Whitebox Web Exploit Dev (WWED)

Whitebox Web Exploit Dev (WWED)

Level of Instruction: Intermediate

Instructed by: Cale "calebot" Smith, Luke Cycon, Young Seuk Kim, Priyanka Joshi

Abstract:

WWED is designed for students to gain experience exploiting real world web applications and take their assessment skills to the next level. Students will learn advanced vulnerability discovery techniques to identify and exploit vulnerabilities in real world web applications. Getting hands-on experience using free and widely available Linux utilities to observe application behavior, to more effectively discover and exploit application vulnerabilities. Using a whitebox approach students will rapidly discover and exploit non-trivial bugs. Not requiring the use of expensive commercial tools or with the guess work which comes along with blackbox testing.

Students will be provided virtual machines of commercially available software applications which will be used for this heavily lab focused course. At the conclusion of the class each student will have developed a fully functional remote root PoC. This course targets a wide level of skill levels and will leverage a hints system to help students who may fall behind. Incrementally releasing solutions through each exercise.