Category: The Art Of Hacking

02 Jan 2019

My experience of The Art Of Hacking training, and the story of first critical finding

Hey folk,

I am Jayesh patel. Little bit of $whoami:  I am a bug hunter who is highly motivated towards the field of Web, Mobile application Security and I actively participate on various Bug Bounty Programs/Platforms like Bugcrowd, Hackerone, BugBounty.jp, openbugbounty.org.

 

Why am I writing this blog post ?

ENCIPHERS team asked me about my experience of basic and advanced level training in The Art Of Hacking series, and asked if I would be interested to share my experience through a post. 

So I said yes!!! and here i am writing blog about some of my findings, which I discovered after taking advance level training from ENCIPHERS.

Before the advance level training, I was only able to find the vulnerabilities which were of low-severity but after the training, I found my first critical vulnerability within hours. 

So the journey started on 29 September 2018, when ENCIPHERS team conducted a free training  “The Art Of Hacking: WEB APPLICATION HACKING – BASIC LEVEL“.  The training was awesome, I  learned lot of things to improvise in bug bounty hunting.  ENCIPHERS team also helped me in finding a vulnerability on a web application which I was trying to hack (under a responsible disclosure program).

 

After The Art Of Hacking – Basic Level training, ENCIPHERS team announced about The The Art Of Hacking: WEB APPLICATION HACKING – ADVANCE LEVEL and I Registered for the training. The advance level training was conducted on 16 December 2018, at Vivanta By Taj, New Delhi. This time, it was about advance and critical vulnerabilities like RCE, SQLI, SSRF, XXE  etc.

 

On the day of training, it started with setting up our access on a virtual private server,  Bughunter’s VPS and we were provided with multiple guides (PDFs). One of the other interesting thing was a Hacker Mind-Map designed by ENCIPHERS team.  The Hacker Mind-Map is a detailed flow of steps which one can follow while doing bugbounties or penetration testing. The Bughunter’s VPS was already setup with multiple bug bounty related tools, and a Tools and Usage guide  was also provided. This helped me a lot in finding bugs, just by recon only. The Mind-Map explained, how someone should start with testing a target, and what are the possible tests to do at each stage. 

In the training, we learned about many advance level vulnerabilities, and exploited them in a test application (by taking remote shells and dumping databases). 

Story of my first critical bug:

After the training, while I was returning back to my hometown, I had a few hours on the train station. So I thought of doing some bug hunting using the concepts from training.

So, I choose a target and first thing I learned in training was to understand the scope properly. This was a target with sub-domains included, so I started using my Bughunter’s VPS and discovered all the sub domains using Aqua-tone tool, which was already setup on the VPS. After that enumeration I started port scanning on all the sub-domains using Masscan tool on Bug Hunter VPS.

After scanning, I found that 5002 port was open on target site so I just opened that site www.xyz.com:5002 on chrome.

Yeah…….!!! 🙂 😉

port was open and control panel login page was visible now my second task was to bypass the access control page so I just tried the default credential admin:admin.

After entering username and password I got access of control panel and yeah!!! that was my first critical bug and all thanks to ENCIPHERS team for this amazing training.

 

 

If you are into bug bounties or penetration testing and want to enhance your security skills, I would highly recommend a training by ENCIPHERS.

Once I reported the vulnerability to the target company’s email address, within 24 hours I got a response:

unnamed (4)unnamed (5)

At the end of this blog, I just want to post a picture of me from the training 🙂 Looking forward to more training by ENCIPHERS.

 

DSCN5603

29 Oct 2018

Workshop on DISCERNING HIGH IMPACT MOBILE APPS VULNERABILITIES at Bsidesdelhi on 25th Oct

About Conference
Bsidesdelhi is a event where professionals, experts, researchers, and InfoSec enthusiasts come together to discuss on information security.

 

Workshop highlights

This workshop was about High Impact Security Vulnerabilities in android and ios application.Workshop was focused on teaching how to test a mobile for some of the high impact security vulnerabilities and how to fix them.it was having good mix of presentations ,demos and hands on practicals on a VPS which was provided to attendees.

and some of the Vulnerability case studies were discussed why they exist, how to test such issues and fix them.

It was an awesome experience with attendees and Thanks for joining the workshop.
Hope to see you at Advance Level Web Hacking a part of “Art of Hacking” Series on 16 dec want to join the workshop check out the enciphers blog post about Advance Web Hacking.

13 Sep 2018

The Art Of Hacking (Delhi Edition) : Web Application Hacking – Basic Level

We are excited to publicly announce the first session of “The Art Of Hacking”. Details are below:

Training Details:

Training Name: Web Application Hacking – Basic Level

Training Date | Time: 29th.September.2018 | 9:00 AM – 4:00 PM

Venue:  TO THE NEW, Tower B, 4th Floor, Logix Techno Park, Noida Express Way, Sector 127, Noida, Uttar Pradesh 201304.

Big thanks to “TO THE NEW” for helping us by providing the venue.

 

What’s so awesome in this training?

  • Free for all to attend.
  • Fully hands-on training, focusing on starting and succeeding in bug-bounties too.
  • It will be a live training with lab practice.
  • Attendees of Basic level will get discount for advance level training. 
  • Networking opportunity.

 

Prerequisites:

  • Working laptop with Kali Linux virtual machine.
  • Willingness to learn
  • (Optional) If you can get a personal wifi/internet connection, it would be better.

 


How to apply for this training?

  1. Fill the google form below (End of this page).
  2. As the seats are limited, we will chose majorly on who filled first criteria. So fill as soon as you can.
  3.  Wait for an acceptance email from our side with more details. Make sure to bring your ID and the invitation code we send in the acceptance email.

Timeline:

  • Enrolment start: 13th.September.2018
  • Enrolment ends: 19th.September.2018
  • Acceptance to be sent to attendees: 26th.September.2018

 

Agenda of the Training:


Module 1 – Basics of everything:

  • Basics of web applications
  • Vulnerability scanning
  • DNS and Domain level stuff
  • Intro to burp suite , Setting up & use cases

Module 2 – Recon:

  • What is recon? Best tools for recon.
  • Low severity issues and how to find them during recon.
  • Chaining low severity bugs to get higher impact.
  • Reporting low severity bugs the correct way.

Module 3 – Finding the “easy money bugs”:

  • Cross Site Scripting:
    • How to find? Where to look?
    • Using Burp suite for finding XSS
    • Interesting case studies of XSS
  • Cross site request forgery
  • Access control & Improper session management issues
  • Insecure subdomains & hidden insecure files

Module 4 – Finding high paying bugs:

  • Insecure Direct Object Reference
    • What are they?
    • Where do they exist?
    • Using burp suite to find IDORs
    • Case studies on interesting IDOR bugs
  • Authentication & Session related vulnerabilities:
    • MFA bypass
    • Password reset issues
    • Session management issues

Module 5 – How not to suck at bug bounties:

  • Reporting is the key to good money.
  • How to avoid duplicate issues?
  • Amazing resources from around the internet.
  • Where can you hunt other than Bugcrowd and Hackerone?

 

Want to know more about the whole series of trainings? Read here

Want to join the group? Have questions to ask? Join us on Slack: Slack Invite Link

Training Content/Hand-Outs:

  1. Presentation Used in the basic level training: (Presentation) The Art Of Hacking – Web App Basic Level
  2. Books/Resources:
    1. OWASP testing guide: OTGv4
    2. CORS POC sample: CORS_POC
    3. Web Application penetration Testing Checklist: Web Application Penetration Testing Checklist
    4. More resources to start in web app security:  Resources
  3. Virtual Machine (OVA file): OVA Link
  4. Virtual Machine Details VM Details
  5. Vulnerable App – WackoPicko Details
  6. Vulnerable App – OWASP Juice Shop: https://github.com/bkimminich/juice-shop

 

Hope you loved the training. Please give your feedback here.

10 Sep 2018

The Art Of Hacking

About:

A series of training focused on teaching practical penetration testing on Web and Mobile applications. These sessions are going to be hands on, classroom based, lab focused.

All the training are divided into Basic and Advance level. All the basic level will be free training and advance level will be paid.


How the first session will be organized?

  • The enrollment form for the first training will soon be launched together with the agenda of the training.

  • Interested attendees are required to fill the enrollment form after reading the description carefully.

  • From all the enrollments, we will confirm the enrollment according to the number of seats available. A confirmation email will be sent to those attendees with date and venue details.

  • Come and join us in the first training session 🙂


How the attendees will be selected?

Free Trainings:

  1. The first people to get access to the enrollment form will be from our Slack group (Join Here: Slack Group Invite).

  2. Next, the enrollment form will be made public and anyone can fill the form and enroll for the training.

  3. Once the time period for enrollment ends, we will get all the attendees details and send the confirmation one by one, on first come first serve basis.

  4. If, there are too many attendees left out after first training, we will make sure to schedule another training for those.

  5. The confirmation email will have all the details about venue and timing of the training.


Paid Trainings:

  1. A link will be shared to enroll for the training in the slack group first and then will be made public.

  2. Once the enrollment ends, we will share the confirmation mail with all the details.


Important Note:

If you have enrolled for free training and realize that you won’t be able to make it. Please send us an email at artofhacking@enciphers.com

If you fail to let us know and your seat goes empty in the training (because we won’t be able to give it to someone else), we will not be able to select you for any future training. Obviously, people with emergency or valid reason for not being able to attend the training, will be an exception.


Who will be the trainer?

Trainer Name: Abhinav Mishra

LinkedIn Profile: Link

Trainer’s bio: Abhinav has around 7+ years of experience in Information Security, penetration testing and hacking. You might have seen him giving trainings in several information security conferences and meet ups. Some of the recent training are: co-trainer in BlackHat USA 2018, BsidesDelhi 2017.

Abhinav is the founder and head of security operations at ENCIPHERS. He is also one of the Research Advisory Board member for Cobalt Core, where he also leads the penetration tests. One of the Synack Research team member, have won several accolades, bug-bounties and Hall of Fame. As much as he loves hacking, he loves giving training too.  You can find him on twitter @0ctac0der.

 

NOTE: Keep checking this page regularly, we will very soon publish the enrollment form for the first training.