24-27 Sep. 2024
9:00 - 18:00
€ 4.000,00
Full Stack Web Attack is not an entry-level course. It’s designed to push you beyond what you thought was possible and set you on the path to develop your own workflow for offensive zero-day web research. Each of the vulnerabilities presented have either been mirrored from real zero-day or are n-day vulnerabilities that have been discovered by the author with a focus on not just exploitation, but also on the discovery. The course material is fully illustrated with detailed slides, workbook, code samples and an answer sheet given out at the end. If you want to learn how to exploit web technologies without client interaction for maximum impact, that is, remote code execution then this is the course for you. Leave your OWASP Top Ten at the door.
Upon completion of the training course, students should be able to:
Steven Seeley is a world-renowned security researcher who has over a decade of experience in application security. He has been credited with finding over 1500 high impact security vulnerabilities affecting vendors such as Microsoft, VMWare, Apple, Adobe, Cisco and many others. In 2020, Steven teamed up with Chris Anastasio competing in Pwn2Own Miami – winning the Master of Pwn title. In 2021, Steven reached 12th position on the MSRC top 100 Vulnerability Researchers list.
DAY 1
Java Introduction
Framework Overview
Java Deserialization Primer
JNDI Injection
Analyzing the Struts Framework
DAY 2
JDBC Injection
Authentication Bypasses
Java deserialization for researchers
Server-side template injection
Java Bean Validation – Attacking Custom Validators
DAY 3
C# .NET Introduction
Architecture and Framework Overview
Debugging
Developing Applications in Visual Studio
DAY 4:
.NET Deserialization Primer
Analysis of CVE-2023-XXXXX Remote Code Execution
Analysis of CVE-2023-XXXXX Elevation of Privilege
Analysis of CVE-2023-XXXXX File Disclosure
Analysis of CVE-2023-XXXXX XXE
RomHack is made with 🤍 by Cyber Saiyan
Support us making a donation or becoming a member
[ Code of Conduct ]
Cyber Saiyan Ente del Terzo Settore – C.F. (FC) 97958200582 – VAT 14669161003