SINCON Reloaded Training — Web Hacking Expert: Full-Stack Exploitation Mastery
Tue, 30 Aug
|Live Online Training + Video Courses
Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks. Join this unique online training, and take your professional pentesting career to the next level.
Time & Location
30 Aug 2022, 1:00 pm – 5:00 pm SGT
Live Online Training + Video Courses
About the event
TRAINING PRICE
- Super Early Bird: $1,300 SGD (Sign up by 30 Jun 2022)
- Early Bird: $1,500 SGD (Sign up by 17 Jul 2022)
- Standard: $1,800 SGD (Sign up by 21 Aug 2022)
- Late: $2,200 SGD
SIGN-UP NOW! National Day Flash Sale: $1,500 SGD (Sign up by 15 Aug 2022)
OVERVIEW
Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks. Say ‘No’ to classical web application hacking, join this unique online training, and take your professional pentesting career to the next level.
I have found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this online training I will share my experience with you. You will dive deep into full-stack exploitation of modern web applications and you will learn how to hunt for security bugs effectively.
THIS ONLINE TRAINING IS COMPOSED OF
- Almost 5 hours of high-quality video courses with lots of recorded demos (LIFETIME access; details of the courses are listed below)
- 4 hours of live online training on 30 Aug 2022 (demonstrating advanced full-stack attacks on modern web applications + training support for the video courses)
ALMOST 5 HOURS OF HIGH-QUALITY VIDEO COURSES WITH LOTS OF RECORDED DEMOS
You will get lifetime access to these 5 video courses:
1. Bypassing Content Security Policy in Modern Web Applications
- Introduction
- Bypassing CSP via ajax.googleapis.com (FREE VIDEO)
- Bypassing CSP via Flash File
- Bypassing CSP via Polyglot File
- Bypassing CSP via AngularJS
2. Hacking Web Applications via PDFs, Images, and Links
- Introduction
- Token Hijacking via PDF (FREE VIDEO)
- XSS via Image
- User Redirection via window.opener Tabnabbing
3. Hacking AngularJS Applications
- Introduction
- AngularJS: Template Injection and $scope Hacking (FREE VIDEO)
- AngularJS: Going Beyond the $scope
- AngularJS: Hacking a Static Template
- Summary
4. Exploiting Race Conditions in Web Applications
- Introduction
- Exploiting Race Conditions – Case 1 (FREE VIDEO)
- Exploiting Race Conditions – Case 2
- Case Studies of Award-Winning Race Condition Attacks
5. Full-Stack Attacks on Modern Web Applications
- Introduction
- HTTP Parameter Pollution (FREE VIDEO)
- Subdomain Takeover
- Account Takeover via Clickjacking
Lifetime access to these 5 video courses will be granted before participating in the live online training session. More information can be found in the section "What Students will receive".
4 HOURS OF LIVE ONLINE TRAINING
Part 1: I'll demonstrate advanced full-stack attacks on modern web applications:
- Server-side request forgery
- DOM-based XSS
- NoSQL injection
- Remote cookie exploitation
- Hacking deserialization
- and more …
Part 2: I'll answer your questions about the attacks presented in the video courses (training support for the video courses)
WHAT STUDENTS SHOULD KNOW
- Common web application vulnerabilities
WHAT STUDENTS WILL LEARN
- Become a web hacking expert
- Dive into full-stack exploitation of modern web applications
- Learn how hackers can bypass Content Security Policy (CSP)
- Discover how web applications can be hacked via PDFs, images, and links
- Explore how hackers can steal secrets from AngularJS applications
- Check if your web applications are vulnerable to race condition attacks
- Learn about HTTP parameter pollution, subdomain takeover, and clickjacking
- Discover step by step how all these attacks work in practice (DEMOS)
- Take your professional pentesting career to the next level
- Learn from one of the top hackers at HackerOne
WHAT STUDENTS WILL RECEIVE
Students will receive lifetime access to almost 5 hours of high-quality video courses with lots of recorded demos (hosted on the 3rd party platform Grinfer; subject to terms of use and privacy policy). The access link will be sent after subscribing to my newsletter and before participating in the live online training session (during the live online training session, there will be time to ask questions about the attacks presented in the video courses – training support for the video courses).
WHAT STUDENTS SAY ABOUT MY TRAINING
References are attached to my LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here (https://silesiasecuritylab.com/services/training/#opinions) — training participants from companies such as Oracle, Adobe, ESET, ING, …
INSTRUCTOR
DAWID CZAGAN (@dawidczagan) is an internationally recognised security researcher and trainer. He is listed amongst the top hackers at HackerOne. Dawid Czagan has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter and other companies. Due to the severity of many bugs, he received numerous awards for his findings.
Dawid Czagan shares his security bug hunting experience in his hands-on training “Hacking Web Applications – Case Studies of Award-Winning Bugs in Google, Yahoo, Mozilla and More” and “Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation”. He delivered cybersecurity training courses at key industry conferences such as Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), DeepSec (Vienna), NorthSec (Montreal), HITB GSEC (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and the government sector (recommendations: https://silesiasecuritylab.com/services/training/#opinions).
Dawid Czagan is the founder and CEO of Silesia Security Lab – a company which delivers specialised cybersecurity testing and training services. He is also an author of online security courses. To find out about the latest in Dawid Czagan’s work, you are invited to subscribe to his newsletter (https://silesiasecuritylab.com/newsletter) and follow him on Twitter (@dawidczagan) and LinkedIn (https://www.linkedin.com/in/dawid-czagan-85ba3666/).