Full Stack Web Attack - Syllabus


Please note: This syllabus is subject to change at the discretion of the instructor.

Day 1

Introduction

  • PHP & Java language fundamentals
  • Debugging PHP & Java applications
  • Module overview and required background knowledge
  • Auditing for zero-day vulnerabilities

PHP

  • Loose typing
  • Logic authentication bypasses
  • Code injection
  • Filter bypass via code reuse
  • Patch bypass

Day 2

Java

  • Java Remote Method Invocation (RMI)
    • Java Remote Method Protocol (JRMP)
    • Registry attack/JEP290 bypass
  • JNDI Injection
    • Remote class loading
    • Deserialization 101
    • Unsafe Reflection

PHP

  • Introduction to object instantiation
  • Introduction to protocol wrappers
  • External entity (XXE) injection
    • Regular file disclosure
    • Blind out-of-band attacks
      • Error based exfiltration using entity overwrites
      • Exfiltration using protocols

Day 3

PHP

  • Patch analysis and bypass
  • Introduction to object injection
  • Magic methods
    • Customized serialization
    • Phar deserialization
    • Property oriented programming (POP)
    • Custom gadget chain creation
  • Information disclosure
  • Phar planting
  • Building an exploit chain to achieve remote code execution

Day 4

PHP

  • Block list bypasses (n-day vulnerability analysis and exploitation)

Java

  • Introduction to reflection
  • Expression language injection
  • Bypassing URI filters
  • URI forward authentication bypasses
  • Deserialization 102
    • Custom gadget chain creation
    • Trampoline gadgets
    • Exploiting reflection
    • Allow list flexibility (ab)use
  • Server Side Template Injection