Breakpoint Training



Louis Nyffenegger & Luke Jahnke

October 06 - 07, Melbourne, Australia



ENDS June 30



ENDS August 31



STARTS September 01

Prices are GST inclusive


Tired of alert(1)? You think there is more to life than running Burp scanner? You went through PentesterLab's exercises and thought "I WANT MORE!!"? This training is for you!

This 2-day training will get you to the next level. We will look into CORS, WebSockets, the exploitation of vulnerabilities published in 2014 (Struts RCE, Rails', Heartbleed...). We will also get shells using serialisation in multiple languages and find vulnerabilities that you may have missed in the past.

After a quick overview of what you need to know to attack web applications, we will directly jump to the interesting stuff: Hands-on training and real attacks. The class is a succession of 10 minute explanations on what you need to know, followed by hands-on examples to really understand and exploit vulnerabilities.

After the training, you go home with the course (slides based), the detailed version of the course (in-depth walk-through), and the systems to be able to play and refresh your memory!


The following subjects will be covered:

  • Cross-origin resource sharing
  • WebSockets
  • Struts RCE
  • Multiple Serialisation attacks (PHP, Python, Java)
  • Jboss web-console
  • Blind XML entities attacks
  • Heartbleed
  • Tricky SQL injections