ＨｉｄｅＺｅｒｏＯｎｅ

Hacking Modern Web apps by 7ASecurity is a 100% hands-on deep dive into the OWASP Security Testing Guide and relevant items of the OWASP Application Security Verification Standard (ASVS), so this course covers and goes beyond the OWASP Top Ten.

Modern Web apps share traditional attack vectors and also introduce new opportunities to threat actors. This course will teach you how to review modern web apps, showcasing Node.js but using techniques that will also work against any other web Apps platform. Ideal for Penetration Testers, Web Apps Developers as well as everybody interested in JavaScript/Node.js and Modern app stack security.

This BlackHat training will cover topics like Mapping the Attack Surface, Enriching Collected Data, Tech Stack Enumeration, Cloud Recon, Employee Profiling, Identifying Hidden Injection Points, Credential Spraying, Compromising Federation Server, Exploiting Domain Trust, Social Engineering, and much more. Participants will perform real-life attack scenarios in our lab having a Forest Environment expanding over segregated Domains to compromise various services. Also, using Social Engineering and Human aspect of OSINT, students will be guided to compromise the segregated domain environment which otherwise is unreachable through previously compromised domain. The training will not only cover these topics but will also go in-depth on how OSINT techniques can be chained together and even a small piece of information can lead to the catastrophic damage to an organization.

This course helps create and understand low-level Linux attack paths, improve your Linux detection coverage, see in action many Open Source DFIR/defensive projects, and understand the need for Linux telemetry, especially including Kubernetes clusters where Runtime Security solutions are a must these days. The techniques and attack paths covered in this training include many different implementations of eBPF, XDP, Ftrace, Kprobe, Uprobe, Netfilter, Systemtap, PAM, SSHD, HTTPD/Nginx, LD_PRELOAD-based code samples, and PoCs. Detection and forensics layers include LKRG, bpftool, Velociraptor IR, OSQuery, CLI-based /proc/ and /sys/ analysis, memory forensics with Volatility  2/3 Framework with the semi-automated RAM acquisition, Sysmon4Linux, Falco, Tracee, Sysdig, Tetragon, Sandfly Security, Zeek IDS, Suricata IDS, Moloch/Arkime FPC, Yara rules and more.

Dark Web: Ultimate Guide (retired in 2019) is a comprehensive course that aimed to teach users how to navigate and make purchases on the dark web safely. It included lessons on Tails, Tor, Bitcoin, PGP encryption, and operational security.

Tor Mastery: The Ultimate Guide to Unlocking the Dark Web course is an in-depth guide designed to help users safely navigate and utilize Tor for privacy and security on the dark web. Covering everything from basic Tor setup to advanced features like running a Tor node, integrating Tor with code, and using Tor for anonymous communication.