Scripting and automation are absolutely critical to many aspects of an attacker’s effectiveness, penetration tester or otherwise. Modern WAFs and “bot detections” often add a small layer of intelligence to their monitoring, attempting to determine whether or not an attack is being automated, and shut the bot/botnet down. This class will cover how common forms of WAF & bot detections work and how you can modify your scripting to fly under the radar.
Windows. MacOS or Linux laptop & permission/ability to install software (i.e. Python, node.js, Webstorm or other IDE(if desired)) and create new network interfaces (VPN, etc).
General knowledge of the HTTP protocol (basic webapp functionality, how headers work)
Ability and desire to present and explain one’s own work to a small group
SPEAKER Sam Crowther
SPEAKER Johnny Xmas