{"product_id":"black-belt-pentesting-bug-hunting-millionaire-mastering-web-attacks-with-full-stack-exploitation-100-hands-on-dawid-czagan-dctlv2026","title":"Black Belt Pentesting \/ Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation (100% Hands-On) -  Dawid Czagan - DCTLV2026","description":"\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eName of Training\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e:\u003c\/strong\u003e Black Belt Pentesting \/ Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation (100% Hands-On)\u003cbr\u003e\u003c\/span\u003e\u003cstrong\u003eTrainer(s)\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e:\u003c\/strong\u003e Dawid Czagan\u003cbr\u003e\u003c\/span\u003e\u003cstrong\u003eDates\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e:\u003c\/strong\u003e \u003cmeta charset=\"utf-8\"\u003eAugust 10-11, 2026\u003cbr\u003e\u003c\/span\u003e\u003cspan\u003e\u003cstrong\u003eTime:\u003c\/strong\u003e 8\u003c\/span\u003e\u003cspan\u003e:00 am to 5:00 pm \u003cbr\u003e\u003c\/span\u003e\u003cstrong\u003eVenue\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e:\u003c\/strong\u003e \u003cmeta charset=\"utf-8\"\u003eLas Vegas Convention Center\u003cbr\u003e\u003c\/span\u003e\u003cstrong\u003eCost\u003c\/strong\u003e\u003cspan\u003e\u003cstrong\u003e: \u003c\/strong\u003e$2,750 (USD)\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eShort Summary:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003eLearn to think like a top bug hunter and exploit real, award-winning vulnerabilities from companies like Google, Yahoo, Mozilla and Twitter—100% hands-on. Go beyond scanners with full-stack techniques you can apply immediately in your work, including red team engagements, plus a self-contained lab for ongoing practice.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eCourse Description: \u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e### Overview ###\u003c\/p\u003e\n\u003cp\u003eHave you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified at some of the greatest companies? If that sounds interesting, join this unique 100% hands-on training.\u003c\/p\u003e\n\u003cp\u003eI will discuss security bugs found in a number of bug bounty programs (including Google, Yahoo, Mozilla, Twitter and others). You will learn how bug hunters think and how to hunt for and exploit vulnerabilities effectively—whether for bug bounties or red team engagements.\u003c\/p\u003e\n\u003cp\u003eTo be successful in bug hunting, you need to go beyond automated scanners. If you are not afraid of going into detail and diving into full-stack exploitation, then this 100% hands-on training is for you. There is a lab exercise for each attack presented in this training + students can take the complete lab environment home after the training session.\u003c\/p\u003e\n\u003cp\u003e### Key Learning Objectives ###\u003c\/p\u003e\n\u003cp\u003eAfter completing this training, you will have learned about:\u003c\/p\u003e\n\u003cp\u003e- browser-dependent exploitation\u003cbr\u003e- DOM-based exploitation\u003cbr\u003e- exploiting race conditions\u003cbr\u003e- remote cookie tampering\u003cbr\u003e- bypassing Content Security Policy\u003cbr\u003e- exploiting type confusion\u003cbr\u003e- exploiting parameter pollution\u003cbr\u003e- hijacking tokens via PDF\u003cbr\u003e- exploiting DB truncation\u003cbr\u003e- exploiting NoSQL injection\u003cbr\u003e- using wrappers to launch RCE\u003cbr\u003e- RCE via serialization\/deserialization\u003cbr\u003e- exploiting path-relative stylesheet import\u003cbr\u003e- exploiting reflected file download (various browsers)\u003cbr\u003e- hacking AngularJS applications\u003cbr\u003e- non-standard XSS attacks\u003cbr\u003e- hacking with polyglot\u003cbr\u003e- subdomain takeover\u003cbr\u003e- REST API hacking\u003cbr\u003e- XML attacks\u003cbr\u003e- advanced clickjacking in modern browsers\u003cbr\u003e- advanced SSRF with gopher protocol\u003cbr\u003e- bypassing XSS protection with Shift_JIS encoding\u003cbr\u003e- chaining vulnerabilities for red team objectives\u003cbr\u003e- and more …\u003c\/p\u003e\n\u003cp\u003e### What Students Say About My Training Courses ###\u003cbr\u003e\u003c\/p\u003e\n\u003cp\u003eRecommendations are available on my LinkedIn profile (https:\/\/www.linkedin.com\/in\/dawid-czagan-85ba3666\/). They can also be found here: https:\/\/silesiasecuritylab.com\/services\/training\/#opinions – training participants from companies such as Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips, government sector.\u003c\/p\u003e\n\u003cp\u003e\u003cspan\u003e\u003cstrong\u003eCourse Outline: \u003c\/strong\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e### Day 1 ###\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e1) Advanced SSRF attacks \u003cbr\u003e- SSRF: reading the SecretAccessKey of an application hosted on AWS\u003cbr\u003e- SSRF: Jenkins shutdown\u003cbr\u003e- SSRF: deleting ElasticSearch database\u003c\/p\u003e\n\u003cp\u003e2) Exploiting type confusion and DB truncation \u003cbr\u003e- Bypassing authentication via type confusion\u003cbr\u003e- DB truncation: changing the admin’s password\u003cbr\u003e\u003c\/p\u003e\n\u003cp\u003e3) Hacking AngularJS applications \u003cbr\u003e- AngularJS: Template injection and $scope hacking\u003cbr\u003e- AngularJS: Going beyond the $scope\u003cbr\u003e- AngularJS: Hacking a static template\u003cbr\u003e\u003c\/p\u003e\n\u003cp\u003e4) Bypassing Content Security Policy \u003cbr\u003e- Bypassing CSP via Google’s ajax libraries CDN\u003cbr\u003e- Bypassing CSP via Flash file\u003cbr\u003e- Bypassing CSP via polyglot file\u003cbr\u003e- Bypassing CSP via AngularJS\u003cbr\u003e\u003c\/p\u003e\n\u003cp\u003e5) Hacking with wrappers \u003cbr\u003e- Source code disclosure via wrappers\u003cbr\u003e- RCE via data: wrapper\u003cbr\u003e- RCE via PHP input stream wrapper\u003cbr\u003e\u003c\/p\u003e\n\u003cp\u003e6) Bypassing authorization and protection mechanisms \u003cbr\u003e- HTTP parameter pollution\u003cbr\u003e- Bypassing XSS protection with Shift_JIS encoding\u003cbr\u003e\u003c\/p\u003e\n\u003cp\u003e7) NoSQL injection attacks \u003cbr\u003e- NoSQL injection: MongoDB\u003cbr\u003e- NoSQL injection: ElasticSearch\u003cbr\u003e\u003c\/p\u003e\n\u003cp\u003e8) Exploiting race conditions \u003cbr\u003e- Race condition: stealing money from a bank (for educational purposes only)\u003cbr\u003e- Race condition: reusing a one-time discount code\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003e### Day 2 ###\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e1) Non-standard XML attacks \u003cbr\u003e- SSRF via XML DOCTYPE\u003cbr\u003e- SSRF via XML XInclude\u003cbr\u003e- SSRF via XML External Entity\u003cbr\u003e\u003c\/p\u003e\n\u003cp\u003e2) DOM XSS exploitation \u003cbr\u003e- DOM XSS via location.hash\u003cbr\u003e- DOM XSS via JSON\u003cbr\u003e- DOM XSS via cookie\u003cbr\u003e\u003c\/p\u003e\n\u003cp\u003e3) Browser-dependent exploitation \u003cbr\u003e- Token hijacking via PDF file\u003cbr\u003e- Account takeover via clickjacking\u003cbr\u003e- XSS via Path-Relative Stylesheet Import Vulnerability (PRSSI)\u003cbr\u003e\u003c\/p\u003e\n\u003cp\u003e4) Reflected file download vulnerability\u003cbr\u003e- Reflected File Download (RFD) with callback\u003cbr\u003e- Reflected File Download (RFD) with callback and JScript\u003cbr\u003e- Reflected File Download (RFD) without callback\u003cbr\u003e\u003c\/p\u003e\n\u003cp\u003e5) Deserialization attacks \u003cbr\u003e- RCE via deserialization (Python)\u003cbr\u003e- RCE via deserialization (Java)\u003cbr\u003e- Path traversal via deserialization (PHP)\u003cbr\u003e\u003c\/p\u003e\n\u003cp\u003e6) Advanced full-stack attacks \u003cbr\u003e- Subdomain takeover\u003cbr\u003e- User redirection via window.opener tabnabbing\u003cbr\u003e- RCE via AddHandler\u003cbr\u003e\u003c\/p\u003e\n\u003cp\u003e7) Q\u0026amp;A session \u003cbr\u003e\u003c\/p\u003e\n\u003cp\u003e8) Certificate of proficiency exam \u003cbr\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eDifficulty Level:\u003c\/strong\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cmeta charset=\"utf-8\"\u003eIntermediate to Advanced\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eIntermediate Definition - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003eAdvanced Definition - The student is expected to have significant practical experience with the tools and technologies that the training will focus on.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eSuggested Prerequisites:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003eTo get the most of this training, intermediate knowledge of pentesting and web application security is needed. Students should be familiar with common web application vulnerabilities and have experience in using a proxy, such as Burp Suite Proxy, or similar, to analyze or modify the traffic.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eWhat Students Should Bring: \u003c\/strong\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003eStudents will need a laptop with 64-bit operating system, at least 8 GB RAM, 35 GB free hard drive space, administrative access, ability to turn off AV\/firewall and VMware Player\/Fusion installed (64-bit version). Prior to the training, make sure there are no problems with running x86_64 VMs. Please also make sure that you have Internet Explorer 11 installed on your machine or bring an up-and-running VM with Internet Explorer 11 (for a few labs).\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eWhat the Trainer Will Provide:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003eStudents will be handed in a VMware image with a specially prepared lab environment to play with all attacks, vulnerabilities and techniques presented in this training. When the training is over, students can take the complete lab environment home (after signing a non-disclosure agreement) to hack again at their own pace.\u003c\/p\u003e\n\u003cp\u003e### Special Bonus ###\u003cbr\u003e\u003c\/p\u003e\n\u003cp\u003eThe ticket price includes free access to my 6 video courses:\u003c\/p\u003e\n\u003cp\u003e- Fuzzing with Burp Suite Intruder\u003cbr\u003e- Exploiting Race Conditions with OWASP ZAP\u003cbr\u003e- Case Studies of Award-Winning XSS Attacks: Part 1\u003cbr\u003e- Case Studies of Award-Winning XSS Attacks: Part 2\u003cbr\u003e- Web Application Security Testing with Google Hacking\u003cbr\u003e- How Web Hackers Make Big Money: Remote Code Execution\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eTrainer(s) Bio:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eDawid Czagan\u003c\/strong\u003e is an internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security bugs at Apple, Google, Mozilla, Microsoft and many others. Due to the severity of many bugs, he received numerous awards for his findings.\u003c\/p\u003e\n\u003cp\u003eDawid Czagan shares his offensive security experience through his hands-on training courses. He has delivered training sessions at key industry conferences such as DEF CON (Las Vegas), OWASP Global AppSec EU (Barcelona), Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), NorthSec (Montreal), HITB+CyberWeek (Abu Dhabi) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (recommendations are available on Dawid Czagan's LinkedIn profile (https:\/\/www.linkedin.com\/in\/dawid-czagan-85ba3666\/). They can also be found here: https:\/\/silesiasecuritylab.com\/services\/training\/#opinions).\u003c\/p\u003e\n\u003cp\u003eDawid Czagan is the founder and CEO at Silesia Security Lab. To find out about the latest in his work, you are invited to subscribe to his newsletter (https:\/\/silesiasecuritylab.com\/newsletter) and follow him on Twitter (@dawidczagan), YouTube (https:\/\/www.youtube.com\/channel\/UCG-sIlaM1xXmetFtEfqtOqg), and LinkedIn (https:\/\/www.linkedin.com\/in\/dawid-czagan-85ba3666\/).\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eProficiency Exam Option:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp\u003e\u003cmeta charset=\"utf-8\"\u003eThis course has the option for a proficiency certificate add-on. \u003c\/p\u003e\n\u003cp\u003eAfter completing the course, students may take a real-world, scenario-based exam that assesses practical skills. The exam is materials-permitted—students may use all course materials and notes. A minimum score of 65% is required to pass. Each student will receive feedback on their performance.\u003cbr\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003ePlease reach out to training@defcon.org for any questions related to the proficiency exam and certificate option.\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eRegistration Terms and Conditions: \u003c\/strong\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eTrainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eBetween July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eAll trainings are non-refundable after August 5, 2026.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eTraining tickets may be transferred to another student. Please email us at training@defcon.org for specifics.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eIf a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eFailure to attend the training without prior written notification will be considered a no-show. No refund will be given.\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eDEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eBy purchasing this ticket you agree to abide by the \u003c\/span\u003e\u003ca href=\"https:\/\/defcon.org\/html\/links\/dc-code-of-conduct.html\"\u003e\u003cspan\u003eDEF CON Training Code of Conduct\u003c\/span\u003e\u003c\/a\u003e\u003cspan\u003e and the registration terms and conditions listed above.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eSeveral breaks will be included throughout the day. Please note that food is not included.\u003c\/span\u003e\u003cspan\u003e\u003cb\u003e\u003c\/b\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cp dir=\"ltr\"\u003e\u003cspan\u003eAll courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.\u003c\/span\u003e\u003c\/p\u003e","brand":"Las Vegas 2026","offers":[{"title":"Course only - Aug 10-11","offer_id":47691233755354,"sku":null,"price":2550.0,"currency_code":"USD","in_stock":true},{"title":"Course + Proficiency Exam - Aug 10-11","offer_id":47691233788122,"sku":null,"price":2850.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0629\/2088\/4442\/files\/DawidCzagan_image.jpg?v=1683920469","url":"https:\/\/training.defcon.org\/products\/black-belt-pentesting-bug-hunting-millionaire-mastering-web-attacks-with-full-stack-exploitation-100-hands-on-dawid-czagan-dctlv2026","provider":"defcontrainings","version":"1.0","type":"link"}