Full Stack Web Attack is not an entry-level course. It’s designed to push you beyond what you thought was possible and set you on the path to develop your own workflow for offensive zero-day web research.
Full chain exploit development is taught in class
This course is developed for web penetration testers, bug hunters and developers that want to make a switch to server-side web security research or see how serious adversaries will attack their web based code.
Each of the vulnerabilities presented have either been mirrored from real zero-day or are n-day bugs that have been discovered by the author with a focus on not just exploitation, but also on the discovery.
So if you want to learn how to exploit web technologies without client interaction for maximum impact, that is, remote code execution then this is the course for you.
Leave your OWASP Top Ten and CSP bypasses at the door.
The student should bring with them:
The student will also need:
Additionally, before signing up for this course students should complete the challenge to self assess if this course is right for them.
Java Deserialization Primer
Analyzing the Struts Framework
Java deserialization for Security Researchers
Java Bean Validation - Attacking Custom Validators
Architecture and Framework Overview
Developing C# Applications in Visual Studio
C# .NET Deserialization Primer
Analysis of CVE-2023-XXXXX Remote Code Execution
Analysis of CVE-2023-XXXXX Elevation of Privilege
Analysis of CVE-2023-XXXXX File Disclosure
Analysis of CVE-2023-XXXXX External Entity Injection
My name is Steven Seeley, but I am also known as
mr_me. I’m an information security specialist and I’m back in Australia after having worked in north and central America for a decade. I have years of local and international experience in corporate and government penetration tests, source code audits and security research. I also teach a technical hacking class called Full Stack Web Attack where students learn to dive into source code and hunt language specific edge cases to detect high impact vulnerabilities and exploit them.
These days I spend less time on a computer and more time with loved ones and practicing hermeticism.