We teach the following technical and business logic issues related to web applications and after all topics we push the students to solve our CTFs.<\/p>\n\n\n\n
| Information\n Gathering via Whois Query<\/td><\/tr> |
| Try to find out all websites hosted on\n same IP address.<\/td><\/tr> |
| Try to\n find out all websites via reverse dns queries<\/td><\/tr> |
| Try to find out all subdomians of the all\n target domains<\/td><\/tr> |
| Perform a full TCP\/UDP port scan for all\n website’s IP address.<\/td><\/tr> |
| Try to identificate new web interfaces on\n the different TCP ports.<\/td><\/tr> |
| Look at the Google search engine to find\n out subdomins. Google dorks.<\/td><\/tr> |
| Information gathering(subdomains,leaked\n credentials) via Pastebin\/Github <\/td><\/tr> |
| Try to find out new subdomain via DNS\n Dumpster<\/td><\/tr> |
| Perform a bruteforce to DNS server with a\n good wordlist to identificate new subdomains.<\/td><\/tr> |
| Analyse error message, banner information\n etc for information gathering.<\/td><\/tr> |
| Look at the Archive.org records<\/td><\/tr> |
| Try to perform subdirectory tests<\/td><\/tr> |
| Identificate Directory Listing\n Vulnerabilities by visiting subdirectory<\/td><\/tr> |
| Identificate Directory Listing via Google\n Dork<\/td><\/tr> |
| Try to gather information via robots.txt,\n elmah.axd, trace.axde<\/td><\/tr> |
| Elmah.axd and Trace.axd Session Stealing\n Tests<\/td><\/tr> |
| Try to identificate target operation\n systems, databases etc<\/td><\/tr> |
| Try to find out new files under\n discovered new subdirectories with different extensions<\/td><\/tr> |
| Try to identificate used CMS application\n on the target system<\/td><\/tr> |
| Scan this CMS application with special\n tools.<\/td><\/tr> |
| Try to identificate installed plugins of\n these CMS and known vulnerabilities on this plugins<\/td><\/tr> |
| Search all known vulnerabilities related\n to CMS version<\/td><\/tr> |
| Try to identificate admin pages\n identification of the target websites.<\/td><\/tr> |
| Try to check if there is any backdoor on\n the target systems with known web backdoors<\/td><\/tr> |
| Data transmission security chekcs(HTTP\n usage, without HSTS header,unsecure SSL\/TLS etc)<\/td><\/tr> |
| Discover dangerous HTTP method usage such\n as PUT and DELETE<\/td><\/tr> |
| Username enumeration tests via error or\n warning messages<\/td><\/tr> |
| Username enumeration via mis-developments<\/td><\/tr> |
| Brute force testing for web form fields.<\/td><\/tr> |
| Try to bypass WAF systems<\/td><\/tr> |
| Manuel crawling of the target\n applications<\/td><\/tr> |
| Find out all input fields throughout the\n target applications<\/td><\/tr> |
| Hidden form fields tests<\/td><\/tr> |
| Source code review of HTML and javascript\n files<\/td><\/tr> |
| Identifiying and abusing of unused\n captcha forms<\/td><\/tr> |
| CSRF vulnerability check on the sensitive\n functions of the targets<\/td><\/tr> |
| Anti-CSRF token bypass techniques<\/td><\/tr> |
| Session manipulation tests<\/td><\/tr> |
| Cookie attributes tests<\/td><\/tr> |
| Session id weaknesses tests<\/td><\/tr> |
| Vulnerabilities on the login functions<\/td><\/tr> |
| Login function(authentication) bypass\n techniques<\/td><\/tr> |
| Known and published vulnerabilites on the\n targets<\/td><\/tr> |
| Two-factor authentication bypass\n techniques<\/td><\/tr> |
| Session fixation tests<\/td><\/tr> |
| Directory traversal vulnerabilities<\/td><\/tr> |
| Authorization issues<\/td><\/tr> |
| Try to access other user asssets\n unauthorized(files,private assets)<\/td><\/tr> |
| IDOR tests<\/td><\/tr> |
| Try to find out weaknesses on the logout\n function of targets<\/td><\/tr> |
| Privilage escalation tests with different\n role users<\/td><\/tr> |
| Focus on just business logic issues of\n the target’s functions<\/td><\/tr> |
| HTTP Header tests<\/td><\/tr> |
| User agent manipulation test<\/td><\/tr> |
| X-Forwarded-For Restriction bypass tests.<\/td><\/tr> |
| XSS Tests(reflected,stored,dom,blind)<\/td><\/tr> |
| Sql Injection Tests<\/td><\/tr> |
| Code injection tests<\/td><\/tr> |
| Command Execution tests<\/td><\/tr> |
| SSRF Tests(local,remote)<\/td><\/tr> |
| LFI\/RFI tests<\/td><\/tr> |
| Try to focus on web servis\n tests(ASMX,restful,WCF)<\/td><\/tr> |
| Business and technical tests on the web\n services<\/td><\/tr> |
| Spesific tests for related to used\n technologies(nodejs,ajax,frameworks etc)<\/td><\/tr> |
| Try to use right attack vectos depands on\n used database\/development platforms<\/td><\/tr> |
| Password reset functionality abuse\n testing<\/td><\/tr> |
| Takeover account via spesific\n functionality of the targets(password change,reset etc)<\/td><\/tr> |
| Image Captcha’s size manipulation DoS\n tests<\/td><\/tr> |
| Application Level DoS tests(abusing\n functions,BoF etc)<\/td><\/tr> |
| Session timeout tests<\/td><\/tr> |
| Secure,httponly,HSTS header usage tests<\/td><\/tr> |
| Advenced authentication and authorization\n tests.<\/td><\/tr> |
| Open Redirection Tests<\/td><\/tr> |
| File upload tests(command\n execution,stored xss,DoS)<\/td><\/tr> |
| LDAP Incjection tests<\/td><\/tr> |
| XML injection tests<\/td><\/tr> |
| Xml External Entity(XXE) tests<\/td><\/tr> |
| Buffer over flow tests<\/td><\/tr> |
| Login bypass,DoS via Long payload usage<\/td><\/tr> |
| HTTP Response Splitting tests(XSS PoC)<\/td><\/tr> |
| HTTP Parameter Pollution Tests(Bypass WAF\n PoC)<\/td><\/tr> |
| Iframe Injection tests<\/td><\/tr> |
| LFI via Iframe injections<\/td><\/tr> |
| XSS tests via drag-drop<\/td><\/tr> |
| XSS tests via filen names of uploaded\n files<\/td><\/tr> |
| Try to discover technical web\n vulnerabilities via Google dorks<\/td><\/tr> |
| Signup Function Tests(takeover\n account,XSS,SQL or many business logic bugs)<\/td><\/tr> |
| Code execution via uploadable excel files<\/td><\/tr> |
| Try to discover advenced injection points\n via FUZZing(wfuzz)<\/td><\/tr> |
| Try to enforce the targets to get\n sensitive informations via error messages<\/td><\/tr> |
| Vulnerabilities on the webserver versions<\/td><\/tr> |
| Try to determine remotely the encrytion\n sitiuations of the passwords on the target database.<\/td><\/tr> |
| SWF,JAR files decompiling tests If we\n have on the targets<\/td><\/tr> |
| Code execution via SMTP\/IMAP<\/td><\/tr> |
| Spesific wordlist creation (crunch,cewl)<\/td><\/tr> |
| Phpmyadmin Vulnerabilities(Directory\n listing,bruteforce,XSS etc)<\/td><\/tr> |
| Code execution via Phpmyadmin with mysql\n into outfile function<\/td><\/tr> |
| URL Poisioning Tests<\/td><\/tr> |
| Try to use bypassing methos for all\n technical vulnerabilities<\/td><\/tr> |
| DoS via Code Injection<\/td><\/tr> |
| Default or predictable password usage\n tests<\/td><\/tr> |
| Post-exploitation via accessed\n systems(tomcat,wordpress etc)<\/td><\/tr> |
| Clickjacking Vulnerability Tests on the\n important function of the targets<\/td><\/tr> |
| Full Automate scan all websites<\/td><\/tr><\/tbody><\/table>\n\n\n\n <\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" We teach the following technical and business logic issues related to web applications and after all topics we push the students to solve our CTFs. Information Gathering via Whois Query Try to find out all websites hosted on same IP address. Try to find out all websites via reverse dns queries Try to find out […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-329","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.ebruu.com\/index.php\/wp-json\/wp\/v2\/pages\/329","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ebruu.com\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.ebruu.com\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.ebruu.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ebruu.com\/index.php\/wp-json\/wp\/v2\/comments?post=329"}],"version-history":[{"count":3,"href":"https:\/\/www.ebruu.com\/index.php\/wp-json\/wp\/v2\/pages\/329\/revisions"}],"predecessor-version":[{"id":333,"href":"https:\/\/www.ebruu.com\/index.php\/wp-json\/wp\/v2\/pages\/329\/revisions\/333"}],"wp:attachment":[{"href":"https:\/\/www.ebruu.com\/index.php\/wp-json\/wp\/v2\/media?parent=329"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}} |