BlackHat – Attacking Injection Flaws Masterclass – Edition 2022


BlackHat – Attacking Injection Flaws Masterclass – Edition 2022
English | Size: 6.54 GB
Genre: eLearning

Injection flaws have dominated web application vulnerability lists since time immemorial. And despite OWASP reducing their ranking from 1 to 3, they are still one of the most devastating web application vulnerabilities. Efforts have been made for years to secure applications against related attacks, from new frameworks to new defensive techniques. A lot has been done, but is it enough? This course enables you to walk through dozens of hacklabs and learn how – despite defensive efforts – injection flaws persist, with drastic effects on application security.

Get into the attacker mindset for 2 days and deploy over 30 fresh and novel injection attacks via our state-of-the-art hacklabs. This practical course is packed with information and delivered by professional penetration testers, well-versed in web hacking from their years of experience in the wild. By the time you leave, you’ll understand how to deploy attacks using complex injection flaws.

This course will be delivered virtually.

Course highlights:

  • 2 days of hands-on hacking, led by professional trainers experienced in real-world pentesting
  • A focus on current, novel, and advanced exploitation techniques across web applications, APIs, cloud components, and other endpoints
  • 30-day free access to the course lab after the class

Course details:

  • Learning – 30% theory, 70% practical
  • Real-world-led theory sessions + technical challenges followed by trainer-led walkthrough
  • Includes a personal progress tracker to support learning at your own pace
  • Access to a custom Kali Linux image, fully loaded with plugins, tools, and other features to help you identify and exploit vulnerabilities
  • Designed for practical application and to support studies for accreditations

Course syllabus:

Lab set up and architecture overview

  • Introduction to Burp Features

Structured Query Language (SQL) injection masterclass

  • Second-order injection
  • Out-of-band (OOB) exploitation
  • SQLi through crypto
  • OS code execution via PowerShell
  • Advanced topics in SQli
  • Advanced SQLMap usage and web application firewall (WAF) bypass
  • Pentesting GraphQL
  • Introspection-based attacks on GraphQL
  • SQL injection via file metadata

Extensible Markup Language (XML) external entity (XXE) attack

  • XXE Basics
  • Advanced XXE exploitation over OOB channels
  • XXE through Security Assertion Markup Language (SAML)
  • XXE in file parsing/uploads
  • XXE via XInclude

Remote Code Execution (RCE)

  • Java serialisation attack
    • Binary
    • XML
    • JSON
    • SerialVersionUID mismatch
  • .Net serialisation attack
  • PHP serialisation attack
  • Python serialisation attack
  • Server-side template injection
    • Ruby injection
    • Analysing CVE-2021-25770
  • Exploiting code injection over OOB channels
  • Exploiting misconfigured code control systems

Server-Side Request Forgery (SSRF)

  • SSRF to query internal network
  • SSRF to exploit templates and extensions
  • SSRF filter bypass techniques
  • SSRF exploitation in AWS
  • Examples from in the wild ( Case Studies )

Miscellaneous injections

  • Host header validation bypass
  • HTTP parameter pollution (HPP)
  • Advanced SAML injection
  • Attacking Log4j to achieve RCE (Log4Shell CVE-2021-44228)
  • Examples from the Wild ( Case Studies )
DOWNLOAD FROM RAPIDGATOR

rapidgator.net/file/ba3d81974985447a16059200ddab1cc2/Attacking-Injection-Flaws-Masterclass-Edition-2022.part1.rar.html
rapidgator.net/file/8537cac5eaf18793415ab3455e58c69d/Attacking-Injection-Flaws-Masterclass-Edition-2022.part2.rar.html
rapidgator.net/file/cddf6595499c4768b3f0a2c6e0990f65/Attacking-Injection-Flaws-Masterclass-Edition-2022.part3.rar.html
rapidgator.net/file/0d63074b2be27b6a18f860f11c2ebef9/Attacking-Injection-Flaws-Masterclass-Edition-2022.part4.rar.html
rapidgator.net/file/0305bdcb722b2b18137637515177b284/Attacking-Injection-Flaws-Masterclass-Edition-2022.part5.rar.html
rapidgator.net/file/c407c4b3189dfc922db361dc7e4cfd64/Attacking-Injection-Flaws-Masterclass-Edition-2022.part6.rar.html
rapidgator.net/file/a0f2a267cadc67ac0791a15bdfeae69f/Attacking-Injection-Flaws-Masterclass-Edition-2022.part7.rar.html

DOWNLOAD FROM TURBOBIT

trbbt.net/vbvj54vr1nb2/Attacking-Injection-Flaws-Masterclass-Edition-2022.part1.rar.html
trbbt.net/14pkuyave7if/Attacking-Injection-Flaws-Masterclass-Edition-2022.part2.rar.html
trbbt.net/g0ier4p5srgq/Attacking-Injection-Flaws-Masterclass-Edition-2022.part3.rar.html
trbbt.net/qm16420vxhs7/Attacking-Injection-Flaws-Masterclass-Edition-2022.part4.rar.html
trbbt.net/yg9p01m7m4lm/Attacking-Injection-Flaws-Masterclass-Edition-2022.part5.rar.html
trbbt.net/reax6feolby8/Attacking-Injection-Flaws-Masterclass-Edition-2022.part6.rar.html
trbbt.net/wtuowriuuvgz/Attacking-Injection-Flaws-Masterclass-Edition-2022.part7.rar.html

If any links die or problem unrar, send request to
forms.gle/e557HbjJ5vatekDV9

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.