Hands-on Pentesting Exercises
Prior to conducting the training with your team, we’ll have an initial scoping meeting. This session is designed to customize the course to your specific requirements, helping us decide on the most suitable approach and focus areas to address your needs effectively.
In my hands-on pentesting training, we will attack my training web application targets (spawned in my cloud for each attendee). The participants will learn how to use professional security tools through numerous practical exercises as well as the general procedure of pentesters when attacking web applications and backends.
The attack paths learned in this training include pivoting and post-exploitation for a deeper persistence in the attacked system.
The training can either use the open-source intercepting proxy OWASP ZAP or the more pentester oriented Burp Suite Pro, depending on your choice.
My hands-on pentesting training covers many vulnerabilities and exploit styles, including:
- Injection Vulnerabilities, including Post-Exploitation towards Remote Code Execution (RCE)
- XML External Entity Attacks (XXE)
- Path-Traversals (including ClassPath-Traversals)
- Cross-Site Scripting (XSS): Reflected, Persistent, DOM-based and different contexts
- Session Attacks, etc.
- Authentication Bypass
- Information Disclosures
- Server-Side Request Forgery (SSRF), especially in cloud-based environments
- Attacks on File-Uploads and -Downloads
- Attacks on WebSockets
- Java Deserialization Vulnerabilities & Attacks: Trigger-, Abuse-, Bypass-, and Golden-Gadgets
- In-band signaling: Time-based & Denial-of-Service
- Out-of-band signaling: Generic DNS-Payloads
- Advanced XML Attacks (leading to RCEs)
- JSON Attacks (leading to RCEs)
- and many more, pwning all the things…
This hands-on offensive training teaches how to find these vulnerabilities (even the hard to find ones) and how to exploit them fully (including post-exploitation). If instead you’re more defensive-oriented and interested how to avoid and remediate these vulnerabilities in a defense-in-depth style, the Web Security Bootcamp might be of more interest to you.
What attendees will receive
All my trainings can be held in German (native speaker) or English (business fluent).
Attendees receive the following along with my training:
- Access to cloud-based training environments (individually spawned for each attendee).
- All slides and workshop material as a set of PDFs.
- Lifetime access to GitHub and DockerHub repos with my training environments in order to recap all exercises with a working setup (including freshly added stuff in the future).
- Support via mail for setup and exercise handling afterwards.
- Printed and signed Certificate of Attendance listing the training contents.
Interested in your organization’s individual quote? Let’s talk.
As always in life, there is no one-fits-all solution. So regarding the concrete setup and execution of my trainings and workshops, you have different options and variants to choose from.
Fully customizable training agenda
In case you want certain aspects of your technology stack or specific internal process or tools covered during the training: The training agenda can be customized to your needs, resulting in an individual setup and content.
On-site or Remote? – Choice is yours!
My trainings and workshops can be executed on-site (either directly at your office or at one of my training sites) as well as fully remote for home-office workers. Even hybrid variants are possible, where some remote-only workers can join online, while I execute the training on-site for the majority of the attendees. I’ve already conducted numerous online-based variants of my training, even for bigger audience groups.
Either way, attendees just need a browser as nothing needs to be installed locally, since my training runs with attendee-individual environments in my cloud.
Alternative option: Professional training recording
In case you would like to have a customized version for your company recorded as a set of chapters and lessons for your in-house video-based electronic learning platform: Let’s talk
I can record a customized training session (without attendees) and provide you with professionally cut chapters exported as SCORM, MPEG, and other formats. This package includes digital training slides and the runnable training environment for local offline training. If you and all attendees prefer to record a live training while being held, this is also possible and would produce a video handout of the full course.
That way, several companies have successfully enriched their own internal video-based training offers with my hands-on security workshops imported into their own electronic learning platforms.