Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access
Modern IT systems are increasingly complex, making full-stack expertise more essential than ever.
That's why diving into full-stack pentesting is crucial—you will gain the skills needed to master modern attack vectors and implement effective defensive countermeasures.
For each attack, vulnerability and technique presented in this training, there is a lab exercise to help you develop your skills step by step. What's more, when the training is over, you can take the complete lab environment home to hack again at your own pace.
The instructor has found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this training he´ll share his experience with you.
Key takeaways
After completing this training, you will have learned about:
• Hacking cloud applications
• API hacking tips & tricks
• Data exfiltration techniques
• OSINT asset discovery tools
• Tricky user impersonation
• Bypassing protection mechanisms
• CLI hacking scripts
• Interesting XSS attacks
• Server-side template injection
• Hacking with Google & GitHub search engines
• Automated SQL injection detection and exploitation
• File read & file upload attacks
• Password cracking in a smart way
• Hacking Git repos
• XML attacks
• NoSQL injection
• HTTP parameter pollution
• Web cache deception attack
• Hacking with wrappers
• Finding metadata with sensitive information
• Hijacking NTLM hashes
• Automated detection of JavaScript libraries with known vulnerabilities
• Extracting passwords
• Hacking Electron applications
• Establishing reverse shell connections
• RCE attacks
• XSS polyglot
• and more …
Prerequisites
To get the most of this training intermediate knowledge of web application security is needed. Students should have experience in using a proxy, such as Burp Suite Proxy or Zed Attack Proxy (ZAP), to analyze or modify the traffic.
Target audience
• penetration testers / ethical hackers / red and blue team members / SOC analysts,
• software developers / software testers / security engineers / security consultants
About the instructor: Dawid Czagan
Dawid Czagan is an internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security bugs in Apple, Google, Mozilla, Microsoft and many others. Due to the severity of many bugs, he received numerous awards for his findings.
Dawid Czagan shares his offensive security experience in his hands-on trainings. He delivered trainings at key industry conferences such as DEF CON (Las Vegas), OWASP Global AppSec EU (Barcelona), Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), NorthSec (Montreal), HITB GSEC (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (references are attached to Dawid Czagan's LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: https://silesiasecuritylab.com/services/training/#opinions).
¨
Dawid Czagan is the founder and CEO at Silesia Security Lab. To find out about the latest in his work, you are invited to subscribe to his newsletter (https://silesiasecuritylab.com/newsletter) and follow him on Twitter (dawidczagan), YouTube (https://www.youtube.com/channel/UCG-sIlaM1xXmetFtEfqtOqg), and LinkedIn (https://www.linkedin.com/in/dawid-czagan-85ba3666/).
DAY 1
1. Hacking cloud applications (90 minutes)
- Amazon S3: directory listing via AWS CLI tool
- Amazon S3: bruteforcing buckets
- Amazon S3: bruteforcing objects in a given bucket
- Amazon EC2: reading the SecretAccessKey (3 techniques)
- Bypassing Cloudflare firewall
2. API hacking tips & tricks (60 minutes)
- API hacking with X-HTTP-Method-Override:
- API hacking with X-Override-URL:
- API hacking with callback
- API hacking with JSON enforcement (in request)
- API hacking with JSON enforcement (in response)
3. OSINT asset discovery tools (60 minutes)
- Subdomain enumeration with dnscan and amass
- Subdomain enumeration with Certificate Transparency log
- Subdomain enumeration with SubDomainizer
- Domain enumeration with nerdydata.com
- Top-level domain enumeration with dnscan
4. Hacking with special characters (45 minutes)
- Visual impersonation with ASCII control characters
- Visual impersonation with Unicode control characters
- XSS via response splitting
5. XML attacks (45 minutes)
- XML External Entity attack (XXE)
- XML XInclude attack
- XSS via XML
6. Server-side template injection (SSTI) (60 minutes)
- RCE via template injection in PHP Smarty
- RCE via template injection in Python Jinja
- RCE via template injection in Java FreeMarker
7. Hacking git repos (45 minutes)
- gitleaks (finding sensitive data based on regular expressions)
- trufflehog (finding sensitive data based on entropy checking)
- dumping git repo with git-dumper
- finding sensitive data in git commit history
DAY 2
Google hacking techniques (45 minutes)
- finding directory listings and backup files
- finding SQL syntax errors
- finding URLs with API keys
- finding internal server errors
- finding insecure HTTP web pages
2. Automated SQL injection detection and exploitation (45 minutes)
- sqlmap: full test case coverage, dumping database table entries
- sqlmap: installing a backdoor (from SQL injection to remote code execution)
- sqlmap: bypassing web application firewalls with tamperscripts
3. File read attacks (60 minutes)
- Alternate Data Streams notation
- 8dot3 notation
- Windows NTFS (2 techniques)
4. Data exfiltration tools and techniques (90 minutes)
- DNS exfiltration using dnscat2
- ICMP exfiltration using Data Exfiltration Toolkit
- text-based steganography using cloakify
- image-based steganography exfiltration using LSBSteg
- video-based steganography using CCVS
5. GitHub hacking techniques (45 minutes)
- web config files
- database config files
- private keys
- IDE config files
- Amazon AWS keys
6. Non-standard XSS attacks (30 minutes)
- XSS attack with two slashes
- XSS via URL
7. Smart password cracking with hashcat (45 minutes)
- cracking NTLM password
- cracking password-protected PDF document
- benchmarking
8. Other tools and techniques (45 minutes)
- Retire.js: finding JavaScript libraries with known vulnerabilities
- Extracting passwords with LaZagne
- NTLM hash hijacking with Responder
DAY 3
1. File upload attacks (45 minutes)
- via .htaccess
- via SVG file
- via AddHandler
2. CLI hacking scripts (60 minutes)
- using waybackurls
- using photon
- using nmap + nikto
- nmap vs. masscan
3. Hacking with wrappers (60 minutes)
- RCE with data: wrapper
- RCE with php://input wrapper
- RCE with zip: wrapper
4. NoSQL injection detection and exploitation (45 minutes)
- Elasticsearch
- MongoDB
- CouchDB
5. Bypassing restrictions (60 minutes)
- with X-Forwarded-For:
- with Forwarded:
- with IP address
- with hex encoding in JavaScript
6. Modern full-stack web attacks (45 minutes)
- HTTP parameter pollution
- Web cache deception attack
7. Hacking Electron applications (45 minutes)
- from XSS to RCE
- from insecure framing to RCE
8. Miscellaneous (45 minutes)
- Finding metadata with exiftool
- Reverse shell connection with ShellPop
- XSS polyglot
What Students Should Bring
Students will need a laptop with 64-bit operating system, at least 8 GB RAM, 35 GB free hard drive space, administrative access, ability to turn off AV/firewall and VMware Player/Fusion installed (64-bit version). Prior to the training, make sure there are no problems with running x86_64 VMs.
Special Bonus
The ticket price includes FREE access to my 6 online courses:
• Fuzzing with Burp Suite Intruder
• Exploiting Race Conditions with OWASP ZAP
• Case Studies of Award-Winning XSS Attacks: Part 1
• Case Studies of Award-Winning XSS Attacks: Part 2
• How Hackers Find SQL Injections in Minutes with Sqlmap
• Web Application Security Testing with Google Hacking