Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this unique hands-on training!

I will discuss security bugs found in a number of bug bounty programs (including Google, Yahoo, Mozilla, Twitter and others). You will learn how bug hunters think and how to hunt for security bugs effectively.

To be successful in bug hunting, you need to go beyond automated scanners. If you are not afraid of going into detail and diving into full-stack exploitation, then this training is for you.

Watch 3 exclusive videos to feel the taste of this training:

• Exploiting Race Conditions: https://www.youtube.com/watch?v=lLd9Y1r2dhM

• Token Hijacking via PDF File: https://www.youtube.com/watch?v=AWplef1CyQs

• Bypassing Content Security Policy: https://www.youtube.com/watch?v=tTK4SZXB734

Modern IT systems are complex and it’s all about full-stack nowadays. To become a pentesting expert, you need to dive into full-stack exploitation and gain a lot of practical skills. That’s why I created the Full-Stack Pentesting Laboratory.

For each attack, vulnerability and technique presented in this training there is a lab exercise to help you master full-stack pentesting step by step. What’s more, when the training is over, you can take the complete lab environment home to hack again at your own pace.

I found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this training I’ll share my experience with you. The content of this training has been carefully selected to cover the topics most frequently requested by professional penetration testers.

We will look into how we can bypass kASLR, kLFH, and do hands-on exploitation using data-only attack, which effectively bypasses SMEP and other exploit mitigations.

Upon completion of this training, participants will be able to learn:

• Exploit development process in kernel mode

• Mitigation bypasses

• Pool internals & Feng-Shui

• Arbitrary Read/Write primitive

In this course, we will use Windows 11 x64 for all the labs and has a CTF that runs throughout the training. This course starts with the basics of Windows & driver internals, different memory corruption classes, and fuzzing of kernel mode drivers.

Upon completion of this training, participants will be able to learn:

• Basics of Windows and driver internals

• Different memory corruption classes

• Fuzz kernel mode drivers to find vulnerabilities

• Exploit development process in kernel mode

• Kernel debugging