All the workshop sessions of #Hacktivity2020 can be found on this page. We reserve the right to change the program.
Have you ever wondered what it would take to hack a video game? Would it be perhaps years of programming or certain hacking experiences? Could it be watching zeroes and ones for hours in a dark room? Or probably an expensive program running only on Linux?
Let me introduce to you Cheat Engine, an open source free tool for Windows. It was developed to figure out and manipulate the behavior of applications, primarily intended to hack single player computer games.
Join me at this beginner friendly workshop, and I will reveal to you how to avoid bombs on a minefield, heal from bullet wounds, and defeat mighty foes… Well, at least in video games.
This hands-on workshop focuses on the techniques of finding security weaknesses in mobile apps that may exist on the world’s most popular mobile platform, Android. During this workshop, the students will learn about the important topics concerning android app security such as the Android security model, Framework security features, Android application components, Static reverse-engineering, Runtime analysis and Network traffic manipulation.
Table of Contents
Following is the list of concepts which will be covered in the workshop:
Android app security model
Application components & exploitation
Static reverse engineering
Network traffic interception
Dynamic Binary instrumentation
Bypassing client-side defenses
Android app vulnerability classes
Vulnerability discovery automation
Prerequisites: The workshop is aimed at an audience with a basic to intermediate application-security skill level. It is expected that attendees are familiar with basic web application security testing methodology and are comfortable with Linux/Unix like command-line tools.
Materials: The setup to cover all exercises is a Linux/Mac OS X laptop with Android Studio, Burp Suite Community Edition and Google Chrome installed. All exercises can be done using the Android simulators. A physical mobile device is not necessary.
Web applications are the front doors of any organization. In order to protect them, we need to find and fix vulnerabilities before they are identified and exploited by malicious attackers. If you want to learn more about these attacks and how we can prevent them; this may be a good opportunity for you.
In this workshop, we exploit some of the most common vulnerabilities in a deliberately insecure web application, while I share my experiences as a penetration tester.
Requirements:
– Windows or Linux operating system with local admin rights
– Java 11
– Kali Linux preferred
– Virtual machines are also suitable
Quick introduction to common active directory attacks
You will learn main (well- and little-known) threats to web application security. To avoid expatiating on the topic, we will explore vulnerabilities and reports published on HackerOne and Bugcrowd and solve several real-life tasks.
You will find out what requires attention when it comes to testing and implementing various functionalities in web applications and what can happen in case of untimely use of certain functions.
Who is it for?
IT and cybersecurity specialists, developers, QA experts, system administrators, and novice bug hunters.
Agenda:
• Modern threats – ranging from forgotten files to authentication issues
• Protection scenarios – all the necessary steps during web application development and the fundamental principles of web application security
• 20/80 – theory and further analysis with the use of specific examples and practice assignments
Why should you use default passwords? Why do PreparedStatements complicate the code? Is the possibility of embedding JavaScript code a bug or a feature? During our workshop you will learn the answers to all these questions.
We’ll try to boost likes on social networks, steal cryptocurrency, and gain access to the user greatest secrets. Moreover, you will discover the ways to prevent threats to your web application.
Web applications are the front doors of any organization. In order to protect them, we need to find and fix vulnerabilities before they are identified and exploited by malicious attackers. If you want to learn more about these attacks and how we can prevent them; this may be a good opportunity for you.
In this workshop, we exploit some of the most common vulnerabilities in a deliberately insecure web application, while I share my experiences as a penetration tester.
Requirements:
– Windows or Linux operating system with local admin rights
– Java 11
– Kali Linux preferred
– Virtual machines are also suitable
This class will focus on specific areas of application security and on advanced vulnerability identification and exploitation techniques of the most complex of the server side bug classes. The class will completely be hands-on where the attendees can learn to identify and exploit typical scenarios of server side vulnerabilities, which often go undetected by any modern application security scanner. The 4-hour course is handwoven in such a way that will enable the attendees to manually identify and tackle through such scenarios that they may come across in real life during their work or bug bounty.
Have you ever wondered what it would take to hack a video game? Would it be perhaps years of programming or certain hacking experiences? Could it be watching zeroes and ones for hours in a dark room? Or probably an expensive program running only on Linux?
Let me introduce to you Cheat Engine, an open source free tool for Windows. It was developed to figure out and manipulate the behavior of applications, primarily intended to hack single player computer games.
Join me at this beginner friendly workshop, and I will reveal to you how to avoid bombs on a minefield, heal from bullet wounds, and defeat mighty foes… Well, at least in video games.
In Fuzzing 101, we will cover a detailed overview of fuzzing and how it works.
How fuzzing can be beneficial to professionals in uncovering security vulnerabilities.
You will learn main (well- and little-known) threats to web application security. To avoid expatiating on the topic, we will explore vulnerabilities and reports published on HackerOne and Bugcrowd and solve several real-life tasks.
You will find out what requires attention when it comes to testing and implementing various functionalities in web applications and what can happen in case of untimely use of certain functions.
Who is it for?
IT and cybersecurity specialists, developers, QA experts, system administrators, and novice bug hunters.
Agenda:
• Modern threats – ranging from forgotten files to authentication issues
• Protection scenarios – all the necessary steps during web application development and the fundamental principles of web application security
• 20/80 – theory and further analysis with the use of specific examples and practice assignments
Why should you use default passwords? Why do PreparedStatements complicate the code? Is the possibility of embedding JavaScript code a bug or a feature? During our workshop you will learn the answers to all these questions.
We’ll try to boost likes on social networks, steal cryptocurrency, and gain access to the user greatest secrets. Moreover, you will discover the ways to prevent threats to your web application.