TRAINING COURSES

HOME   /   TRAINING   /   FULL-STACK PENTESTING LABORATORY

Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime Lab Access

Instructed by Dawid Czagan

Modern IT systems are complex and it’s all about full-stack nowadays. To become a pentesting expert, you need to dive into full-stack exploitation and gain a lot of practical skills. That’s why I created the Full-Stack Pentesting Laboratory.

For each attack, vulnerability and technique presented in this training there is a lab exercise to help you master full-stack pentesting step by step. What’s more, when the training is over, you can take the complete lab environment home to hack again at your own pace.

I found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this training I’ll share my experience with you. The content of this training has been carefully selected to cover the topics most frequently requested by professional penetration testers.

Classes are limited. Get registered!

Key Learning Objectives

After completing this training, you will have learned about:

  • Hacking cloud applications
  • API hacking tips & tricks
  • Data exfiltration techniques
  • OSINT asset discovery tools
  • Tricky user impersonation
  • Bypassing protection mechanisms
  • CLI hacking scripts
  • Interesting XSS attacks
  • Server-side template injection
  • Hacking with Google & GitHub search engines
  • Automated SQL injection detection and exploitation
  • File read & file upload attacks
  • Password cracking in a smart way
  • Hacking Git repos
  • XML attacks
  • NoSQL injection
  • HTTP parameter pollution
  • Web cache deception attack
  • Hacking with wrappers
  • Finding metadata with sensitive information
  • Hijacking NTLM hashes
  • Automated detection of JavaScript libraries with known vulnerabilities
  • Extracting passwords
  • Hacking Electron applications
  • Establishing reverse shell connections
  • RCE attacks
  • XSS polyglot
  • and more …

What Students Will Receive

Students will be handed in a VMware image with a specially prepared lab environment to play with all attacks, vulnerabilities and techniques presented in this training (*). When the training is over, students can take the complete lab environment home to hack again at their own pace. (*) The download link will be sent after signing a non-disclosure agreement and subscribing to my newsletter.

Special Bonus

The ticket price includes FREE access to my 6 online courses:

  • Fuzzing with Burp Suite Intruder
  • Exploiting Race Conditions with OWASP ZAP
  • Case Studies of Award-Winning XSS Attacks: Part 1
  • Case Studies of Award-Winning XSS Attacks: Part 2
  • How Hackers Find SQL Injections in Minutes with Sqlmap
  • Web Application Security Testing with Google Hacking

What Students Say About The Course(s)

References are attached to my LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: Training – training participants from companies such as Oracle, Adobe, ESET, ING, …

What Students Should Know

To get the most out of this training intermediate knowledge of pentesting and web application security is needed. Students should have experience in using a proxy, such as Burp Suite Proxy, or similar, to analyze or modify the traffic.

What Students Should Bring

Students will need a laptop with a 64-bit operating system, at least 8 GB RAM, 35 GB free hard drive space, administrative access, the ability to turn off AV/firewall, and VMware Player/Fusion installed (64-bit version). Prior to the training, make sure there are no problems with running 64-bit VMs (BIOS settings changes may be needed).

full-stack-2
  • LEVEL

Intermediate

  • FORMAT

Live-Online

  • DATE & LOCATION

November 27-29

  • DURATION

3 days

  • TARGET AUDIENCE

Penetration testers, red and blue team members, SOC analysts, software developers, security engineers

  • Standard Rate

Why choose the Center for Cyber Security Training

Interactive, classroom-based learning

Subject matter experts

Trusted by US government agencies

dawid-czagan
Dawid Czagan

Dawid is listed among Top 10 Hackers (HackerOne). He found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter and other companies, and due to the severity of many bugs, he received numerous awards for his findings. He happily shares his security bug hunting experience in hands-on trainings “Hacking Web Applications – Case Studies of Award-Winning Bugs in Google, Yahoo, Mozilla and More” and “Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation”. He had the pleasure to deliver security training courses at key industry conferences such as Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), DeepSec (Vienna), HITB GSEC (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and the government sector. He is the founder and CEO at Silesia Security Lab Dawid Czagan. He is also the author of online security courses.

His security work is acknowledged by the following companies:

  • Google
  • Yahoo
  • Mozilla
  • Twitter
  • Apple
  • Tesla
  • Coinbase
  • Slack
  • BlackBerry
  • D-Link
  • Atlassian
  • HackerOne
I really enjoyed the course! It was interesting to see a different perspective on penetration testing and ways of progressing from recon to initial access to escalating privilege and lateral movement.

- Robert L., Washington, DC

Want more information?

Download the Linux Kernel Internals & Development course outline now.

Upcoming Training Sessions

Private Basis (Live-Online)

Classes are limited.

Enroll Now.

Related Courses

Our classroom delivers the most in-demand content from the highest profile subject matter experts. Intense and interactive, our courses prepare students with actionable insight and proven strategies.

windows internal architecture

Windows Internal Architecture

Whether you analyze malware, perform security research, conduct forensic investigations, engage in adversary simulation or prevent it, or build security solutions for Windows, understanding how Windows works internally is critical to be effective at your task.

exploit-development-bootcamp

Exploit Development Bootcamp & Advanced

Our three-day Bootcamp will teach both basic & advanced techniques from a leading exploit developer. In our Advanced course, experienced students will learn how to write exploits that bypass modern memory protections for the Win32 platform in a fast-paced, interactive learning environment.

Looking for a course that's not here? We'd love to hear your suggestions!

Are you fully prepared to deal with today's increasing cyber security risks? We can help you get the training you need.

TRAINING INQUIRY

*We respect your privacy