2020-09-02, 12:30–15:30, Workshops stream 2
This class will focus on specific areas of application security and on advanced vulnerability identification and exploitation techniques of the most complex of the server side bug classes. The class will completely be hands-on where the attendees can learn to identify and exploit typical scenarios of server side vulnerabilities, which often go undetected by any modern application security scanner. The 4-hour course is handwoven in such a way that will enable the attendees to manually identify and tackle through such scenarios that they may come across in real life during their work or bug bounty.
Introduction to the Server Side attacks
XXE Attacks -Introduction
- XXE in file parsing
- XXE Exploitation over OOB channels
- XXE when OOB fails
SSRF Server Side Request Forgery -Introduction
- SSRF to access internal network / read internal files
- SSRF to gain Shell
Remote code execution
- OS command Injection vs Remote Code Execution (RCE)
- RCE via debug messages
- RCE via file uploads
- RCE via SSTI
- Exploiting code injection and data extraction over OOB channel
Hacking a multilayered architecture - Reverse Proxies
- Basics of Reverse Proxy
- Common Misconfigurations in Reverse Proxy
- Java web servers Path Parameter
- Different server inconsistencies [Nginx / Apache Misconfigurations]
- Case Study F5 Auth Bypass
The lesser-known techniques of exploiting the server-side vulnerabilities will be demystified during the course of 4 hours.
WHO SHOULD TAKE THIS COURSE
- Web developers,
- Security Engineers,
- Bug Bounty Hunters,
- Anyone who wants to upgrade his or her skill set.
Students must bring their own laptop and have admin/root access on it.
The laptop must have a virtualization software (virtual box / VMWare) pre-installed.
The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicatedly for the VM.
- Harsh Jaiswal - Application security engineer @Vimeo
- Rahul Maini - Security @Emirates
- Rajanish Pathak - Software Security Researcher @xen1thlabs
You can purchase tickets here: https://nonamecon.2event.com/
@h4ckologic | Security Researcher | Bug Bounty Hunter