Category: Training

01 Feb 2019

By Hackers, for Hackers

On 16th-DEC-2018, ENCIPHERS conducted a full day training on “Web Application Hacking – Advance Level” as a part of “The Art Of Hacking” training series. The seats in the training were kept limited, to ensure a good trainer to student ratio.

To enable the students understand the advance web hacking concept in the training, all the attendees and trainers were connected via a private slack group so that they can learn from the content shared, ask queries and sharpen the basics . In this class room training attendees were given access to our custom virtual private server, Bughunters VPS and were provided with multiple guides and Hackers mind map.

The full day training was filled with lots of advance hacking concepts and demonstrations. Post training, we received huge applause from the attendees on various social media platforms. Have a look at some of those tweets:

Following the same approach, but after several enhancements to the course content, Bughunters VPS and training duration. We are launching “Web Application Hacking – Advance Level 2.0


24 Jan 2019

WEB APPLICATION HACKING – ADVANCE LEVEL 2.0

We Conducted the Web Application Hacking – Advance level training on 16th DEC 2018. Right after completing the training, we received amazing positive feedback: 

20190123_172738_0001

You can also read a post by one of the student, who won several bounties just hours after the training. MY EXPERIENCE OF THE ART OF HACKING TRAINING, AND THE STORY OF FIRST CRITICAL FINDING

We also received several inquiries regarding the next date of the training, from many who were not able to register last time. So keeping these things in mind, we worked more on improving several things:

  • Two day training agenda, comprising of several real world vulnerabilities and exploits instead of one day as it was in the last training. 
  • An improved version of Bughunters VPS, more tools, more secure, more powerful
  • A real world application like, lab environment, specifically created for this training.

So, now we present to you WEB APPLICATION HACKING – ADVANCE LEVEL 2.0, a two day classroom based training, focused on advance level exploitation of web application vulnerabilities.

Details about the training

Training name : Web Application Hacking – Advance level 2.0

Training Agenda : Agenda of Web Application Hacking-Advance level 2.0

Training date: 30th – 31st March 2019

Training Timing: 9:00 AM – 5 PM

Training Venue: New Delhi, India (Exact venue to be shared with registered students)

Training Fee: 

  • Classroom based training (Without VPS access): 15,000 INR + 18% GST [Final cost: 17,700 INR]
  • Classroom based training + One month access to Bughunters VPS: 20,000 INR + 18% GST [Final cost: 23,600 INR]

Only for students outside New Delhi – NCR, India region: [Only 10 seats available]

  • Online access to the training (virtual conferencing): 17,000 INR + 18% GST [Final cost: 20,060 INR] 
  • Online access to the training + One month access to Bughunters VPS: 22,000 INR + 18% GST [Final cost: 25,960 INR]

Unique benefits of this training:

2 days classroom based training on Advance level attacks on real world application specifically designed for training students.

Confirm enrollment to free Basic level training (online).

100% discount coupon for the online course: Web Application Penetration Testing Using Burp Suite.

One month access to completely customized VPS (Virtual Private Server). Attendees can use this server to do bug bounties or perform penetration testing. (Optional)

Detailed guides for all the tools on Bughunters VPS.

Hackers mind map: to help you understand what all things should be tested and how to proceed at each level.

Super cool training completion certificate by ENCIPHERS.

Access to private slack channel: ask doubts and questions. 

How to enroll for this training:

  1. Complete the payment:
    1. UPI: enciphers@icici
    2. IMPS/NEFT:
      1. Bank Name: ICICI Bank Ltd
      2. Acc No: 628205025182
      3. Account Name: ENCIPHERS
      4. IFSC: ICIC0006282
  2. Fill the google form here: Google Form
    1. Make sure to chose training mode you selected.
    2. Make sure to submit the transaction details (Transaction number etc)

Capture

For any inquiry contact us at: artofhacking[at]enciphers[dot]com

Join the Slack group of The Art Of Hacking:  Join us on Slack: Slack Invite Link

For corporate training and other inquiries: hello[at]enciphers[dot]com

02 Jan 2019

My experience of The Art Of Hacking training, and the story of first critical finding

Hey folk,

I am Jayesh patel. Little bit of $whoami:  I am a bug hunter who is highly motivated towards the field of Web, Mobile application Security and I actively participate on various Bug Bounty Programs/Platforms like Bugcrowd, Hackerone, BugBounty.jp, openbugbounty.org.

 

Why am I writing this blog post ?

ENCIPHERS team asked me about my experience of basic and advanced level training in The Art Of Hacking series, and asked if I would be interested to share my experience through a post. 

So I said yes!!! and here i am writing blog about some of my findings, which I discovered after taking advance level training from ENCIPHERS.

Before the advance level training, I was only able to find the vulnerabilities which were of low-severity but after the training, I found my first critical vulnerability within hours. 

So the journey started on 29 September 2018, when ENCIPHERS team conducted a free training  “The Art Of Hacking: WEB APPLICATION HACKING – BASIC LEVEL“.  The training was awesome, I  learned lot of things to improvise in bug bounty hunting.  ENCIPHERS team also helped me in finding a vulnerability on a web application which I was trying to hack (under a responsible disclosure program).

 

After The Art Of Hacking – Basic Level training, ENCIPHERS team announced about The The Art Of Hacking: WEB APPLICATION HACKING – ADVANCE LEVEL and I Registered for the training. The advance level training was conducted on 16 December 2018, at Vivanta By Taj, New Delhi. This time, it was about advance and critical vulnerabilities like RCE, SQLI, SSRF, XXE  etc.

 

On the day of training, it started with setting up our access on a virtual private server,  Bughunter’s VPS and we were provided with multiple guides (PDFs). One of the other interesting thing was a Hacker Mind-Map designed by ENCIPHERS team.  The Hacker Mind-Map is a detailed flow of steps which one can follow while doing bugbounties or penetration testing. The Bughunter’s VPS was already setup with multiple bug bounty related tools, and a Tools and Usage guide  was also provided. This helped me a lot in finding bugs, just by recon only. The Mind-Map explained, how someone should start with testing a target, and what are the possible tests to do at each stage. 

In the training, we learned about many advance level vulnerabilities, and exploited them in a test application (by taking remote shells and dumping databases). 

Story of my first critical bug:

After the training, while I was returning back to my hometown, I had a few hours on the train station. So I thought of doing some bug hunting using the concepts from training.

So, I choose a target and first thing I learned in training was to understand the scope properly. This was a target with sub-domains included, so I started using my Bughunter’s VPS and discovered all the sub domains using Aqua-tone tool, which was already setup on the VPS. After that enumeration I started port scanning on all the sub-domains using Masscan tool on Bug Hunter VPS.

After scanning, I found that 5002 port was open on target site so I just opened that site www.xyz.com:5002 on chrome.

Yeah…….!!! 🙂 😉

port was open and control panel login page was visible now my second task was to bypass the access control page so I just tried the default credential admin:admin.

After entering username and password I got access of control panel and yeah!!! that was my first critical bug and all thanks to ENCIPHERS team for this amazing training.

 

 

If you are into bug bounties or penetration testing and want to enhance your security skills, I would highly recommend a training by ENCIPHERS.

Once I reported the vulnerability to the target company’s email address, within 24 hours I got a response:

unnamed (4)unnamed (5)

At the end of this blog, I just want to post a picture of me from the training 🙂 Looking forward to more training by ENCIPHERS.

 

DSCN5603

29 Oct 2018

Workshop on DISCERNING HIGH IMPACT MOBILE APPS VULNERABILITIES at Bsidesdelhi on 25th Oct

About Conference
Bsidesdelhi is a event where professionals, experts, researchers, and InfoSec enthusiasts come together to discuss on information security.

 

Workshop highlights

This workshop was about High Impact Security Vulnerabilities in android and ios application.Workshop was focused on teaching how to test a mobile for some of the high impact security vulnerabilities and how to fix them.it was having good mix of presentations ,demos and hands on practicals on a VPS which was provided to attendees.

and some of the Vulnerability case studies were discussed why they exist, how to test such issues and fix them.

It was an awesome experience with attendees and Thanks for joining the workshop.
Hope to see you at Advance Level Web Hacking a part of “Art of Hacking” Series on 16 dec want to join the workshop check out the enciphers blog post about Advance Web Hacking.

01 Oct 2018

Web Application Hacking – Advanced Level

Right after the completion of our first training “Web Application Hacking – Basic Level”, we announced the advanced level training.

  • Training Name: Web Application Hacking – Advanced Hacking
  • Training Agenda: Find it here: Agenda For Web Application Hacking – Advanced Level
  • Training Date: 16th December 2018
  • Training Venue: Vivanta By Taj, Dwarka, New Delhi
  • Training Fee (Inclusive of lab access and taxes): 12,000 INR
  • Unique benefits of this training: 
    • One day training on advanced level attacks on web applications.
    • One month access to a specifically designed virtual private server. Attendees can use this server to perform bug bounties on targets and submit reports. The VPS (virtual private server) will also have detailed guides on how to start the testing, how to use specific tools on those servers and how to submit reports and earn money.
    • Invite to two Q&A sessions to ask doubts and take help.
    • Access to separate channel for asking questions and taking help.

 

How to enrol for this training:

Screenshot 2018-09-29 at 10.54.28 PM

Screenshot 2018-09-29 at 10.53.33 PM.png