Full Stack Web Attack


It's days, hours, minutes, and seconds until the training begins!

Full Stack Web Attack is not an entry-level course. It’s designed to push you beyond what you thought was possible and set you on the path to develop your own workflow for offensive zero-day web research.

This course is developed for web penetration testers, bug hunters and developers that want to make a switch to server-side web security research or see how serious adversaries will attack their web based code.

Students are expected to know how to use Burp Suite and have a basic understanding of common web attacks as well as perform basic scripting using common languages such as python, PHP and JavaScript. Each of the vulnerabilities presented have either been mirrored from real zero-day or are n-day bugs that have been discovered by the author with a focus on not just exploitation, but also on the discovery.

So if you want to learn how to exploit web technologies without client interaction for maximum impact, that is, remote code execution then this is the course for you.

Leave your OWASP Top Ten and CSP bypasses at the door.

When and Where

The 3 day training course will take place on October the 1st, 2nd and 3rd of 2019 at the room in Polanco, Mexico City.

Av. Homero s/n frente al 1730, entre Jaime Balmes y Luis Vives.
Planta baja de Corporativo Polanco.
Miguel Hidalgo
Los Morales Polanco
CP 11510 Ciudad de México.

You can use Google Maps for the exact location of the venue. When coming via an Uber or taxi, just state you would like to go to Avenida Homero numero mil setecientos treinta en polanco, se llama The Room. Don’t worry if you don’t speak a little Spanish, the hotel concierges all speak English.

Hotels and Accomodation

The two hotels we recommend are approximately 10 minute’s drive with an Uber or taxi. The cost of the ride to and from the venue should be approximately $5 USD. Walking is possible, but it will take approximately 25 - 30 minutes.

Certification

javax.servlet.ServletException: java.lang.NullPointerException
    com.source.incite.FullStackWebAttack.certification(FullStackWebAttack.java:38) 
    org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425) 
    org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228) 
    org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913) 
    org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462) 

Tickets

Tickets can be purchased here. Please note that the course is limited to maximum of 20 seats to ensure a high quality deliverable.

Instructor

Steven Seeley (@steventseeley) is an internationally recognized security researcher and trainer. For the last three years, Steven has reached platinum status with the ZDI and has literally found over a thousand high impact vulnerabilities, some of which can be found under the advisories section.

Student Requirements

  • At least basic scripting skills
  • At least a basic understanding of various web technologies such as HTTP(S), proxies and browsers

Hardware Requirements

  • A 64bit Host operating system
  • 16 Gb RAM minimum
  • VMWare Workstation/Fusion
  • 60 Gb Hard disk free minimum
  • Wired and Wireless network support
  • USB 3.0 support

Syllabus *

  • Introduction
    • PHP & Java language fundamentals
    • Debugging PHP & Java applications
    • Auditing for zero-day vulnerabilities
  • PHP logic authentication bypasses (zeroday)
  • PHP code injection remote code executon (nday)
  • Java naming and directory interface (JNDI) injection (nday)
    • Remote class loading
    • Java deserialization 101
  • PHP object instantiation (nday)
  • External entity injection (XXE)
    • File disclosure
    • Server-side request forgery (SSRF)
  • PHP Object Injection
    • Property oriented programming (POP)
    • PHP custom gadget chain creation
  • Blacklist bypasses for remote code execution (zeroday)
  • Bypassing Java based URI filters
  • Java URI redirection authentication bypasses (zeroday technique)
  • Expression language (EL) injection
  • Java deserialization 102
    • Pivot gadgets
    • Java Custom gadget chain creation

* This syllabus is subject to change at the discretion of the instructor

Additional Material

The madness doesn’t stop. Preconfigured environments will be provided for additional work after class ends for the rediscovery and exploitation of n-day vulnerabilities.