[Dailydave] INFILTRATE TRAINING: Websploitation
Dave Aitel
dave at immunityinc.com
Mon Mar 9 10:49:13 EDT 2015
We renamed all of our training to be extra witty, but witty is the same
thing as confusing especially when combined with ICQ decodes in IPS
products that contain exploitable buffer overflows in them.
See what I did there? No? Ok, nevermind. According to Ben Nagy I am "not
funny".
Anyways, I wanted to point out that the cleverly named "Websploitation"
class is really two classes. The first two days cover SQLi and XSS and
XXE and all the things you see a modern penetration tester use, all very
hands on, but things you've heard of. The third day is a "stretch day"
which covers web crypto. I love this day, because you can have people
who already are good penetration testers come in and then get their
minds blown about Padding Oracle attacks and various wacky crypto
tricks. It's fun. We've put a lot of work into building special purpose
web applications to visualize and teach the concepts here.
Anyways, join us for the class!
Thanks,
Dave Aitel
Immunity, Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150309/b94bfaf3/attachment.sig>
More information about the Dailydave
mailing list