HITB-Invoice-Logo-1.png

1-day hands-on technical Workshop

Art of Mass Scanning

Register$1,000.00

This course is for you if you want to expand your knowedge and skills to explore the power of at scale scanning for security vulnerabilities on a massive scale.
You would be able to scan millions of assets with limited resources and explore unexplored avenues
Categories , , , , ,

Duration

1-day

Delivery Method

In-Person

Level

intermediate

Seats Available

20

ATTEND IN-PERSON: Onsite at Abu Dhabi

DATE: 28 November 2024

TIME: 09:00 to 17:00 GST/GMT+4

A lot of exclusive lab environment and a lot of content and labs would be designed specifically for HITB. (first time).
Mass scanning is the process of scanning a large number of hosts or IP addresses to identify potential security vulnerabilities or weaknesses. This type of scanning is often used by security professionals to identify and assess the security posture of large networks or infrastructures. Another key advantage of mass scanning is scalability. Mass scanning can automate the process of scanning a large number of hosts, IP addresses, and processes, which can be done in a relatively short amount of time. This can save security professionals a significant amount of time compared to manually scanning or even performing security research at scale.

 

Key Learning Objectives
  • Gain the ability to perform mass scanning at scale, allowing you to efficiently identify potential vulnerabilities and weaknesses in large networks or infrastructures.
  • Learn techniques for enhancing Bash and Python scripts, enabling you to automate boring and repetitive tasks, speed up your scripts, and improve efficiency and accuracy.
  • Develop the skills to create automation bots that can operate in multi-environment environments, streamlining and optimizing security processes.
  • Understand the potential of microservices-based applications, APIs, and Slack integration to improve communication and efficiency in security processes.
What will the students get

The lab’s working code and applications will allow you to practice and experiment with the techniques and tools covered in the course. This access will help you build your skills and confidence in using these tools for security purposes. Course slides will provide you with an overview of the key concepts and topics covered in the course. These slides will help you review and understand the course material and provide you with a helpful reference tool for future work in this field. A ready-made, easy-to-install working setup that can be quickly spun up.

 

Topics Covered

Introduction to mass scanning

  • What is mass scanning
  • Why Mass scanning is needed Using python to enhance your exploits
  • Python Threading
  • Python Multithreading
  • Python Asynchronous Computation o Speed up your exploits
  • Writing an XSS finder Python Script o Enhancing the python script

 

Bash Programming

  • Introduction to Bash scripting
  • Automating your boring tasks using bash o Enhancing your bash scripts
  • Speed up your bash scripts

 

Yaml templating

  • Understanding the working of nuclei o Creating your first nuclei template
  • Enhancing execution of nuclei
  • Parallel execution of nuclei
  • Distributed nuclei execution Axiom
  • Introduction to Axiom
  • Demo – Why is Axiom needed?

 

Creating your first Automation BOT on a multi-cloud environment

  • Introduction to Python Flask
  • Introduction to Microservices
  • Building microservices-based applications o Creating APIs over your security tools
  • Deploying Microservices
  • Slack Integration

TRAINER

Hassan Khan Yusufzai

Security Researcher

Why You Should Take This Course

This course is for you if you want to expand your knowedge and skills to explore the power of at scale scanning for security vulnerabilities on a massive scale.
You would be able to scan millions of assets with limited resources and explore unexplored avenues

Who Should Attend

Software developers, security engineers, architects, researchers, bug bounty hunters, system administrators, students, and curious security professionals

Prerequisite Knowledge

To fully understand and implement the concepts covered in this course, some basic knowledge and experience in programming is required, particularly in Python and Bash.
This includes an understanding of variables, data types, loops, and conditional statements in both languages.
Additionally, knowledge of basic web development concepts such as HTML, CSS, and JavaScript will be helpful in understanding the mechanics of web application security.
Familiarity with web application security, network scanning, and penetration testing will also be beneficial. This includes an understanding of common web application vulnerabilities such as Cross-Site Scripting (XSS), SQL injection, and CSRF, as well as techniques for scanning and exploiting these vulnerabilities.
Experience with using security tools such as OWASP ZAP, Burp Suite, or similar tools will also be useful.
Along with the other prerequisites, it is also helpful to have familiarity with Model-View-Controller (MVC) framework architecture. This is a common architecture used in web development, and understanding its principles can be helpful in building and testing web applications.

Hardware / Software Requirements

  • Linux/Mac/Windows any laptop
  • Laptop with minimum 8GB RAM and 40GB free hard disk space with USB ports and virtualization enabled/available.
  • Students must have full control of the laptop (can install required software and tools)
  • Ability to connect to the internet (The class requires going online).
  • An active AWS account for each student (free tier or otherwise) is required.

HACK IN THE BOX LIMITED

Ground Floor, Accelerator Building
Masdar City Abu Dhabi,
United Arab Emirates

Facebook Twitter Youtube