Null offensive hacking hands-on training.
Proposed sessions for this event:
- Exploiting OAuth 2.0 Protocol by Mihir Shah
- REST API Pentesting by Mihir Shah
REST API Pentesting & Exploiting OAuth 2.0 Protocol
Workshop Objective:
To help the attendees understand OAuth 2.0 Protocol and the approach for REST API Pentesting.
Table of Contents:
•Exploiting OAuth 2.0 Protocol
◦Understanding OAuth 2.0 authentication protocol
◦Exploitation Methods
◦Exploit Demo: Forcing a malicious app installation
◦Miscellaneous Attacks: Directory traversal, Domain tricks, etc.
•REST API Pentesting
◦Understanding REST API
◦Setting-up the Test Environment
◦Testing the Developer API
◦Exploiting the API (Scope-based, Role-based, IDOR testing)
◦Enumerating Endpoints (e.g., through parameter fuzzing, etc.)
Software Prerequisites:
Attendees must ensure that they have following mandatory before attending the session:
1. A laptop
2. A working internet connection
3. Mutillidae setup
4. Download and setup the Virtual Machine that has all the tools setup from google drive https://drive.google.com/file/d/1hTrPl5n76neHBuRz5nQaSZLtr1Wc0XXv/view?usp=drivesdk
All the required per-requisites are packaged in to an Ubuntu VM except for the Mutillidae. You can use the download links below to complete the initial setup:
Download links:
1. Mutillidae: https://sourceforge.net/projects/mutillidae/
2. VM Download Link :https://drive.google.com/file/d/1hTrPl5n76neHBuRz5nQaSZLtr1Wc0XXv/view?usp=drivesdk
| Date | Saturday October 06 2018 |
|---|---|
| Chapter | Bangalore |
| Registrations | 43 |
| Max Registrations | 45 |
| Event Type | Invite Only |
| Start Time | 09:30 AM |
| End Time | 04:30 PM |
Session Schedule
| Name | Speaker | Start Time | End Time | Resources |
|---|---|---|---|---|
| Exploiting OAuth 2.0 Protocol | Mihir Shah | 09:30 AM | 01:30 PM | |
| Lunch | 01:30 PM | 02:15 PM | ||
| REST API Pentesting | Mihir Shah | 02:15 PM | 04:30 PM | |