top of page

SINCON Reloaded Training — Web Hacking Secrets: How to Hack Legally and Earn Thousands of Dollars at HackerOne

Mon, 29 Aug

|

Live Online Training + Video Courses

Pick up the knowledge you need to hack legally, and at the same time, make money. Dawid Czagan, one of the top hackers at HackerOne, will share advanced knowledge with you on how you can go from zero to thousands of dollars at HackerOne.

Tickets are not on sale
See other events

Time & Location

29 Aug 2022, 1:00 pm – 5:00 pm SGT

Live Online Training + Video Courses

About the event

TRAINING PRICE

  • Super Early Bird: $1,300 SGD (Sign up by 30 Jun 2022)
  • Early Bird: $1,500 SGD (Sign up by 17 Jul 2022)
  • Standard: $1,800 SGD (Sign up by 21 Aug 2022)
  • Late: $2,200 SGD

SIGN-UP NOW! National Day Flash Sale: $1,500 SGD (Sign up by 15 Aug 2022)

OVERVIEW

HackerOne is your big opportunity. This is the platform where you can hack legally, and at the same time,  make money. You can hack many different companies such as Twitter, Yahoo, Uber, Coinbase, and a lot more. And you can get paid for your findings — $100, $1,000, or even $10,000 per one bug. All you need is an Internet connection and knowledge. Yes – you need the knowledge to go from zero to thousands of dollars at HackerOneand in this online training, I’m going to share my knowledge with you.

I’m one of the top hackers at HackerOne and I know quite a lot about hacking and making money that way. In this online training, I’ll present many award-winning bugs. The more you play with award-winning bugs the more knowledge you get and the more knowledge you have, the more money you can make. I’ll also discuss a successful bug hunting strategy that I have been using in recent years. What’s moreI’ll present a lot of demos, because I want you to see how all these things work in practice.

THIS ONLINE TRAINING IS COMPOSED OF

  1. 6 hours of high-quality video courses with lots of recorded demos (LIFETIME access; details of the courses are listed below)
  2. 4 hours of live online training on 29 Aug 2022 (demonstrating advanced attacks on modern web applications + training support for the video courses)

6 HOURS OF HIGH-QUALITY VIDEO COURSES WITH LOTS OF RECORDED DEMOS

You will get lifetime access to these 6 video courses: 

1. Starting Hacking and Making Money Today at HackerOne

  • HackerOne: Your Big Opportunity
  • Getting Started with 5 Bugs
  • Automatic Leakage of Password Reset Link (FREE VIDEO)
  • How to Get Access to the Account of the Logged Out User
  • Insecure Processing of Credit Card Data
  • Disclosure of Authentication Cookie
  • User Enumeration

2. Keep Hacking and Making Money at HackerOne

  • How to Impersonate a User via Insecure Log In  (FREE VIDEO)
  • Sensitive Information in Metadata
  • Disclosure of Credentials
  • Insecure Password Change
  • Dictionary Attack

3. Case Studies of Award-Winning XSS Attacks: Part 1

  • XSS via Image
  • XSS via HTTP Response Splitting
  • XSS via Cookie  (FREE DEMO)
  • XSS via AngularJS Template Injection

4. Case Studies of Award-Winning XSS Attacks: Part 2

  • XSS via XML  (FREE VIDEO)
  • XSS via location.href
  • XSS via VBScript
  • From XSS to Remote Code Execution

5. DOUBLE Your Web Hacking Rewards with Fuzzing

  • The Basics of Fuzzing
  • Fuzzing with Burp Suite Intruder — Overview
  • Fuzzing for SQL Injection — Demo (FREE VIDEO)
  • Fuzzing for Path Traversal — Demo
  • Fuzzing with Burp Suite Intruder: Tips and Tricks

6. How Web Hackers Make BIG MONEY: Remote Code Execution

  • From SQL Injection to Remote Code Execution (FREE VIDEO)
  • From Disclosure of Software Version to Remote Code Execution
  • Remote Code Execution via File Upload
  • Remote Code Execution via Deserialisation

Lifetime access to these 6 video courses will be granted before participating in the live online training session. More information can be found in the section "What Students will receive". 

4 HOURS OF LIVE ONLINE TRAINING

Part 1: I'll demonstrate advanced attacks on modern web applications:

  • Token hijacking via PDF file
  • Subdomain takeover
  • HTTP parameter pollution
  • Bypassing XSS protection 
  • DB truncation attack
  • and more ...

Part 2: I'll answer your questions about the attacks presented in the video courses and bug hunting at HackerOne (training support for the video courses)

WHAT STUDENTS SHOULD KNOW

  • Basic hacking skills 
  • Basic knowledge of web application security
  • Basic understanding of XSS attacks (cross-site scripting)

WHAT STUDENTS WILL LEARN

  • Master web application security testing
  • Become a successful bug hunter
  • Go from zero to thousands of dollars at HackerOne.
  • Double your web hacking rewards with fuzzing
  • Learn how hackers earn thousands of dollars per one bug
  • Discover how to find these bugs step-by-step in practice (recorded DEMOS)
  • Learn from one of the top hackers at HackerOne

WHAT STUDENTS WILL RECEIVE

Students will receive lifetime access to 6 hours of high-quality video courses with lots of recorded demos (hosted on the 3rd party platform Grinfer; subject to terms of use and privacy policy). The access link will be sent after subscribing to my newsletter and before participating in the live online training session (during the live online training session, there will be time to ask questions about the attacks presented in the video courses and bug hunting at HackerOne – training support for the video courses).

WHAT STUDENTS SAY ABOUT MY TRAINING

References are attached to my LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here (https://silesiasecuritylab.com/services/training/#opinions) — training participants from companies such as Oracle, Adobe, ESET, ING, …

INSTRUCTOR

DAWID CZAGAN (@dawidczagan) is an internationally recognised security researcher and trainer. He is listed amongst the top hackers at HackerOne. Dawid Czagan has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter and other companies. Due to the severity of many bugs, he received numerous awards for his findings.

Dawid Czagan shares his security bug hunting experience in his hands-on training “Hacking Web Applications – Case Studies of Award-Winning Bugs in Google, Yahoo, Mozilla and More” and “Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation”. He delivered cybersecurity training courses at key industry conferences such as Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), DeepSec (Vienna), NorthSec (Montreal), HITB GSEC (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and the government sector (recommendations: https://silesiasecuritylab.com/services/training/#opinions).

Dawid Czagan is the founder and CEO of Silesia Security Lab – a company which delivers specialised cybersecurity testing and training services. He is also an author of online security courses. To find out about the latest in Dawid Czagan’s work, you are invited to subscribe to his newsletter (https://silesiasecuritylab.com/newsletter) and follow him on Twitter (@dawidczagan) and LinkedIn (https://www.linkedin.com/in/dawid-czagan-85ba3666/).

Share this event

Event Info: Events
bottom of page