WEBAPP SECURITY / RT423

FIVE   |   EIGHT   |   85%   |   40

           SCENARIOS                   LABS                       HANDS-ON           DURATION

During this training, students will get knowledge and skills of the  pentesters procedure to detect security vulnerabilities in web applications using a combination of manual and automated techniques and methods. Testing web-application security is not intuitive, and to be useful, you need an understanding of web application design, HTTP, JavaScript, browser behavior, and potentially other technologies.

LAB 01

Information Gathering

LAB 02

NSE: Web Vulnerabilities

LAB 03

Using Scanners

LAB 04

XSS

LAB 05

RFI and LFI

LAB 06

JavaScript Basics

LAB 07

JavaScript

LAB 08

CSRF

Scenario: WSB001

The United States Department of Justice, in cooperation with international partners, managed to discover a network of illegal darknet websites. They suspect that the admin of the websites operates from Korea.

photo_2020-03-25_19-33-17.jpg

Scenario: WSB002

Recently, a group of hackers managed to hack into the U.S. property and demographic database, and by thus exposing 200 million records to the public eye. Following these events, the U.S. government had published a public bounty on the hacker group identity. Use your Pentesting skills to find the attackers and seize the stolen information.

photo_2020-03-23_22-58-39.jpg

Scenario: WSB003

Scamming was always a method of getting victims to send private information to the attackers without raising suspicion. A group of web developers managed to find a way of tricking Facebook users into injecting or placing malicious JavaScript into their web browser. Our company managed to retrieve a sample of the script, we need you to analyze it to understand how it operates.

photo_2017-01-18_18-38-48.jpg

Scenario: WSB004

A company named Emsisoft identified ransomware written in JavaScript that infects and locks a variety of OS, such as Windows, Linux, and macOS. In short, the malware is so efficient that at the same time, the malware can modify and distribute by just changing the Bitcoin address. The company decided to attempt and find a counter-attack for this ransomware, analyze the given malware, and find a way to disable it.

photo_2020-05-14_12-44-50.jpg

Scenario: WSB005

With the Corona outbreak came a need for a stable and private online platform for meetings and progress presentations, a vast amount of companies migrated to Zoom for this reason. While having a meeting, one of the companies noticed that an unknown user had joined the chat. Now, they are seeking your help to solve the problem.

photo_2020-03-30_04-49-57.jpg

© 2020 by ThinkCyber

THE 2020

CYBERIUM