Ctf 201: Advanced Web Exploits For Cyber Competitions

Ethical hacking, bug bounty, and web pentesting skills taught in a fun and interesting way with CTF challenges.

What you'll learn

Understand the OWASP Top 10 and identifying common web exploits.

Enumerating and exploiting websites using Burpsuite, Gobuster, SQLMap, and more.

Tactics for approaching web challenges in CTF competitions.

Winning more cyber competitions!

Requirements

No programming experience is required but some knowledge of Javascript, PHP, and other common web languages is very helpful.

Description

The cybersecurity industry is one of the most rapidly-changing today, and practitioners needs to be able to keep up. Learning new skills and techniques is vital to staying up-to-date with trends that can make the difference between advancement in your career, or possibly missing out. Thousands of hackers around the globe have discovered the power of gamifying their learning experience by taking part in cyber competitions. They are constantly sharpening their skills against each other in a test of wits that often also has a positive effect on their work performance as well. However, for beginners, it may seem difficult to learn how to actually get started in the realm of cyber competitions.As an advanced CTF University course, CTF 201 will expand on the lessons taught in the lower-level CTF 101 course, and focus specifically on the Web category. Cybersecurity expert and US Cyber Team CTF Coach Jacob Elliott will lead you through lessons in common web exploits, categorized by OWASP Top 10, that you can expect to apply in cyber competitions as well as as a web app pentester on the job. Content will be added regularly with new example challenges and walkthroughs that you can follow along with to apply the skills that you learn in the course.

Overview

Section 1: Introduction

Lecture 1 Introduction

Lecture 2 What To Expect

Lecture 3 The OWASP Top 10

Lecture 4 Setting Up Your Environment

Lecture 5 Docker

Section 2: Essential Tools

Lecture 6 Your Browser!

Lecture 7 Curl

Lecture 8 BurpSuite

Lecture 9 DirBuster / GoBuster

Lecture 10 SQLMap

Lecture 11 WFuzz

Lecture 12 JWTTool

Lecture 13 Metasploit

Lecture 14 Ngrok

Lecture 15 PyCharm

Lecture 16 Visual Studio Code

Lecture 17 Sublime Text

Lecture 18 CyberChef

Section 3: Web Basics

Lecture 19 Hypertext Transfer Protocol (HTTP)

Lecture 20 Hypertext Markup Language (HTML)

Lecture 21 Frontend vs Backend

Section 4: Enumeration

Lecture 22 The First Look

Lecture 23 Code Review

Lecture 24 Challenge Design

Section 5: Course Materials

Lecture 25 Download Example Challenge Files

Section 6: A01 :2021 - Broken Access Control

Lecture 26 Robots

Lecture 27 Forced Browsing

Lecture 28 Parameter Tampering

Lecture 29 Insecure Direct Object Reference (IDOR)

Lecture 30 Cookies

CTF players of all skill levels who would like to strengthen their skills in the Web category.