Category: Events

08 May 2019

Exploiting & Securing Mobile Apps – A Penetration Testing Training

This action packed training course is focused around teaching the attendees with skills required to perform penetration testing of Android & iOS applications in real world. The training is given using real world like application as the target, especially designed for this training purpose.

The course includes extremely unique, real world vulnerabilities. The attendees will be understanding the concept behind each vulnerability, and then exploiting the vulnerability on the target application. The flow of the course is designed in a way which ensures that the attendees understand each concept and are able to discover and exploit the vulnerabilities themselves. Training includes some of the unique vulnerabilities discovered and exploited on the famous mobile applications.

Download Detailed Training Agenda

Some of the vulnerabilities and topics covered in the training include: 

  • Static analysis to remote code execution
  • Static analysis to application compromise
  • User detail compromise through broadcast
  • Insecure file storage, leading to full account takeover (Android & iOS)
  • Insecure application components and exploitation
  • Insecure application screens and exploitation
  • Unintended sensitive data leakage
  • Bypassing application logic (logical vulnerability)
  • Deep linking and exploitation
  • Hacking mobile APIs (vulnerabilities in API)
  • Reverse engineering the application
  • Performing static and dynamic analysis on the application
  • Finding and exploiting real world vulnerabilities
  • Several Frida-tools use cases
  • Bypassing security controls like SSL pinning, root detection, obfuscation etc
  • Attacking APIs for vulnerabilities

Unique benefits of this training: 

  • Get practical hands-on training on real world like android and iOS apps
  • Learn finding and exploiting critical mobile application vulnerabilities 
  • Get access to training content like pdfs, guides, exploit codes, lab applications
  • Get access to virtual machine pre-installed with all needed tools (mostly for android) 

Details about the training

Training name : EXPLOITING & SECURING MOBILE APPS – A PENETRATION TESTING TRAINING

Training date: 29th – 30th June 2019

Training Timing: 10:00 AM – 5 PM

Training Venue: 

  • New Delhi, India (Exact venue to be shared with registered students)
  • Virtual Conferencing (for delegates to join remotely)

Discounts:

Discounts are only available on group booking.

  • Group registration of 3+ people: 10% discount
  • Group registration of 5+ people: 15% discount

Contact us at hello@enciphers.com for availing this discount.

Book Your Seat now.

Having issues while booking? Visit the Event booking page here

Terms and Conditions:

  • Pass prices are exclusive of taxes and gateway charges.
  • Passes are non-refundable & non-transferable.
  • In case of event cancellation, we will inform the attendees at least one weeks before the actual training date.
  • Registration fees does not include the cost of travel and accommodation of delegates. All delegates are requested to make their own arrangements and any associated fees for any other availability of services.
  • Delegates/attendees are expected to have the prerequisite ready for the training, before the training date.
01 Feb 2019

By Hackers, for Hackers

On 16th-DEC-2018, ENCIPHERS conducted a full day training on “Web Application Hacking – Advance Level” as a part of “The Art Of Hacking” training series. The seats in the training were kept limited, to ensure a good trainer to student ratio.

To enable the students understand the advance web hacking concept in the training, all the attendees and trainers were connected via a private slack group so that they can learn from the content shared, ask queries and sharpen the basics . In this class room training attendees were given access to our custom virtual private server, Bughunters VPS and were provided with multiple guides and Hackers mind map.

The full day training was filled with lots of advance hacking concepts and demonstrations. Post training, we received huge applause from the attendees on various social media platforms. Have a look at some of those tweets:

Following the same approach, but after several enhancements to the course content, Bughunters VPS and training duration. We are launching “Web Application Hacking – Advance Level 2.0


24 Jan 2019

WEB APPLICATION HACKING – ADVANCE LEVEL 2.0

We Conducted the Web Application Hacking – Advance level training on 16th DEC 2018. Right after completing the training, we received amazing positive feedback: 

20190123_172738_0001

You can also read a post by one of the student, who won several bounties just hours after the training. MY EXPERIENCE OF THE ART OF HACKING TRAINING, AND THE STORY OF FIRST CRITICAL FINDING

We also received several inquiries regarding the next date of the training, from many who were not able to register last time. So keeping these things in mind, we worked more on improving several things:

  • Two day training agenda, comprising of several real world vulnerabilities and exploits instead of one day as it was in the last training. 
  • An improved version of Bughunters VPS, more tools, more secure, more powerful
  • A real world application like, lab environment, specifically created for this training.

So, now we present to you WEB APPLICATION HACKING – ADVANCE LEVEL 2.0, a two day classroom based training, focused on advance level exploitation of web application vulnerabilities.

Details about the training

Training name : Web Application Hacking – Advance level 2.0

Training Agenda : Agenda of Web Application Hacking-Advance level 2.0

Training date: 30th – 31st March 2019

Training Timing: 9:00 AM – 5 PM

Training Venue: New Delhi, India (Exact venue to be shared with registered students)

Training Fee: 

  • Classroom based training (Without VPS access): 15,000 INR + 18% GST [Final cost: 17,700 INR]
  • Classroom based training + One month access to Bughunters VPS: 20,000 INR + 18% GST [Final cost: 23,600 INR]

Only for students outside New Delhi – NCR, India region: [Only 10 seats available]

  • Online access to the training (virtual conferencing): 17,000 INR + 18% GST [Final cost: 20,060 INR] 
  • Online access to the training + One month access to Bughunters VPS: 22,000 INR + 18% GST [Final cost: 25,960 INR]

Unique benefits of this training:

2 days classroom based training on Advance level attacks on real world application specifically designed for training students.

Confirm enrollment to free Basic level training (online).

100% discount coupon for the online course: Web Application Penetration Testing Using Burp Suite.

One month access to completely customized VPS (Virtual Private Server). Attendees can use this server to do bug bounties or perform penetration testing. (Optional)

Detailed guides for all the tools on Bughunters VPS.

Hackers mind map: to help you understand what all things should be tested and how to proceed at each level.

Super cool training completion certificate by ENCIPHERS.

Access to private slack channel: ask doubts and questions. 

How to enroll for this training:

  1. Complete the payment:
    1. UPI: enciphers@icici
    2. IMPS/NEFT:
      1. Bank Name: ICICI Bank Ltd
      2. Acc No: 628205025182
      3. Account Name: ENCIPHERS
      4. IFSC: ICIC0006282
  2. Fill the google form here: Google Form
    1. Make sure to chose training mode you selected.
    2. Make sure to submit the transaction details (Transaction number etc)

Capture

For any inquiry contact us at: artofhacking[at]enciphers[dot]com

Join the Slack group of The Art Of Hacking:  Join us on Slack: Slack Invite Link

For corporate training and other inquiries: hello[at]enciphers[dot]com

01 Oct 2018

Web Application Hacking – Advanced Level

Right after the completion of our first training “Web Application Hacking – Basic Level”, we announced the advanced level training.

  • Training Name: Web Application Hacking – Advanced Hacking
  • Training Agenda: Find it here: Agenda For Web Application Hacking – Advanced Level
  • Training Date: 16th December 2018
  • Training Venue: Vivanta By Taj, Dwarka, New Delhi
  • Training Fee (Inclusive of lab access and taxes): 12,000 INR
  • Unique benefits of this training: 
    • One day training on advanced level attacks on web applications.
    • One month access to a specifically designed virtual private server. Attendees can use this server to perform bug bounties on targets and submit reports. The VPS (virtual private server) will also have detailed guides on how to start the testing, how to use specific tools on those servers and how to submit reports and earn money.
    • Invite to two Q&A sessions to ask doubts and take help.
    • Access to separate channel for asking questions and taking help.

 

How to enrol for this training:

Screenshot 2018-09-29 at 10.54.28 PM

Screenshot 2018-09-29 at 10.53.33 PM.png

 

01 Oct 2018

“THE ART OF HACKING” First Training

On 29th September, 2018 Enciphers conducted a training on WEB APPLICATION HACKING – BASIC LEVEL as a part of the training series “The Art Of Hacking”

20180914_143502_0001.png

It was a full day hands on training where everyone got to learn about web application Hacking , how to start with bug bounties , write good reports , things that should be avoided while doing bug-bounties and the most important thing different approach of finding vulnerabilities with higher impact.

The training agenda was designed in such a way so that people just starting their career in web application security can understand the basic concepts and improvise as we move ahead to advanced concepts. All the attendees did hands on practical of some of the concepts, in a customised virtual machine provided. 

During the workshop attendees learned about the basics of web application, about DNS stuff , burp suite and Recon, how to find “easy money bugs” Where to look for bugs like XSS , CSRF, Access Control & improper session management issues, Insecure subdomain & hidden insecure files. In one of the module high paying bugs were covered where attendees learned about IDOR , MFA bypass, password reset issues, session management issues etc. There were lots of interesting test cases were shared with attendees, which were found in penetration tests done by Penetration testing team of ENCIPHERS.

Some of the pictures from the training session are below. Are you in these pictures? If not, then you should 🙂 

 

You can find some of the content used in this training here.