Workshop

Seasides 2025 Edition

Advance web hacking & CVE Cipher: Decoding Threats

This training gets you access to Enciphers’ invite-only platform, VantagePoint, where you can tackle challenges by identifying and exploiting critical CVEs. Through this hands-on experience, you will learn to exploit CVEs to gain shell access on servers, capture reverse shells by leveraging vulnerabilities, and develop a deep understanding of complex security flaws.

This training is designed exclusively for experienced professionals such as penetration testers, hackers, and red teamers—it’s not suitable for beginners. Understanding and leveraging Common Vulnerabilities and Exposures (CVEs) is a cornerstone of effective penetration testing and cybersecurity. This workshop aims to demystify the process of identifying, analyzing, and exploiting CVEs, equipping participants with practical knowledge to strengthen their offensive and defensive security skills.

We will begin by exploring the significance of CVEs in the cybersecurity landscape, emphasizing their role in assessing risks and mitigating potential threats.The hands-on segment will focus on exploiting real-world CVEs using controlled environments and demonstrating the step-by-step techniques attackers use to exploit these vulnerabilities. By walking through exploitation scenarios, attendees will gain insights into the mindset
of an adversary and learn how to replicate these techniques to test their own systems.

Note: The basic level knowledge of web application hacking is mandatory.

Introduction to CVEs and their Importance

Jump into the hacking

  • Is your environment ready to hack?
    • Tools check:
      • Burp suite
      • Metasploit
    • Admin access?
    • Do you have a VPS to catch the reverse shell? If not, may be create one or join someone who has

Starting with the Challenges

The workshop consists of 6 hands-on challenges based on some very recent and popular CVEs. During the workshop, all participants will be given time to solve the challenges and after that the trainers will provide technical explanations of the CVE while solving the challenge. To keep things as real-world as possible, the CVE, about which the challenge is, is not disclosed beforehand and it is something that the participants will have to deduce themselves while solving the challenges. Below are the names of the 6 challenges that we are going to cover:

  • Crushed File
  • Fire in the hole
  • Logged Shell
  • Confused OGNL
  • Crack the cacti
  • CLI Intrigue


Q&A and Closing Remarks

  • Addressing participant queries and concerns
  • Recapitulating key takeaways from the training session
  • Resources for further learning and self-improvement

What to bring

● Laptop with good configuration and admin privilege preferably a Kali VM
● Burp Suite Community or Pro
(https://portswigger.net/burp/communitydownload)
● Optional: It would be great if you have a VPS setup of yourself, to catch the
reverse shells

Training prerequisites

● Basic knowledge of web application penetration testing
● Basic knowledge of burp suite
● For example, using burp suite, basics of linux, using a VPS for hacking,

● Meet awesome trainers
● Get some sticker & swag (if you can answer complex questions)
● Maybe win some prizes
● Ohh yeah, learn some hacking