English | Size: 9.32 GB
Genre: eLearning
Much like our popular Advanced Infrastructure Hacking class, this class talks about a wealth of hacking techniques to compromise web applications, APIs, cloud components and other associated end-points. This class focuses on specific areas of appsec and on advanced vulnerability identification and exploitation techniques (especially server side flaws). The class allows attendees to practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.
Note: This is a fast paced class and attendees are expected to have a basic understanding of common web vulnerabilities and attacks. Attendees will also benefit from a state-of-art Hacklab and we will be providing free 30 days lab access after the class to allow attendees more practice time.
The following is the course outline:
Authentication Attacks
– Logical Bypass / Boundary Conditions
– Token Hijacking attacks
– Attacking SSO
– SAML / OAuth 2.0 / JWT Attacks
– SAML Authentication and Authorization Bypass
Advanced XXE Attacks
– XXE through SAML
– XXE in file parsing
– XXE Exploitation over OOB channels
Breaking Crypto
– Known Plaintext Attack (Faulty Password Reset)
– Exploiting padding oracles with fixed IVs
– Hash length extension attacks
– Auth Bypass using Pre-shared MachineKey
Complex Business Logic Flaws / Authorization flaws
– Mass Assignment bugs
– Invite/Promo Code Bypass
– Replay Attack
– HTTP Parameter Pollution (HPP)
Server-Side Request Forgery (SSRF)
– SSRF to call internal files
– SSRF to exploit templates and extensions
SQL Injection Masterclass
– 2nd Order Injection
– Out-of-Band exploitation
– SQLi through crypto
– OS code exec via Powershell
– Advance SQLMAP Usage with eval option
– Data Exfiltration over DNS via SQLi
– Pentesting GraphQL
– Exploiting SQL
– Performing Introspection Attacks
– Understanding and leveraging mutations for exploitation
Remote Code Execution (RCE)
– Java Serialization Attack
– Binary
– XML
– SerialVersionUID Mismatch
– PHP Serialization Attack
– Server Side Template Injection
– Ruby Injection
– Analyzing CVE-2021-25770
– Exploiting code injection over OOB channel
Attacking the Cloud
– SSRF Exploitation
– Serverless exploitation
– Google Dorking in the Cloud Era
– Cognito misconfiguration to data exfiltration
– Various Case Studies
Tricky File Uploads
– Malicious File Extensions
CTF: Circumventing File validation checks
Miscellaneous Vulnerabilities
– Second order IDOR attack
– Exploiting misconfigured code control systems
Miscellaneous Topics
– A Collection of weird and wonderful XSS and CSRF attacks
– Attack Chaining
Practice Labs with Walkthrough:
– Attacking Hardened WordPress
– Unicode Normalization Attacks
– HTTP Desync attack
– Web Caching Attacks
– Password Reset Attacks
– Cookie Swap
– Host Header Validation Bypass
– Path Traversal using Padding Oracle
– Python serialization attack
– Java Serialization Attack – JSON
– .Net Serialization Attack
rapidgator.net/file/46f0e7b3796d54fde4ab5e742ff6a3c3/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part01.rar.html
rapidgator.net/file/5aad1930a524316a72e5ef30537e9da5/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part02.rar.html
rapidgator.net/file/6141b4e32732f95e3497acc954b44015/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part03.rar.html
rapidgator.net/file/0b3df4437e84ba21c623f7e6299ea2ea/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part04.rar.html
rapidgator.net/file/ccb75241699c582230bd9f51e6fc1cb9/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part05.rar.html
rapidgator.net/file/9a01b5dd4f1f560e0274a8d1abe0ed3c/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part06.rar.html
rapidgator.net/file/ffcd5498722010d8f81abed11f058391/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part07.rar.html
rapidgator.net/file/d1e08b1dd26f93a3d59b3d187b26fbdf/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part08.rar.html
rapidgator.net/file/eda259b8eb37fcaf9f3ce951590880fe/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part09.rar.html
rapidgator.net/file/82212d7ca291425b7038428ad619ca7e/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part10.rar.html
nitroflare.com/view/A6D8F2C98A4B50F/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part01.rar
nitroflare.com/view/F26662D2D7D87C6/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part02.rar
nitroflare.com/view/DEEAF503F020A17/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part03.rar
nitroflare.com/view/E37679F7FC2E252/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part04.rar
nitroflare.com/view/97D6294A542D5BA/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part05.rar
nitroflare.com/view/234020140CBEC0E/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part06.rar
nitroflare.com/view/6A60FBA99F7BD50/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part07.rar
nitroflare.com/view/6C60B4DC96D560E/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part08.rar
nitroflare.com/view/97F781DEB906143/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part09.rar
nitroflare.com/view/0F531A5ABE63066/Advanced-Web-Hacking-5-Day-Training-by-Sanjay-Gondaliya.part10.rar
If any links die or problem unrar, send request to
forms.gle/e557HbjJ5vatekDV9