Introduction to the Server Side attacks

XXE Attacks -Introduction

• XXE in file parsing
• XXE Exploitation over OOB channels
• XXE when OOB fails

SSRF Server Side Request Forgery -Introduction

• SSRF to access internal network / read internal files
• SSRF to gain Shell

Remote code execution

• OS command Injection vs Remote Code Execution (RCE)
• RCE via debug messages
• RCE via file uploads
• RCE via SSTI
• Exploiting code injection and data extraction over OOB channel

Hacking a multilayered architecture - Reverse Proxies

• Basics of Reverse Proxy
• Common Misconfigurations in Reverse Proxy
• Java web servers Path Parameter
• Different server inconsistencies [Nginx / Apache Misconfigurations]
• Case Study F5 Auth Bypass

KEY TAKEAWAYS

The lesser-known techniques of exploiting the server-side vulnerabilities will be demystified during the course of 4 hours.

WHO SHOULD TAKE THIS COURSE

• Web developers,
• Security Engineers,
• Bug Bounty Hunters,
• Anyone who wants to upgrade his or her skill set.

STUDENT REQUIREMENTS

Students must bring their own laptop and have admin/root access on it.
The laptop must have a virtualization software (virtual box / VMWare) pre-installed.
The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicatedly for the VM.

SPEAKERS

• Harsh Jaiswal - Application security engineer @Vimeo
• Rahul Maini - Security @Emirates
• Rajanish Pathak - Software Security Researcher @xen1thlabs

You can purchase tickets here: https://nonamecon.2event.com/