Null offensive hacking hands-on training.

Proposed sessions for this event:

• Penetration Testing Web Application and Web Services with Burpsuite by Praveen Kumar K
• Penetration Testing Web Application and Web Services with Burpsuite by Arun.S

Registrations will close on May 4th 10:00 PM or when the registration count reaches 40 (which ever happens first). Only the participants who registered will be sent a confirmation email with the venue details.

Topics

Burp Suite Essentials

• Basics of burp suite and Proxy configuration, local and remote proxy.
• Invisible proxy for thick clients
• Import Burp SSL cert in Firefox
• Site map, Scope, filters, highlight , Compare site map
• Socks proxy – SSH, Tor
• Spider, Repeater, Sequencer, Decoder, Comparer, Project Options, User Options, Alerts.

Burp Suite Tips and Tricks
• User Options
• History auto scroll

Burp Suite Intruder
• Limitations of burp free version intruder ,
• compensating with dirbuster and other brute force tools
• Payload from seclist
• Payload processing
• Grep match

Burp Suite Extensions
• Free and Pro Extensions
• Automatic and Manual Installations – setting lib in folder
• Default Data parsing by burp - Parameters, XML, AMF, Viewstate
• Data Parsing with Extensions - Json Decoder, javascript

Pen testing Web application and Web service with Burp Suite
• Mapping Web application
• OWASP Top 10 vulnerabilities
• Chain Postman with Burp for web services testing

Please read the following hardware and software pre-requisites carefully. This will enable us to have a smooth, hassle free session.

Hardware pre-requisites (Mandatory)

• A laptop capable of running Virtual Box. You can test this by installing Virtual Box and creating a test VM.
• Atleast 4 GB of RAM
• Atleast 20 GB of free space (to copy the VM that will be distributed)
• x64 bit Laptop with full administrative access to avoid the setup issues.

Software pre-requisites (Mandatory)
• Oracle Virtual Box (Any version higher than 5.1). Please install this and come before the session. VMWare folks will be on their own.
• You can also download the Virtual Box Setup, Extension Packs, .ova file & other tools from this link: Link
• Please import the shared.ova file in Virtual Box before coming to the session and make sure it’s up & working. (If you couldn’t setup, please come to the venue 30mins prior to the session.)
• Burp Suite Free Edition (Jar File).
• Firefox/Chrome with Foxy Proxy/Proxy Switchy Sharp Add-on.