Workshops/Web Hacking: Difference between revisions
Line 53: | Line 53: | ||
donating it to the space or becoming a member | donating it to the space or becoming a member | ||
==Location== | ===Location=== | ||
It's in the quiet room at Lab 24 | It's in the quiet room at Lab 24 |
Revision as of 07:05, 24 April 2011
Workshop #2
While the masses demanded the 15th May, this isnt a democracy. Due to the Ardino workshop on the same day who will also be after the quiet room, I've decided upon the 21st of May, 1300 - ~1700.
Details of workshop #2
We will be covering
- CSRF
- Blind SQL Injection
- How to turn SQL injection into owning the box outright
- If anyone has anything else they'd like to look at, say so
You will need the following equipment and software
- A portable computer which can access the space's wireless network Firefox
- The Sun/Oracle Java Runtime Environment (JRE)
- Burp Suite ( pro or demo version from http://portswigger.net/ )
- Netcat (easy to use) or socat (a bit of a pain, but awesomely powerful)
- All of these tools will run on Mac/Windows/Linux/BSD, take your pick
You will need the following skills
- A basic understanding of Stored and Reflected XSS
- A basic understanding of SQL Injection
- A little practice of using Burp Suite
- A vague understanding of HTTP
Workshop #1 rerun
If you do not have these skills, a quick rerun of workshop #1 will be running form 1030-1230
For this you will just need
- Firefox
- The Sun/Oracle Java Runtime Environment (JRE)
- A portable computer which can access the space's wireless network
- General computer literacy and half a brain
- TO BE ON TIME! *
* Last time some people arrived late and after a point I just didnt
have time help them get setup and to troubleshoot their laptops.
Proposed Topics
CSRF
A Real Audit One Click Orgs
Other Details
It's free
If anyone attempts to pay me this time around, I'll be taking your cash and putting it towards some good whiskey. Instead id recommend donating it to the space or becoming a member
Location
It's in the quiet room at Lab 24
Resources
anders - A vulnerable webserver available for practice
Workshop #1
Was held on the 16th of April.
Apologies / Request for repeat
- Andrew Black. Afraid I have a memorial service to go to. Would have liked to have come