WEB-300 - Advanced Web Attacks and Exploitation (AWAE/OSWE)

The WEB-300 course is ideal for experienced penetration testers and security professionals seeking to master advanced web application attacks and exploitation techniques, ultimately earning the OSWE certification.

Upon completing WEB-300 and successfully passing the OSWE exam, you’ll have mastered advanced web application security methodologies, including:

• In-depth vulnerability analysis and exploitation
• Custom exploit development
• Bypassing modern web application defenses
• Exploiting authentication and authorization flaws
• Attacking API endpoints and cloud-native applications

Introduction

• About the AWAE Course
• Our Approach
• Obtaining Support
• Offensive Security AWAE Labs
• Reporting
• Backups
• About the OSWE Exam

Tools & Methodologies

• Web Traffic Inspection
• Interacting with Web Listeners using Python
• Source Code Recovery
• Source Code Analysis Methodology
• Debugging

ATutor, Authentication, Bypass and RCE

• Initial Vulnerability Discovery
• A Brief Review of Blind SQL Injections
• Digging Deeper
• Data Exfiltration
• Subverting the ATutor Authentication
• Authentication Gone Bad
• Bypassing File Upload Restrictions
• Gaining Remote Code Execution

ATutor LMS Type, Juggling Vulnerability

• PHP Loose and Strict Comparisons
• PHP String Conversion to Number
• Vulnerability Discovery
• Attacking the Loose Comparison

ManageEngine, Applications Manager, AMUserResourcesSyn, cServlet SQL Injection, RCE

• Vulnerability Discovery
• How Houdini Escapes
• Blind Bats
• Accessing the File System
• PostgreSQL Extensions
• UDF Reverse Shell
• More Shells!!!

Bassmaster NodeJS, Arbitrary JavaScript, Injection Vulnerability

• The Bassmaster Plugin
• Vulnerability Discovery
• Triggering the Vulnerability
• Obtaining a Reverse Shell

DotNetNuke Cookie, Deserialization RCE

• Serialization Basics
• DotNetNuke Vulnerability Analysis
• Payload Options
• Putting It All Together

ERPNext, Authentication Bypass and Server Side Template Injection

• Introduction to MVC, Metadata-Driven Architecture, and HTTP Routing
• Authentication Bypass Discovery
• Authentication Bypass Exploitation
• SSTI Vulnerability Discovery
• SSTI Vulnerability Exploitation

openCRX, Authentication Bypass  and Remote Code, Execution

• Password Reset Vulnerability Discovery
• XML External Entity Vulnerability Discovery
• Remote Code Execution

openITCOCKPIT XSS and OS Command  Injection – Blackbox

• Black Box Testing in openITCOCKPIT
• Application Discovery
• Intro To DOM-based XSS
• XSS Hunting
• Advanced XSS Exploitation
• RCE Hunting

Concord, Authentication Bypass to RCE

• Authentication Bypass: Round One - CSRF and CORS
• Authentication Bypass: Round Two - Insecure Defaults

Server-Side Request, Forgery

• Introduction to Microservices
• API Discovery via Verb Tampering
• Introduction to Server-Side Request Forgery
• Render API Auth Bypass
• Exploiting Headless Chrome
• Remote Code Execution

Guacamole Lite, Prototype Pollution

• Introduction to JavaScript Prototype
• Prototype Pollution Exploitation
• EJS Handlebars

Conclusion

• The Journey So Far
• Exercises and Extra Miles
• The Road Goes Ever On

While there are no formal certification prerequisites, it’s strongly recommended that you have:

• Comfort reading and writing at least one coding language
• Familiarity with Linux
• Ability to write simple Python / Perl / PHP / Bash scripts
• Experience with web proxies
• General understanding of web app attack vectors, theory, and practice