برچسب: Pentest

This is a hand-on practical concentrated course on securing and attacking web and cloud APIs. APIs are everywhere nowadays: In web apps, embedded systems, enterprise apps, cloud environments and even IoT, and it is becoming increasingly necessary to learn how to defend, secure and attack API implementation and infrastructure. This training aims to engage you in creating secure modern APIs, while showing you both new and old attack vectors.

Syllabus

Defending and attacking Web APIs (REST, GraphQL..etc)
Attacking and securing AWS APIs and infrastructure.
Launching and mitigating modern Injection attacks (SSTI, RCE, SQLi, NoSQLi, Deserialization & object injection)
Deploying practical cryptography.
Securing passwords and secrets in APIs.
API authentication and authorization.
Targeting and defending API architectures (Serverless, web services, web APIs)
Securing development environments.

Attacking and Securing APIS (2021)

ادامه مطلب

To achieve maximum stealth and obtain unabated access to the system, rootkits execute in kernel mode. This course focuses on the kernel interfaces (APIs), data structures and mechanisms that are exploited by rootkits to achieve their goals at every stage of their execution. Kernel security enhancements that have been progressively added from Windows 7 to the latest version of Windows are discussed along with some circumvention techniques. This advanced course provides a comprehensive end-to-end view of the modus-operandi of rootkits by taking an in-depth look at behind the scenes working of the Windows kernel and how these mechanisms are exploited by malware through hands-on labs and real-world case studies. Kernel security enhancements that have been progressively added to Windows are discussed along with some circumvention techniques. Attendees will study key techniques used by rootkits to understand the real-world applicability of these concepts for offensive and defensive purposes. This training is beneficial to anyone responsible for developing, detecting, analyzing, and defending against rootkits and other Windows kernel post-exploitation techniques including EPP/EDR software developers, anti-malware engineers, security researchers, red/blue/purple teamers. A special version of this training is also available for malware, rootkit forensics analysts where the focus is not on implementing rootkit functionality but rather on investigating rootkits using tools such as WinDBG and Volatility. This analyst version does not require attendees to have a programming background and contains topics related to rootkit detection and case studies.

ادامه مطلب

Injection flaws have dominated web application vulnerability lists since time immemorial. And despite OWASP reducing their ranking from 1 to 3, they are still one of the most devastating web application vulnerabilities. Efforts have been made for years to secure applications against related attacks, from new frameworks to new defensive techniques. A lot has been done, but is it enough? This course enables you to walk through dozens of hacklabs and learn how – despite defensive efforts – injection flaws persist, with drastic effects on application security. Get into the attacker mindset for 2 days and deploy over 30 fresh and novel injection attacks via our state-of-the-art hacklabs. This practical course is packed with information and delivered by professional penetration testers, well-versed in web hacking from their years of experience in the wild. By the time you leave, you’ll understand how to deploy attacks using complex injection flaws. This course will be delivered virtually.

ادامه مطلب

Ready to take bug hunting to a deeper level? Been tasked with reviewing source for SQL Injection, XSS, Access Control and other security flaws? Does the idea of reviewing this code leave you with heartburn? This course introduces a proven methodology and framework for performing a secure code review, as well as addressing common challenges in modern secure code review. Short circuit developing individual secure code review techniques by gleaning from Seth & Ken’s past adventures in performing hundreds of code reviews and the lessons we’ve learned along the way. We will share a proven methodology to perform security analysis of any source code repository and suss out security flaws, no matter the size of the code base, or the framework, or the language.

Next-level Bug Hunting – Code Edition (2021)

ادامه مطلب

The course introduces students to exploit development in MIPS processor architecture. Exploit development on MIPS processor hasn’t seen the attention that other architectures such as x86 and ARM got. With the growing IoT devices, we have been seeing many embedded devices with MIPS architecture alongside ARM. Exploit development is getting harder and harder with exploit mitigation techniques in place. But, the good news is that it is not impossible to write working exploits as exploit mitigation techniques do not fix the underlying problem in the vulnerable source code. This practical training starts with the basics of MIPS Architecture and slowly moves towards writing own shell code and creating working exploits using Return Oriented Programming for a given target binary. To give a sense of real exploitation, real world examples will be discussed with proof of concept exploits. By the end of this training, students will be able to write Memory corruption exploits for MIPS architecture, understand how Return Oriented Programming can be used in MIPS for modern day exploit development and bypass some of the most common exploit mitigation techniques such as ASLR.

Syllabus

  • Introduction to MIPS Architecture
  • An overview of QEMU MIPS setup
  • MIPS compared to x86 and ARM
  • Basics of GDB
  • Basics of MIPS assembly language
  • Debugging MIPS Binaries
  • Introduction to Memory corruption attacks
  • Writing MIPS shellcode
  • Avoiding Bad characters
  • Stack based Buffer Overflows in MIPS
  • Ret2Libc in MIPS
  • Dealing with MIPS cache incoherence
  • Exploit Mitigation techniques
  • Return Oriented Programming
  • Bypassing ASLR
  • Introduction to Heap overflows in MIPS

Exploit Development For MIPS (2022)

ادامه مطلب

Stay frosty within AWS, Azure, & GCP environments with this fast-paced and hands-on course which teaches each participant the Tactics, Techniques, and Procedures (TTPs) needed to infiltrate and expand access within cloud platforms. In this course you will: Exploit serverless (e.g. Lambda, Azure Functions) applications for initial access into targets. Pivot between data and control planes to expand access (e.g. secrets, snapshots) Evade and disrupt cloud logging platforms (e.g. CloudTrail) to remain undetected. Breach and backdoor boundaries (e.g. VPCs) to access hard to reach systems. Expanding access within Kubernetes (K8s) envs (e.g. GCP bypass of metadata protections) Compete throughout the course in our hands-on Capture the Flag (CTF) tournament!

Astute AWS/Azure/GCP Cloud Red Team: It’s Raining Shells! – 2021

ادامه مطلب