Advanced Web Hacking – ZDResearch

xelkomy

 
Registered
Joined
Jan 14, 2020
Messages
3
Points
3
Advanced Web Hacking – ZDResearch

What Is Covered in this Course?

  • Advanced SQL Injection: From writing custom Double-Blind injection scripts to Second Order injections and Order-By injection clauses resulting in full system takeover, Advanced SQL Injection will cover all the necessary skills for mastering SQLI.
  • Command Injection: With command injection, students will be involved in creating Reverse Shells and Bind Shells which are able to bypass both filetype and filename filters. For completeness, in the ZDResearch Advanced Web Hacking Course other command injection methods are covered as well.
  • Code Injection: Going beyond the typical eval injection, code injection in “Advanced Web Hacking” covers file inclusions (LFI/RFI) and regular expression injections in addition to other types of code injection attacks.
  • Object Injection/Deserialization: An attack that is extremely popular these days is thoroughly and painstakingly detailed for the students particularly with respect to various Java applications.
  • XML XXE/XPath Injections: In this topic, the ZDResearch Advanced Web Hacking course covers injections related to the XML technology. This includes DOM and SAP parsers and XPath/XXE injections.
  • Reflective/Persistent/DOM XSS: With this skill, students will master all types of XSS. This allows students to have the skills necessary to bypass XSS blacklists and filters. An entirely new universe of different exploits applicable to XSS attacks will be covered as well.
  • CSRF: Here, students will forge requests to create new administrator accounts, gain complete access to the system, and bypass CSRF tokens in addition to other CSRF exploitation techniques.
  • HTML5 Attacks: This topic will encourage students to master HTML5-specific attacks from Video/Audio, CORS, CWM, WebSockets, Canvas/SVG, CSP, and Drag & Drop attacks.
  • Session Management Attacks: This topic will introduce students to session management and it’s potential vulnerabilities. This will allow students to accurately understand how attackers may manipulate sessions via session hijacking, session fixation, randomization attacks, etc.
  • Web Service Attacks: This skill provides students with the opportunity to master web service technologies including: REST, SOAP, WSDL, JWT, SAX, SSRF, etc. They will understand how each may be exploited to bypass access control, inject code and leak information which, taken together, results in an application being broken into.
  • Authentication & Authorization: Here, student learning will consist of modern authentication and authorization technologies such as RBAC, oAuth, etc. The topic covers what possible vulnerabilities exist in each of the respective technologies mentioned above. Students will then acquire the skills necessary to exploit these vulnerabilities, bypass CAPTCHAs, gain unauthorized access to systems, and escalate their privileges to root access.
  • Code Auditing: This will provide students the opportunity to understand how code auditing works, how static and dynamic code analysis technologies operate, what SMT and SAT solvers are, what their possible limitations are, how they can be bypassed, and how they can be used to discover new zeroday vulnerabilities within the context of web applications.
  • Other Attacks: Here, students will learn about bypassing WAFs. Attacks such as Open Redirect attacks, Denial of Service attacks, HTTP manipulation attacks, and human API attacks will also be covered in-depth in this chapter.

You Can See Here is Details.
https://zdresearch.com/training/advanced-web-hacking/

Download:-

Advanced Web Hacking – ZDResearch

cpd form Mohamed Gamal
 
Last edited by a moderator:

numaN

Growth Hacker
Staff member
Administrator
Joined
Sep 11, 2019
Messages
49
Points
18
Wow, great sharing! Thank you...
 

deepak

 
Registered
Joined
Mar 31, 2020
Messages
1
Points
1
i am not able to download this file, could you please provide me another link for this course.
 

numaN

Growth Hacker
Staff member
Administrator
Joined
Sep 11, 2019
Messages
49
Points
18
Links has been renewed, but I dont recommend you to install unofficial documents, they may include malware, also its better to support the author. @deepak @Logarech
 
Top