WEB-300 - Advanced Web Attacks and Exploitation (AWAE/OSWE)

OffSec s Advanced Web Attacks and Exploitation (WEB-300) 5-Days course dives deep into the latest web application penetration testing methodologies and techniques. Learners gain extensive hands-on experience in an environment designed to elevate their skills in ethical hacking, vulnerability discovery, and exploit development.

Successful completion of the course and challenging exam earns the OffSec Web Expert (OSWE) certification. This web application security certification validates expertise in advanced web application security testing, including bypassing defenses and crafting custom exploits to address critical vulnerabilities, making certified professionals an asset for securing any organization against web-based threats.

Introduction

• About the AWAE Course
• Our Approach
• Obtaining Support
• Offensive Security AWAE Labs
• Reporting
• Backups
• About the OSWE Exam

Tools & Methodologies

• Web Traffic Inspection
• Interacting with Web Listeners using Python
• Source Code Recovery
• Source Code Analysis Methodology
• Debugging

ATutor, Authentication, Bypass and RCE

• Initial Vulnerability Discovery
• A Brief Review of Blind SQL Injections
• Digging Deeper
• Data Exfiltration
• Subverting the ATutor Authentication
• Authentication Gone Bad
• Bypassing File Upload Restrictions
• Gaining Remote Code Execution

ATutor LMS Type, Juggling Vulnerability

• PHP Loose and Strict Comparisons
• PHP String Conversion to Number
• Vulnerability Discovery
• Attacking the Loose Comparison

ManageEngine, Applications Manager, AMUserResourcesSyn, cServlet SQL Injection, RCE

• Vulnerability Discovery
• How Houdini Escapes
• Blind Bats
• Accessing the File System
• PostgreSQL Extensions
• UDF Reverse Shell
• More Shells!!!

Bassmaster NodeJS, Arbitrary JavaScript, Injection Vulnerability

• The Bassmaster Plugin
• Vulnerability Discovery
• Triggering the Vulnerability
• Obtaining a Reverse Shell

DotNetNuke Cookie, Deserialization RCE

• Serialization Basics
• DotNetNuke Vulnerability Analysis
• Payload Options
• Putting It All Together

ERPNext, Authentication Bypass and Server Side Template Injection

• Introduction to MVC, Metadata-Driven Architecture, and HTTP Routing
• Authentication Bypass Discovery
• Authentication Bypass Exploitation
• SSTI Vulnerability Discovery
• SSTI Vulnerability Exploitation

openCRX, Authentication Bypass and Remote Code, Execution

• Password Reset Vulnerability Discovery
• XML External Entity Vulnerability Discovery
• Remote Code Execution

openITCOCKPIT XSS and OS Command Injection Blackbox

• Black Box Testing in openITCOCKPIT
• Application Discovery
• Intro To DOM-based XSS
• XSS Hunting
• Advanced XSS Exploitation
• RCE Hunting

Concord, Authentication Bypass to RCE

• Authentication Bypass: Round One - CSRF and CORS
• Authentication Bypass: Round Two - Insecure Defaults

Server-Side Request, Forgery

• Introduction to Microservices
• API Discovery via Verb Tampering
• Introduction to Server-Side Request Forgery
• Render API Auth Bypass
• Exploiting Headless Chrome
• Remote Code Execution

Guacamole Lite, Prototype Pollution

• Introduction to JavaScript Prototype
• Prototype Pollution Exploitation
• EJS Handlebars

Conclusion

• The Journey So Far

While there are no formal certification prerequisites, it s strongly recommended that you have:

• Comfort reading and writing at least one coding language
• Familiarity with Linux
• Ability to write simple Python / Perl / PHP / Bash scripts
• Experience with web proxies
• General understanding of web app attack vectors, theory, and practice

The WEB-300 course is ideal for experienced penetration testers and security professionals seeking to master advanced web application attacks and exploitation techniques, ultimately earning the OSWE certification.