Skill Up!

An action packed training course is focused on teaching the attendees, skills required to perform penetration testing of Android & iOS applications in the real world. The training is given using real-world like application as the target, specially designed for the training purpose.

The training course is focused on teaching the skills required to perform penetration testing of Android & iOS applications. The  training is given using a real-world like application as a target. The course includes unique, actuality-based vulnerabilities. The attendees will understand the concept behind each vulnerability, and then exploit the vulnerability on the target application. The flow of the course is designed to ensure which ensures that the attendees understand each concept and are able to discover and exploit the vulnerabilities themselves. Training includes uncovering and employing some of the unique vulnerabilities of famous mobile applications.

Some of the vulnerabilities and topics covered in the training include:

• Static analysis to remote code execution
• Static analysis to application compromise
• User detail compromise through broadcast
• Insecure file storage, leading to full account takeover (Android & iOS)
• Insecure application components and exploitation
• Insecure application screens and exploitation
• Unintended sensitive data leakage
• Bypassing application logic (logical vulnerability)
• Deep linking and exploitation
• Hacking mobile APIs (vulnerabilities in API)
• Reverse engineering the application
• Performing static and dynamic analysis on the application
• Finding and exploiting real-world vulnerabilities
• Several Frida-tools use cases
• Bypassing security controls like SSL pinning, root detection, obfuscation etc
• Attacking APIs for vulnerabilities

Web applications are one of the critical targets for hackers, and it is becoming extremely difficult to keep up with the rapidly advancing attacks. Advance Web Application Hacking is a fully hands-on training focused on the web application (and API) vulnerabilities. The training takes one on a journey of finding and exploiting medium to critical severity vulnerabilities like Blind XSS, IDOR, XML External Entity attack (error & out-of-band exploitation), and Insecure deserialisation leading to reverse shell access, Server side request forgery, Server side template injection, Command injection, Remote file injection, Hacking vulnerable software with public exploits, etc.

Some of the fascinating things attendees will learn:

• Finding & exploiting Cross-Site Scripting (Reflected, DOM, Blind)
• Hacking JSON Web Tokens
• Insecure Direct Object Reference
• SQL Injection (Error based & time-based exploitation)
• XML External Entity Attack (Data extraction with XXE & Out Of Band exploitation)
• Server-Side Request Forgery (Out of Band SSRF exploitation, SSRF on AWS)
• Server-Side Template Injection (Getting reverse shell by exploiting SSTI)
• Insecure De-serialisation (Reverse shell with insecure de-serialisation)
• Remote File Inclusion
• Command Injection to reverse shell

As organisations move to the cloud, it’s significant to keep the data and infra safe? During this course, you will polish the fundamentals of cloud computing and the skills required to audit the cloud infrastructure like GCP, AWS, Azure, etc.

You'll learn these core skills:

• In-depth understanding of the full capabilities of cloud computing.
• Knowledge to effectively develop a holistic cloud security program relative to globally accepted standards
• Understand best practices for Identity and Access Management (IAM), cloud incident response, application security, data encryption, Security as a Service, and securing emerging technologies.

The Secure Coding training program is designed for developers to get fully engaged with guarded coding practices through 100% hands-on challenges for participants to bake security features into their code right from the start. Secure Coding Training makes it fun for developers to identify and fix security issues as they code, follow best practices, and write secure software at speed – making security an intrinsic part of their process.

The evolution of civilization and connection through modern technology has made data security a crucial concern. While the number of cyberattack incidents is increasing, it becomes necessary for companies to enhance employees’ knowledge about data security. It is of utmost importance to be aware of common security threats, data security , and securing the work environment.

This training is designed to demonstrate and teach the common methods of attacks used in the digital world, the basics of information security, and staying safe on the digital infrastructure. The training is designed specifically for people in non/less-technical backgrounds to teach them how to defend against various cyber attacks.