Full-Stack Pentesting Laboratory (100% Hands-On Labs + Lifetime LAB Access)
Gain the skills needed to master modern attack vectors and implement effective defensive countermeasures! Instructor Dawid Czagan has found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this Pentesting Laboratory he’ll share his experience with you.
Training duration: 21 academic hours, all of which are theoretical and practical work (3 days).
Early bird price: 1690€ + VAT (when registering by 14 December 2025 inclusive).
Target audience: People who want to develop the skills needed to master modern attack vectors and implement effective defensive countermeasures.
Prerequisites: To get the most of this training intermediate knowledge of web application security is needed. Students should have experience in using a proxy, such as Burp Suite Proxy or Zed Attack Proxy (ZAP), to analyze or modify the traffic.
Technical requirements: Students will need a laptop with 64-bit operating system, at least 8 GB RAM, 35 GB free hard drive space, administrative access, ability to turn off AV/firewall and VMware Player/Fusion installed (64-bit version). Prior to the training, make sure there are no problems with running x86_64 VMs.
Training objective
The objective of this Full-Stack Pentesting Laboratory training course is to develop the skills needed to master modern attack vectors and implement effective defensive countermeasures.
Contents of this training
Modern IT systems are increasingly complex, making full-stack expertise more essential than ever. That’s why diving into full-stack pentesting is crucial – you will gain the skills needed to master modern attack vectors and implement effective defensive countermeasures. For each attack, vulnerability and technique presented in this training, there is a lab exercise to help you develop your skills step by step. What’s more, when the training is over, you can take the complete lab environment home to hack again at your own pace.
The trainer Dawid Czagan has found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this Full-Stack Pentesting Laboratory training he’ll share his experience with you.
What Students Will Receive
Students will be handed in a VMware image with a specially prepared lab environment to play with all attacks, vulnerabilities and techniques presented in this training. When the training is over, students can take the complete lab environment home (after signing a non-disclosure agreement) to hack again at their own pace.
Special Bonus: The ticket price includes FREE access to 6 online courses:
- Fuzzing with Burp Suite Intruder
- Exploiting Race Conditions with OWASP ZAP
- Case Studies of Award-Winning XSS Attacks: Part 1
- Case Studies of Award-Winning XSS Attacks: Part 2
- How Hackers Find SQL Injections in Minutes with Sqlmap
- Web Application Security Testing with Google Hacking
After completing this training, you will have learned about:
- Hacking cloud applications
- API hacking tips & tricks
- Data exfiltration techniques
- OSINT asset discovery tools
- Tricky user impersonation
- Bypassing protection mechanisms
- CLI hacking scripts
- Interesting XSS attacks
- Server-side template injection
- Hacking with Google & GitHub search engines
- Automated SQL injection detection and exploitation
- File read & file upload attacks
- Password cracking in a smart way
- Hacking Git repos
- XML attacks
- NoSQL injection
- HTTP parameter pollution
- Web cache deception attack
- Hacking with wrappers
- Finding metadata with sensitive information
- Hijacking NTLM hashes
- Automated detection of JavaScript libraries with known vulnerabilities
- Extracting passwords
- Hacking Electron applications
- Establishing reverse shell connections
- RCE attacks
- XSS polyglot
- and more …
The Full-Stack Pentesting Laboratory training is conducted in collaboration with Silesia Security Lab
You may also be interested in course Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation (100% Hands-On Labs)
Instructor
Instructor Dawid Czagan is an internationally recognized security researcher, trainer and the founder and CEO at Silesia Security Lab . He is listed among top hackers at HackerOne. Dawid Czagan has found security bugs in Apple, Google, Mozilla, Microsoft and many others. Due to the severity of many bugs, he received numerous awards for his findings.
Dawid Czagan shares his offensive security experience through his hands-on training courses. He has delivered training sessions at key industry conferences such as DEF CON (Las Vegas), OWASP Global AppSec EU (Barcelona), Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), NorthSec (Montreal), HITB GSEC (Singapore) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector.
What Students Say / Recommendations are available on Dawid Czagan’s LinkedIn profile. They can also be found here: Silesia Security Lab.
Course agenda
Day 1
1. Hacking cloud applications (90 minutes)
– Amazon S3: directory listing via AWS CLI tool
– Amazon S3: bruteforcing buckets
– Amazon S3: bruteforcing objects in a given bucket
– Amazon EC2: reading the SecretAccessKey (3 techniques)
– Bypassing Cloudflare firewall
2. API hacking tips & tricks (60 minutes)
– API hacking with X-HTTP-Method-Override:
– API hacking with X-Override-URL:
– API hacking with callback
– API hacking with JSON enforcement (in request)
– API hacking with JSON enforcement (in response)
3. OSINT asset discovery tools (60 minutes)
– Subdomain enumeration with dnscan and amass
– Subdomain enumeration with Certificate Transparency log
– Subdomain enumeration with SubDomainizer
– Domain enumeration with nerdydata.com
– Top-level domain enumeration with dnscan
4. Hacking with special characters (45 minutes)
– Visual impersonation with ASCII control characters
– Visual impersonation with Unicode control characters
– XSS via response splitting
5. XML attacks (45 minutes)
– XML External Entity attack (XXE)
– XML XInclude attack
– XSS via XML
6. Server-side template injection (SSTI) (60 minutes)
– RCE via template injection in PHP Smarty
– RCE via template injection in Python Jinja
– RCE via template injection in Java FreeMarker
7. Hacking git repos (45 minutes)
– gitleaks (finding sensitive data based on regular expressions)
– trufflehog (finding sensitive data based on entropy checking)
– dumping git repo with git-dumper
– finding sensitive data in git commit history
Day 2
1. Google hacking techniques (45 minutes)
– finding directory listings and backup files
– finding SQL syntax errors
– finding URLs with API keys
– finding internal server errors
– finding insecure HTTP web pages
2. Automated SQL injection detection and exploitation (45 minutes)
– sqlmap: full test case coverage, dumping database table entries
– sqlmap: installing a backdoor (from SQL injection to remote code execution)
– sqlmap: bypassing web application firewalls with tamperscripts
3. File read attacks (60 minutes)
– Alternate Data Streams notation
– 8dot3 notation
– Windows NTFS (2 techniques)
4. Data exfiltration tools and techniques (90 minutes)
– DNS exfiltration using dnscat2
– ICMP exfiltration using Data Exfiltration Toolkit
– text-based steganography using cloakify
– image-based steganography exfiltration using LSBSteg
– video-based steganography using CCVS
5. GitHub hacking techniques (45 minutes)
– web config files
– database config files
– private keys
– IDE config files
– Amazon AWS keys
6. Non-standard XSS attacks (30 minutes)
– XSS attack with two slashes
– XSS via URL
7. Smart password cracking with hashcat (45 minutes)
– cracking NTLM password
– cracking password-protected PDF document
– benchmarking
8. Other tools and techniques (45 minutes)
– Retire.js: finding JavaScript libraries with known vulnerabilities
– Extracting passwords with LaZagne
– NTLM hash hijacking with Responder
Day 3
1. File upload attacks (45 minutes)
– via .htaccess
– via SVG file
– via AddHandler
2. CLI hacking scripts (60 minutes)
– using waybackurls
– using photon
– using nmap + nikto
– nmap vs. masscan
3. Hacking with wrappers (60 minutes)
– RCE with data: wrapper
– RCE with php://input wrapper
– RCE with zip: wrapper
4. NoSQL injection detection and exploitation (45 minutes)
– Elasticsearch
– MongoDB
– CouchDB
5. Bypassing restrictions (60 minutes)
– with X-Forwarded-For:
– with Forwarded:
– with IP address
– with hex encoding in JavaScript
6. Modern full-stack web attacks (45 minutes)
– HTTP parameter pollution
– Web cache deception attack
7. Hacking Electron applications (45 minutes)
– from XSS to RCE
– from insecure framing to RCE
8. Miscellaneous (45 minutes)
– Finding metadata with exiftool
– Reverse shell connection with ShellPop
– XSS polyglot
All topics are covered through practical labs.
Intended outcome
Learning objectives:
Upon the successful completion of this Full-Stack Pentesting Laboratory training course, you:
- have gained the skills needed to master modern attack vectors and implement effective defensive countermeasures.
The price includes:
- the Full-Stack Pentesting Laboratory training is delivered by an instructor who holds at least level 5 of an adult educator qualification and has relevant work experience in the respective field;
Continuing Education Curriculum Group: Software and application development and analysis
Trainer
-
Dawid CzaganAn internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Due to the severity of many bugs, he received numerous awards for his findings.Dawid Czagan is an internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security bugs in Apple, Google, Mozilla, Microsoft and many others. Due to the severity of many bugs, he received numerous awards for his findings.
Dawid Czagan shares his offensive security experience through his hands-on training courses. He has delivered training sessions at key industry conferences such as DEF CON (Las Vegas), OWASP Global AppSec EU (Barcelona), Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), NorthSec (Montreal), HITB GSEC (Singapore) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (recommendations are available on Dawid Czagan’s LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: https://silesiasecuritylab.com/services/training/#opinions).
Dawid Czagan is the founder and CEO at Silesia Security Lab. To find out about the latest in his work, you are invited to subscribe to his newsletter (https://silesiasecuritylab.com/newsletter) and follow him on Twitter (@dawidczagan), YouTube (https://www.youtube.com/channel/UCG-sIlaM1xXmetFtEfqtOqg), and LinkedIn (https://www.linkedin.com/in/dawid-czagan-85ba3666/).
