Tag: training

08 May 2019

Exploiting & Securing Mobile Apps – A Penetration Testing Training

This action packed training course is focused around teaching the attendees with skills required to perform penetration testing of Android & iOS applications in real world. The training is given using real world like application as the target, especially designed for this training purpose.

The course includes extremely unique, real world vulnerabilities. The attendees will be understanding the concept behind each vulnerability, and then exploiting the vulnerability on the target application. The flow of the course is designed in a way which ensures that the attendees understand each concept and are able to discover and exploit the vulnerabilities themselves. Training includes some of the unique vulnerabilities discovered and exploited on the famous mobile applications.

Download Detailed Training Agenda

Some of the vulnerabilities and topics covered in the training include: 

  • Static analysis to remote code execution
  • Static analysis to application compromise
  • User detail compromise through broadcast
  • Insecure file storage, leading to full account takeover (Android & iOS)
  • Insecure application components and exploitation
  • Insecure application screens and exploitation
  • Unintended sensitive data leakage
  • Bypassing application logic (logical vulnerability)
  • Deep linking and exploitation
  • Hacking mobile APIs (vulnerabilities in API)
  • Reverse engineering the application
  • Performing static and dynamic analysis on the application
  • Finding and exploiting real world vulnerabilities
  • Several Frida-tools use cases
  • Bypassing security controls like SSL pinning, root detection, obfuscation etc
  • Attacking APIs for vulnerabilities

Unique benefits of this training: 

  • Get practical hands-on training on real world like android and iOS apps
  • Learn finding and exploiting critical mobile application vulnerabilities 
  • Get access to training content like pdfs, guides, exploit codes, lab applications
  • Get access to virtual machine pre-installed with all needed tools (mostly for android) 

Details about the training

Training name : EXPLOITING & SECURING MOBILE APPS – A PENETRATION TESTING TRAINING

Training date: 29th – 30th June 2019

Training Timing: 10:00 AM – 5 PM

Training Venue: 

  • New Delhi, India (Exact venue to be shared with registered students)
  • Virtual Conferencing (for delegates to join remotely)

Discounts:

Discounts are only available on group booking.

  • Group registration of 3+ people: 10% discount
  • Group registration of 5+ people: 15% discount

Contact us at hello@enciphers.com for availing this discount.

Book Your Seat now.

Having issues while booking? Visit the Event booking page here

Terms and Conditions:

  • Pass prices are exclusive of taxes and gateway charges.
  • Passes are non-refundable & non-transferable.
  • In case of event cancellation, we will inform the attendees at least one weeks before the actual training date.
  • Registration fees does not include the cost of travel and accommodation of delegates. All delegates are requested to make their own arrangements and any associated fees for any other availability of services.
  • Delegates/attendees are expected to have the prerequisite ready for the training, before the training date.
01 Feb 2019

By Hackers, for Hackers

On 16th-DEC-2018, ENCIPHERS conducted a full day training on “Web Application Hacking – Advance Level” as a part of “The Art Of Hacking” training series. The seats in the training were kept limited, to ensure a good trainer to student ratio.

To enable the students understand the advance web hacking concept in the training, all the attendees and trainers were connected via a private slack group so that they can learn from the content shared, ask queries and sharpen the basics . In this class room training attendees were given access to our custom virtual private server, Bughunters VPS and were provided with multiple guides and Hackers mind map.

The full day training was filled with lots of advance hacking concepts and demonstrations. Post training, we received huge applause from the attendees on various social media platforms. Have a look at some of those tweets:

Following the same approach, but after several enhancements to the course content, Bughunters VPS and training duration. We are launching “Web Application Hacking – Advance Level 2.0


13 Sep 2018

The Art Of Hacking (Delhi Edition) : Web Application Hacking – Basic Level

We are excited to publicly announce the first session of “The Art Of Hacking”. Details are below:

Training Details:

Training Name: Web Application Hacking – Basic Level

Training Date | Time: 29th.September.2018 | 9:00 AM – 4:00 PM

Venue:  TO THE NEW, Tower B, 4th Floor, Logix Techno Park, Noida Express Way, Sector 127, Noida, Uttar Pradesh 201304.

Big thanks to “TO THE NEW” for helping us by providing the venue.

 

What’s so awesome in this training?

  • Free for all to attend.
  • Fully hands-on training, focusing on starting and succeeding in bug-bounties too.
  • It will be a live training with lab practice.
  • Attendees of Basic level will get discount for advance level training. 
  • Networking opportunity.

 

Prerequisites:

  • Working laptop with Kali Linux virtual machine.
  • Willingness to learn
  • (Optional) If you can get a personal wifi/internet connection, it would be better.

 


How to apply for this training?

  1. Fill the google form below (End of this page).
  2. As the seats are limited, we will chose majorly on who filled first criteria. So fill as soon as you can.
  3.  Wait for an acceptance email from our side with more details. Make sure to bring your ID and the invitation code we send in the acceptance email.

Timeline:

  • Enrolment start: 13th.September.2018
  • Enrolment ends: 19th.September.2018
  • Acceptance to be sent to attendees: 26th.September.2018

 

Agenda of the Training:


Module 1 – Basics of everything:

  • Basics of web applications
  • Vulnerability scanning
  • DNS and Domain level stuff
  • Intro to burp suite , Setting up & use cases

Module 2 – Recon:

  • What is recon? Best tools for recon.
  • Low severity issues and how to find them during recon.
  • Chaining low severity bugs to get higher impact.
  • Reporting low severity bugs the correct way.

Module 3 – Finding the “easy money bugs”:

  • Cross Site Scripting:
    • How to find? Where to look?
    • Using Burp suite for finding XSS
    • Interesting case studies of XSS
  • Cross site request forgery
  • Access control & Improper session management issues
  • Insecure subdomains & hidden insecure files

Module 4 – Finding high paying bugs:

  • Insecure Direct Object Reference
    • What are they?
    • Where do they exist?
    • Using burp suite to find IDORs
    • Case studies on interesting IDOR bugs
  • Authentication & Session related vulnerabilities:
    • MFA bypass
    • Password reset issues
    • Session management issues

Module 5 – How not to suck at bug bounties:

  • Reporting is the key to good money.
  • How to avoid duplicate issues?
  • Amazing resources from around the internet.
  • Where can you hunt other than Bugcrowd and Hackerone?

 

Want to know more about the whole series of trainings? Read here

Want to join the group? Have questions to ask? Join us on Slack: Slack Invite Link

Training Content/Hand-Outs:

  1. Presentation Used in the basic level training: (Presentation) The Art Of Hacking – Web App Basic Level
  2. Books/Resources:
    1. OWASP testing guide: OTGv4
    2. CORS POC sample: CORS_POC
    3. Web Application penetration Testing Checklist: Web Application Penetration Testing Checklist
    4. More resources to start in web app security:  Resources
  3. Virtual Machine (OVA file): OVA Link
  4. Virtual Machine Details VM Details
  5. Vulnerable App – WackoPicko Details
  6. Vulnerable App – OWASP Juice Shop: https://github.com/bkimminich/juice-shop

 

Hope you loved the training. Please give your feedback here.