For register more than 2 people.
Linux & Windows Basics
- Essentials Windows Command Line
- Essentials Linux Command Line
Information Gathering
- Passive Information Gathering
- Active Information Gathering
-
OWASP Top 10 Vulnerabilities
A1 : Injection
- HTML Injection
- SQL Injection
- XML/Xpath Injection
- iFrame Injection
- LDAP Injection
- Command Injection
- Code Injection
- Server Sides Include (SSI) Injection
-
A2 : Broken Authentication & Session Management
- Bruteforce Login
- Insecure Login forms
- Session Fixation
- Cookies
- Captcha Bypassing
-
A3 : Cross Site Scripting (XSS)
- Relflected XSS
- Stored XSS
- DOM XSS
- PATH XSS
- RPO XSS
- XSS Exploitation with BeeF ( Browser Exploitation
Framework )
- XSS Exploitation with Xenotix ( XSS Framework for Windows )
-
A4 : Insecure Direct Object Reference (IDOR)
- HTTP Verb Tampering
- Parameter Manipulation
-
A5 : Security Misconfiguration
- Arbitrary File Access
- (Cross Origin Resource Sharing) CORS Misconfiguration
- Denial Of Service (HTTP Flood)
- Denial Of Service (One Billion Laugh Attack)
- Man In The Middle
- Backup Files
- Robots File
-
A6 : Sensitive Data Exposure
- Weak Encoding
- HTML5 Web Storages
- Leaking Sensitive Credentials Files
-
A7 : Missing Functional Level Access Contorl
- Directory Traversal
- File Inclusion ( Remote & Local )
- Restricted Device Access
- Server Side Request Forgery (SSRF)
- XML External Entities (XXE) Attack
-
A8 : Cross Site Request Forgery
- CSRF for both GET & POST methods
- Basic SOP (Same Origin Policy) Bypass
-
A9 : Using Components with known vulnerabilities
- Using public exploits
-
A10: Unvalidated Redirects & Forwards
- Open Redirect Vulnerabilities
- Redirect XSS
-
Others Web Attacks
- File Upload Vulnerabilities
- Basic of Web application Obufscation
-
Password Cracking
- Online Password Cracking
- Offline Password Crackingdescription