骇客攻略,从菜鸟到高手(网络安全工坊)
收起
This event is in English
Hack the Stack!
May 11th, 15:00-17:00
May 18th, 15:00-17:00
May 25th, 15:00-17:00
Hack the Stack is a 3-Part “full stack” hacking workshop series. By the time you are done with the second workshop, you will have enough tools to compete in our Capture the Flag Competition. We will walk through everything you see in the movies, and some things you don’t, so you can test the skills you learn during this workshop on real-world-applications, and secure them against other would-be hackers.
---
The whole tutorial will happen on browser. No virtual computer setup required!
REQUIREMENTS
(1st workshop)
- A web browser
- Heroku (cloud application platform, https://www.heroku.com/)
(2nd, 3rd Workshop)
- Text Editor
- A bash terminal (For Windows users, https://itsfoss.com/install-bash-on-windows/)
- Metasploit (https://www.metasploit.com/)
1. Set Up to Take Down
Deploy a nodeJS webapp that is used to test vulnerabilities in a live environment. Go over some ethics, bug bounty programs, etc. And “How to Think like a Hacker”.
2. JS Based Exploits
Cross Site Scripting Vulnerabilities. Eval is evil.
3. SQL Injections (a code injection technique)
Mining for bad forms. How to access the database once you’re in.
4. ReDoS
What is a regular expression? How can they go bad?
5. Components are (not) Secure
Outdated components. Untrustworthy components.
Part 2:
1. Get Smart on Servers
How do you get information about the server? Why is this information important?
2. Directory Traversal
3. The “root” of all problems
The problem with running applications at root. How to change root passwords.
4. Remote Code Execution
- Easy Mode: Uploading a file to open a shell
- Hard Mode: Creating a remote code exploit in python to tip the machine
5. Metasploit introduction
What is metasploit? How can I use it?
6. Where to go next?
Kali Linux, Wireshark, CTFs, Workshops/Bootcamps.
Participate in a real hacking competition to test your skills! team up, go individually, to solve challenges, or take down others. Will include the very famous Wall of Sheep to show all the accounts you’ve owned.
What are capture the flag competitions?
"In CTF competitions, the flag is typically a snippet of code, a piece of hardware on a network, or perhaps a file. In other cases, the competition may progress through a series of questions, like a race."
Excerpt from https://www.cbtnuggets.com/blog/2018/07/how-to-prepare-for-a-capture-the-flag-hacking-competition/
This event, like all Coderbunker's events, is free of charge for Agora Space members. Want to know how you become a member? click here
ABOUT THE SPEAKER
Samantha is a full-stack engineer at Nike who has been working on the web since man invented fire gifs. She likes to React, Node, and the Unix fortune command. She specializes in web security, scaling, and ASCII art.
ABOUT CO-LEARNING
Co-Learning is cooperative learning (co-learning) sessions in a work environment where participants are following advanced facilitators, self-paced online curriculum and helping each other succeed. We create a good environment for learning with peers, offer opportunities to apply skills to real projects and coach new developers to use industry standard practices.
PROGRAMS
• Learn front and back-end development through FreeCodeCamp
• Learn data science through DataCamp
• Learn DevOps best practice through AWS Training
• Become a full stack web developer
• Become a data engineer or scientist
• Become a certified AWS expert
• Collaborate on Open Source Project to reach professional proficiency
Follow these co-learning tracks using high quality and self-paced online courses. For those who completed at least 50% of the learning track, we invite you to join Open Source projects in small teams to experience a professional team workflow. More on projects athttp://github.com/coderbunker
ORGANIZER
Coderbunker is an international community that helps talented developers grow into successful freelancers with their own personal brand. We connect freelancers with customers by helping customers find the right resource at the right price at the right time. Through our community branding, we’ve generated hundreds of such opportunities in the last year.
CO-ORGANIZER
Agora Space is an international co-working office located in Xuhui district, Shanghai. We are engineers, makers, traders, designers, and entrepreneurs working as freelance or running startup or business.
LOCATION
CANCELATION POLICY
4 days prior to the event – full refund
2-4 days in advance 50% refund
Less than 2 days, no refund