ＨｉｄｅＺｅｒｏＯｎｅ

SEC542 empowers students to quickly evaluate and expose security vulnerabilities in web applications, showcasing the potential business repercussions of exploitation. Gain practical experience in exploiting web apps within your enterprise, mastering attackers’ tools and methods. Through hands-on exercises you will learn a best practice process for web application penetration testing, inject SQL into back-end databases to learn how attackers exfiltrate sensitive data, and utilize cross-site scripting attacks to dominate a target infrastructure. 30+ Hands-on Labs

SEC542.1: Introduction and Information Gathering
SEC542.2: Fuzzing, Scanning, Authentication, and Session Testing
SEC542.3: Injection
SEC542.4: XSS, SSRF, and XXE
SEC542.5: CSRF, Logic Flaws and Advanced Tools
SEC542.6: Capture the Flag

SEC542: Web App Penetration Testing and Ethical Hacking

Smart Contract Hacking is a comprehensive online course that teaches you how to secure, hack, and use blockchain and smart contract technology. The course covers the fundamentals of blockchain, the popular Ethereum coding language Solidity, and the tools and techniques for auditing and exploiting smart contracts. You will learn how to deploy, scan, and test various blockchain implementations and protocols, such as Bitcoin, Ethereum, Solana, Cosmos, Near, NFTs, DeFi, and Web3. You will also get access to hands-on exercises, challenges, and quizzes to reinforce your learning and gain practical experience. By the end of the course, you will have the skills and knowledge to become a proficient web3 security professional.

Syllabus

Intro
Career Paths
EVM
Environment & Dev Tools
Exercises Guidelines
Tokens crash course: ERC20
Tokens crash course: ERC721
ReEntrsncy Attacks
Arithmetic over/underflow
Phishing Attacks
Randomness Vulnerabilities
Access Control & Default Visibility
DEFI Crash Course: DEXes
DEFI Crash Course: Money Markets
Replay Attacks
Flash Loans & Flash Swaps
Flash Loan Attacks
Denial of Service
Sensitive On-Chain Data
Unchecked Return Value
Frontrunning
DAO & Governance Attacks
Oracle Manipulation
Call / Delegate call Attacks

Smart Contract Hacking Course

SEC504 helps you develop the skills to conduct incident response investigations. You will learn how to apply a dynamic incident response process to evolving cyber threats, and how to develop threat intelligence to mount effective defense strategies for cloud and on-premises platforms. You’ll examine the latest threats to organizations, from watering hole attacks to business email compromise, getting you into the mindset of attackers and anticipating their moves. SEC504 gives you the skills you need to understand how attackers scan, exploit, pivot, and establish persistence in cloud and conventional systems. To reinforce these skills, and to help you retain the course material, 50% of class time is spent on hands-on exercises, using visual association tools to break down complex topics. This course prepares you to conduct cyber investigations and will boost your career by helping you develop these in-demand skills. 33 full labs, 18 Lightning Labs, and an immersive capture the flag event.

The Advanced Penetration Testing Learning Path provides all the advanced skills required to carry out a thorough and professional penetration test against modern networks and infrastructure, such as the ability to execute state-sponsored-like operations and advanced adversary simulations.

You must be familiar with PowerShell scripting, Active Directory administration and Windows internals knowledge, basic reverse engineering skills, and possess a good working knowledge of network protocols, as the content dives into all stages of a red-teaming engagement.

Learning path at a glance:
-Implementation details on numerous undocumented attacks
-Obscure ways of exploitation and backdooring
-Advanced client-side exploitation techniques
-Custom attack vector and payload creation
-Custom payload creation techniques
-In-depth analysis of Active Directory exploitation
-Stealthy lateral movement and evasion against modern defenses
-In-depth analysis of critical domain infrastructure exploitation
-In-depth details of common misconfigurations and weaknesses
-Details for covert operations and stealthy persistence

eCPTX

Interested in assessing and mitigating advanced web application risks an organization could potentially be exposed to? The Advanced Web Application Penetration Tester Professional Learning Path provides all the advanced skills necessary to carry out a thorough and advanced penetration test against modern web applications, as well as prepares you for the eWPTX exam and certification.

Learning Objective:

-Based on techniques professional pentesters use
-Master advanced Web Application attacks & security tools
-In-depth Web Application Vulnerabilities analysis
-Covers XSS, SQL Injection, HTML5, and much more
-In-depth obfuscation and encoding techniques
-Bypassing filters and WAF techniques included
-Explore HTML5 and XML attacks vectors and exploits
-Explore advanced PHP, Java, Deserialization, LDAP, Server Side, and Authentication/SSO attacks
-Learn effective API & Cloud-powered Application penetration testing
-Demystifies Java RCE internals, attacking RMI-based JMX services, JNDI injection attacks, PHP Objection Instantiation, PHP Type Juggling, constructing Property Oriented Programming chains, and attacking memory-unsafe languages

eWPTX

Interested in learning how to assess and mitigate real-world web application vulnerabilities an organization could potentially be exposed to? The Web Application Penetration Testing Learning Path is a comprehensive and structured journey designed to equip aspiring penetration testers, Web App Security Professionals, Bug Bounty Hunters, and web developers with the essential skills and knowledge required to plan and perform a thorough and professional web application penetration test and how to effectively identify, exploit, and mitigate vulnerabilities in modern web applications. The Web Application Penetration Tester Professional Learning Path provides you with all the advanced skills required to carry out a thorough and professional penetration test against modern web applications, as well as prepares you for the eWPTv2 exam and certification.

Learning Objects

1. Web Application Penetration Testing Methodology

2. Information Gathering & Reconnaissance

3. Web Application Analysis & Inspection

4. Web Application Vulnerability Assessment

5. Web Application Security Testing

6. Manual exploitation of Common Web Application Vulnerabilities

7. Web Service Security Testing

eWPTv2