) + Lab Reflected Cross-Site Scripting Stored Cross-Site Scripting Dom Cross-Site Scripting
Blind XSS Break

Cross Site Request forgery (CSRF) + Lab No CSRF token Reusable CSRF token
Insecure Direct Object References (IDOR) + Lab Incrementing IDs Weak encryption (B64) UUID from other vulnerabilities
Local file Read & Path Traversal + Lab
Path Traversal Basics
Local File read
Path traversal bypasses
Advanced Path Traversal and local file read
Server-Side Request Forgery (SSRF) + Lab
Understanding SSRF + Protocols
Local File Read
Blind SSRF and Port Scan
Accessing Local Network via SSRf
White Listing and Black Listing
Exploiting PDF Generators and Similar

Day 2:
Privilege Escalation + Lab
Understanding user roles

Priv Esc through IDOR
Priv Esc via password brute force
Elevating user access roles

Arbitrary file upload + Lab
Unvalidated upload (php, asp, etc)
Path Traversal in uploaders

XML external entity (XXE) + Lab
Basics of XXE XXE in excel, docx, etc
XXE in PDF Generators

Remote Command / Code Execution
Understanding RCE
RCE via file uploads
Remote Command Injection in URL parsing

Weak or default credentials
Weak or default credential Basics
Wordlists
Looking through previous password dumps
Default Credentials
Password Guessing

Components with Known Vulnerabilities

SSRF
RCE via known vulnerabilities
Image Magick
Tomcat
Struts2

Shellshock
log4j

Reconnaissance - Asset Discovery + Hands on demo
DNS Basics
ASN Ranges (Cloud vs in house)
Subdomain Brute Forcing
Certificate Transparency
3rd Party tools (Shodan, Censys, etc)
Permutation and Environments
Automation Demo

Reconnaissance - Content Discovery + Lab
Creating and maintaining word list
Contextualizing directory/file brute forcing
Port scanning
Information gathering using https
Approaching APIs

Leveraging search engines for reconnaissance
Google Dorking
Leaked credentials
Finding additional information about your target

Methodology
Understanding company infrastructure
Identifying and prioritizing interesting assets
Combining asset discovery and content discovery
Looking for leads (documentation, API specs, etc)
Looking for patterns of mistake across an infrastructure
DNS Misconfigurations (subdomain or DNS takeover)
Understanding SSO
SSO Bypass or priv escalation

Final Lab + Test

Technical difficulty:

Beginner to intermediate

Suggested Prerequisites:

While this training will offer and cover the foundations of web application hacking, it is highly suggested that students have a solid foundation in web application hacking and in web development.

HTTP Basics:
https://developer.mozilla.org/en-US/docs/Web/HTTP

How to set up burp suite:
https://portswigger.net/burp/documentation/desktop/getting-started/download-and-install

Understanding DNS:
https://www.cloudflare.com/learning/dns/what-is-dns

What students should bring:

Students should bring in a laptop (Mac OS, Windows, or a Linux distribution of your choice) with a working browser. Please make sure you have installed Burp Suite and are able to intercept your browsers traffic.

DATE: November 2nd-3rd 2024

TIME: 8am to 5pm PDT
VENUE: Meydenbauer Center, Bellevue, WA
TRAINER: Ben Sadeghipour

- 16 hours of training with a certificate of completion.
- 2 coffee breaks are provided per day
- Note: Food is not included

Registration terms and conditions:

Trainings are refundable before September 16th, the processing fee is $250.

Trainings are non-refundable after September 26th, 2024.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.