Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access

Modern IT systems are increasingly complex, making full-stack expertise more essential than ever. That's why diving into full-stack pentesting is crucial—you will gain the skills needed to master modern attack vectors and implement effective defensive countermeasures.

For each attack, vulnerability and technique presented in this training, there is a lab exercise to help you develop your skills step by step. What's more, when the training is over, you can take the complete lab environment home to hack again at your own pace.

I found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this training I'll share my experience with you.

Key Learning Objectives
After completing this training, you will have learned about: 

• Hacking cloud applications
• API hacking tips & tricks
• Data exfiltration techniques
• OSINT asset discovery tools
• Tricky user impersonation
• Bypassing protection mechanisms
• CLI hacking scripts
• Interesting XSS attacks
• Server-side template injection
• Hacking with Google & GitHub search engines
• Automated SQL injection detection and exploitation
• File read & file upload attacks
• Password cracking in a smart way
• Hacking Git repos
• XML attacks
• NoSQL injection
• HTTP parameter pollution
• Web cache deception attack
• Hacking with wrappers
• Finding metadata with sensitive information
• Hijacking NTLM hashes
• Automated detection of JavaScript libraries with known vulnerabilities
• Extracting passwords
• Hacking Electron applications
• Establishing reverse shell connections
• RCE attacks
• XSS polyglot
• and more …

What Students Will Receive
Students will be handed in a VMware image with a specially prepared lab environment to play with all attacks, vulnerabilities and techniques presented in this training. When the training is over, students can take the complete lab environment home (after signing a non-disclosure agreement) to hack again at their own pace.
  
Special Bonus
The training price includes FREE access to my 6 online courses:

• Fuzzing with Burp Suite Intruder
• Exploiting Race Conditions with OWASP ZAP
• Case Studies of Award-Winning XSS Attacks: Part 1
• Case Studies of Award-Winning XSS Attacks: Part 2
• How Hackers Find SQL Injections in Minutes with Sqlmap
• Web Application Security Testing with Google Hacking

DAY 1
1. Hacking cloud applications (90 minutes)

• Amazon S3: directory listing via AWS CLI tool
• Amazon S3: bruteforcing buckets
• Amazon S3: bruteforcing objects in a given bucket
• Amazon EC2: reading the SecretAccessKey (3 techniques)
• Bypassing Cloudflare firewall

2. API hacking tips & tricks (60 minutes)

• API hacking with X-HTTP-Method-Override:
• API hacking with X-Override-URL:
• API hacking with callback
• API hacking with JSON enforcement (in request)
• API hacking with JSON enforcement (in response)

3. OSINT asset discovery tools (60 minutes)

• Subdomain enumeration with dnscan and amass
• Subdomain enumeration with Certificate Transparency log
• Subdomain enumeration with SubDomainizer
• Domain enumeration with nerdydata.com
• Top-level domain enumeration with dnscan

4. Hacking with special characters (45 minutes)

• Visual impersonation with ASCII control characters
• Visual impersonation with Unicode control characters
• XSS via response splitting

5. XML attacks (45 minutes)

• XML External Entity attack (XXE)
• XML XInclude attack
• XSS via XML

6. Server-side template injection (SSTI) (60 minutes)

• RCE via template injection in PHP Smarty
• RCE via template injection in Python Jinja
• RCE via template injection in Java FreeMarker

7. Hacking git repos (45 minutes)
- gitleaks (finding sensitive data based on regular expressions)
- trufflehog (finding sensitive data based on entropy checking)
- dumping git repo with git-dumper
- finding sensitive data in git commit history

DAY 2
1. Google hacking techniques (45 minutes)

• finding directory listings and backup files
• finding SQL syntax errors
• finding URLs with API keys
• finding internal server errors
• finding insecure HTTP web pages

2. Automated SQL injection detection and exploitation (45 minutes)

• sqlmap: full test case coverage, dumping database table entries
• sqlmap: installing a backdoor (from SQL injection to remote code execution)
• sqlmap: bypassing web application firewalls with tamperscripts

3. File read attacks (60 minutes)

• Alternate Data Streams notation
• 8dot3 notation
• Windows NTFS (2 techniques)

4. Data exfiltration tools and techniques (90 minutes)
- DNS exfiltration using dnscat2
- ICMP exfiltration using Data Exfiltration Toolkit
- text-based steganography using cloakify
- image-based steganography exfiltration using LSBSteg
- video-based steganography using CCVS

5. GitHub hacking techniques (45 minutes)

• web config files
• database config files
• private keys
• IDE config files
• Amazon AWS keys

6. Non-standard XSS attacks (30 minutes)

• XSS attack with two slashes
• XSS via URL

7. Smart password cracking with hashcat (45 minutes)

• cracking NTLM password
• cracking password-protected PDF document
• benchmarking

8. Other tools and techniques (45 minutes)

• Retire.js: finding JavaScript libraries with known vulnerabilities
• Extracting passwords with LaZagne
• NTLM hash hijacking with Responder

DAY 3

1. File upload attacks (45 minutes)

• via .htaccess
• via SVG file
• via AddHandler

2. CLI hacking scripts (60 minutes)

• using waybackurls
• using photon
• using nmap + nikto
• nmap vs. masscan

3. Hacking with wrappers (60 minutes)

• RCE with data: wrapper
• RCE with php://input wrapper
• RCE with zip: wrapper

4. NoSQL injection detection and exploitation (45 minutes)

• Elasticsearch
• MongoDB
• CouchDB

5. Bypassing restrictions (60 minutes)

• with X-Forwarded-For:
• with Forwarded:
• with IP address
• with hex encoding in JavaScript

6. Modern full-stack web attacks (45 minutes)

• HTTP parameter pollution
• Web cache deception attack

7. Hacking Electron applications (45 minutes)

• from XSS to RCE
• from insecure framing to RCE

8. Miscellaneous (45 minutes)

• Finding metadata with exiftool
• Reverse shell connection with ShellPop
• XSS polyglot

• penetration testers / ethical hackers / red and blue team members / SOC analysts, 
• software developers / software testers / security engineers / security consultants 

To get the most of this training intermediate knowledge of web application security is needed.
Students should have experience in using a proxy, such as Burp Suite Proxy or Zed Attack Proxy (ZAP), to analyze or modify the traffic.
Anyone who has completed a course in web/network/cloud/system security would be an advantage.