Tactical Web Exploitation for Penetration Testers

Learn Black-Box Web Application Penetration Testing and Website Hacking from Black Hat Perspective

What you'll learn
Learn ethical hacking and penetration testing skills
Ability to perform manual exploitation of web applications
Ability to perform multi-staged chained attacks
Ability to perform post-exploitation techniques
Ability to perform advanced local file inclusion attacks (LFI)
Ability to perform directory traversal attacks (Path Traversal)
Ability to perform cross site request forgery attacks
Ability to exploit time-based blind SQL injection (SQLi)
Ability to leverage second order cross-site scripting (XSS)
Ability to exploit and weaponizing cross-site scripting vulnerability
Learn Advanced use of BurpSuite, and Much More

Requirements
Good Knowledge of the Linux System.
Good Understanding of Web Penetration Testing Techniques and Methodologies.

Description
Welcome to Tactical Web Exploitation for Penetration Testers online course (TWXS01). This is an aggressive, intensive and highly advanced web application security-training course, focusing on exploiting the toughest web application vulnerabilities. It aims to teach you the skills and techniques needed to conduct a black box web application penetration tests.

This training course will introduce you to the very core of the web application exploitation process. You'll learn the different phases involved in the black box security testing methodology by testing the applications from the outside in, with little or no prior knowledge of the application’s internal workings, using the same methods and techniques conducted by Black Hats.

TWXS01 is a comprehensive 11-hour online course that will teach you all about web attacks and exploitation. You will practice the art of manually exploiting web applications. You will learn about the attacker’s tools, methods and skills needed to conduct a black box web application penetration tests through detailed, 100% hands-on exercises and with guidance from the instructors.

By the end of this course, you will be able to take your skills to the next level, being able to perform advanced web application attacks, chain attacks using multiple vulnerabilities, using creative and innovative ways of exploiting web vulnerabilities, replicate the discovered vulnerabilities, which will help you sharpen your skills to meet the challenges in this constantly updating industry.

This 11 hour course, is divided into nine essential sections as shown in the course syllabus. It features many topics, including:

Burpsuite essentials: a minimized course with 10 sections which allow you to acquire a decent familiarity and knowledge about the key features and the most used tools in Burp to perform various crucial tasks.

WordPress CSRF To Remote Code Execution: It teaches you how to exploit WordPress core vulnerabilities by chaining them into complex attacks where you will end up with a remote code execution. You will also learn how to bypass implemented security mechanisms with tact and class.

WordPress Improper Control to Code Injection: You will learn the latest advanced exploitation techniques to get a foothold on your WordPress target by varying different methods, including: targeting WordPress core vulnerabilities, to time-based blind SQL injection attacks.

Gitlab Mutli-Vulnerabilities to Remote Code Execution: This module is a piece of art with 16 sections dedicated for Gitlab exploitation by targeting multiple vulnerabilities, this module will dive deep into the penetration testing process from target scanning to remote command execution.

In addition to highly-practical and extensive course materials, We have also provided you with downloadable private labs "Evilrc" where you can practice and sharpen the skills you will come to acquire throughout the training.

Important Notes:

Before deciding to join us, we invite you to check the following enabled preview:

Module 0 - Introduction to Tactical Web Exploitation.

Module 6 - 6.5 - Chaining CSRF With XSS Vulnerability

Module 8 - 8.7 Bypassing CSRF protection.

For best learning experience, we recommend you to switch your web player to 1080p

Hardware Requirements:

CPU: 64-bit Intel i5/i7 2.0+ GHz processor

RAM: 8GB RAM (More memory is recommended)

Hard Drive Free Space: 60 GB Free Space (More memory is recommended)

Host Operating System: Latest version of Windows, or Linux that also can install and run VMware virtualization products described below.

Evilrc Labs Hardware Requirements:

Evilrc is Genosec penetration testing private labs, A custom virtual machine tailored specifically for web application penetration testing, with all labs installed locally.

Evilrc "Guest" Minimal Memory Requirements At least 1 GB of RAM (2 GB is recommended).

Kali Linux "Guest" Minimal Memory Requirements At least 2 GB of RAM (4 GB is recommended)

For Kali Linux, Realistically 8 GB with a SWAP file of equal value due to high demanding nature of scanning or crawling techniques which requires more memory allocation, For the best experience with Burp Suite, We recommend using a guest kali machine with at least 8 GB of memory and 2 vCPU cores.

Evilrc credentials:

No credentials will be provided as your only way to access Evilrc "Is to Hack your way in"

HINT : Rick Sanchez says "MwGVUjohi7U "

Additional Software Requirements:

Download and install either VMware Workstation Pro 16.x, VMware Player or Fusion 12.x or higher versions before the course.

Other virtualization software, such as VirtualBox and Hyper-V, are not appropriate because of compatibility and troubleshooting problems you might encounter during the course.

Disclaimer:

The content of this course was created for Educational Purposes Only, it is designed to help users test their own system against information security threats and protect their IT infrastructure from similar attacks.

All of the demonstrated attacks are launched in a controlled environment that have been designed specifically for this course by Mohammad Sa'ed.

The provided materials / labs are designed and owned by “Mohammad Sa’ed” for Penetration Testing and Ethical Hacking use.

Who this course is for:
Ethical Hackers
Penetration Testers
Security Professionals
Web Application Developers
Web Application Security Specialists
Bug Bounty Hunters

More Info