Null offensive hacking hands-on training.

Proposed sessions for this event:

  • Exploiting OAuth 2.0 Protocol by Mihir Shah
  • REST API Pentesting by Mihir Shah
Note: The session details including schedule are available below.

REST API Pentesting & Exploiting OAuth 2.0 Protocol

Workshop Objective:

To help the attendees understand OAuth 2.0 Protocol and the approach for REST API Pentesting.

Table of Contents:
•Exploiting OAuth 2.0 Protocol
◦Understanding OAuth 2.0 authentication protocol
◦Exploitation Methods
◦Exploit Demo: Forcing a malicious app installation
◦Miscellaneous Attacks: Directory traversal, Domain tricks, etc.

•REST API Pentesting
◦Understanding REST API
◦Setting-up the Test Environment
◦Testing the Developer API
◦Exploiting the API (Scope-based, Role-based, IDOR testing)
◦Enumerating Endpoints (e.g., through parameter fuzzing, etc.)

Software Prerequisites:

Attendees must ensure that they have following mandatory before attending the session:
1. A laptop
2. A working internet connection
3. Mutillidae setup
4. Download and setup the Virtual Machine that has all the tools setup from google drive

All the required per-requisites are packaged in to an Ubuntu VM except for the Mutillidae. You can use the download links below to complete the initial setup:

Download links:
1. Mutillidae:
2. VM Download Link :

Date Saturday October 06 2018
Chapter Bangalore
Registrations 43
Max Registrations 45
Event Type Invite Only
Start Time 09:30 AM
End Time 04:30 PM

Session Schedule

Name Speaker Start Time End Time Resources
Exploiting OAuth 2.0 Protocol Mihir Shah 09:30 AM 01:30 PM
Lunch 01:30 PM 02:15 PM
REST API Pentesting Mihir Shah 02:15 PM 04:30 PM


This is an invite only event. If you are selected you will receive further information via e-mail.