We are excited to publicly announce the first session of “The Art Of Hacking”. Details are below:
Training Name: Web Application Hacking – Basic Level
Training Date | Time: 29th.September.2018 | 9:00 AM – 4:00 PM
Venue: TO THE NEW, Tower B, 4th Floor, Logix Techno Park, Noida Express Way, Sector 127, Noida, Uttar Pradesh 201304.
Big thanks to “TO THE NEW” for helping us by providing the venue.
What’s so awesome in this training?
- Free for all to attend.
- Fully hands-on training, focusing on starting and succeeding in bug-bounties too.
- It will be a live training with lab practice.
- Attendees of Basic level will get discount for advance level training.
- Networking opportunity.
- Working laptop with Kali Linux virtual machine.
- Willingness to learn
- (Optional) If you can get a personal wifi/internet connection, it would be better.
How to apply for this training?
- Fill the google form below (End of this page).
- As the seats are limited, we will chose majorly on who filled first criteria. So fill as soon as you can.
- Wait for an acceptance email from our side with more details. Make sure to bring your ID and the invitation code we send in the acceptance email.
- Enrolment start: 13th.September.2018
- Enrolment ends: 19th.September.2018
- Acceptance to be sent to attendees: 26th.September.2018
Agenda of the Training:
Module 1 – Basics of everything:
- Basics of web applications
- Vulnerability scanning
- DNS and Domain level stuff
- Intro to burp suite , Setting up & use cases
Module 2 – Recon:
- What is recon? Best tools for recon.
- Low severity issues and how to find them during recon.
- Chaining low severity bugs to get higher impact.
- Reporting low severity bugs the correct way.
Module 3 – Finding the “easy money bugs”:
- Cross Site Scripting:
- How to find? Where to look?
- Using Burp suite for finding XSS
- Interesting case studies of XSS
- Cross site request forgery
- Access control & Improper session management issues
- Insecure subdomains & hidden insecure files
Module 4 – Finding high paying bugs:
- Insecure Direct Object Reference
- What are they?
- Where do they exist?
- Using burp suite to find IDORs
- Case studies on interesting IDOR bugs
- Authentication & Session related vulnerabilities:
- MFA bypass
- Password reset issues
- Session management issues
Module 5 – How not to suck at bug bounties:
- Reporting is the key to good money.
- How to avoid duplicate issues?
- Amazing resources from around the internet.
- Where can you hunt other than Bugcrowd and Hackerone?
Want to know more about the whole series of trainings? Read here
Want to join the group? Have questions to ask? Join us on Slack: Slack Invite Link
- Presentation Used in the basic level training: (Presentation) The Art Of Hacking – Web App Basic Level
- Virtual Machine (OVA file): OVA Link
- Virtual Machine Details VM Details
- Vulnerable App – WackoPicko Details
- Vulnerable App – OWASP Juice Shop: https://github.com/bkimminich/juice-shop
Hope you loved the training. Please give your feedback here.