Awesome lineup of Free workshops @August waiting for you! Are you the kind of person who enjoys workshops with practical information? Yes, then register now to take your Desktop & Mobile Security Kung-Fu to the next level.
Free Workshop: Hacking Modern Desktop apps with XSS and RCE
August 12, 18:00-19:00 CEST
Long are the days since desktop apps were written in Delphi. So, what is common between Microsoft Teams, Skype, Bitwarden, Slack and Discord? All of them are written in Electron: JavaScript on the client.
Modern Desktop apps share traditional attack vectors and also introduce new opportunities to threat actors. In this brief 60-minute workshop we will explain and give you a few lab samples covering the following topics:
- Essential techniques to audit Electron applications
- What XSS means in a desktop application
- How to turn XSS into RCE in Modern apps
- Attacking preload scripts
- RCE via IPC
Come and join us for this 60-minute hacking session, we’re sure you’ll leave with a thirst for more!
Cannot make or need a head start? Get the Free Desktop workshop here.
Free Workshop: Hacking Android & iOS apps with Deep Links and XSS
August 19, 18:00-19:00 CEST
In this workshop we provide you with case studies from real-world vulnerable applications as well as know-how and techniques to solve common mobile assessment challenges. Learn about Android & iOS app security by improving your mobile security testing kung-fu.
This brief 60-minute workshop covers the following topics in Android and iOS:
- Deep Link attacks achieving user impersonation
- Bypass authorization controls by Deep Link attacks
- Deep Link attacks to make phone calls
- XSS attacks and data exfiltration on Android & iOS
So stop waiting and Register now to get a chance to attend this live workshop.
Cannot make or need a head start? Get the Free Mobile workshop here.
What do you get?
- Lifetime access to a training portal
- Vulnerable apps to practice
- Guided exercise PDFs
- Video recording explaining how to solve the exercises
- Free access to all future updates
About the Speaker Note
Abraham Aranguren: After 13 years in it sec and 20 in IT Abraham is now the CEO of 7ASecurity, a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Also a distinguished Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. He is the creator of “Practical Web Defense” – a hands-on eLearnSecurity attack / defense course elearnsecurity/PWD. Moreover an OWASP OWTF project leader, an OWASP flagship project owtf.org. Formerly a senior penetration tester / team lead at cure53.de and version1.
As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. He writes on Twitter as @7asecurity @7a_ @owtfp and 7asecurity Blog. Multiple presentations, pentest reports and recordings can be found here.
For the most up-to-date information about upcoming training events, including free workshops, check the training page.
Visit our store and apply the discount code BLOG50 to get $50 off any course of your choice. Alternatively, follow the link below to avail the discount: https://store.7asecurity.com/discount/BLOG50
