Available Trainings
If you just want to register for next training alerts, here’s the link!
Teaching good practices and acquiring a deep knowledge for the technologies we use is a key component of the security & IT fields. It helps actors building more robust and secure websites, infrastructures, and tooling. This is why I’m more than convinced that teaching & practicing should be the first steps taken to improve the company’s security, the employee’s happiness, and their interest & ownership culture.
- All of these Talks and Workshops are available both in French and English
- The trainings content can be tweaked on demand, you can pick any language / framework
- Prices (500€ per day per trainee) are cut in half for NGO, Schools, and Students
- The trainings are remote by default, but if an individual or company can host the event, it’s even better!
- Feel free to get in touch (email in the registration form) for more information on the content and/or pricing !
Web Hacking lvl-10 | Introduction to Web Exploit Basics // Beginner friendly
- content: Initiation to Web Hacking, OWASP-like, Frontend, Backend, Recon
- duration: 2 to 5 days
- public: 4 to 12 folks
Web Hacking lvl-20 | Introduction to Web 0day Research // Confirmed hacker
- content: How to pick a Target, Create a lab, Tooling for Observability & Inrospection, Research Process, and Methodology
- duration: 2 to 3 days
- public: 4 to 12 folks
- note: more details on this twitter thread
Web Hacking lvl-30 | Advanced Web 0day Research // H4rdc0re team
- content: We pick a target or technology, and spend as long as we can ($$) breaking it together
- duration: 5+ days
- public: 4 to 6 folks
- note: The target can be one of your company product, an open source framework, or even a premium solution if you can provide (buy legally) the source code.
Why this guy? Are these trainings relevant anyway?
If you’re still wondering if it’s worth it, please have a look at my previous public talks:
2023
- Started streaming on Twitch: https://www.twitch.tv/thelaluka
- Records on youtube (FR with EN subs): https://www.youtube.com/@TheLaluka
- This takes a lot of time, but talks should still be a thing! :)
2022
- Php Introspection Applied To 0-Day Research - Rump-A-Rennes & GreHack - EN
- Breaking WebPageTest for Fun & Smol Profit - DEFCON Meet Paris - EN
- 1001 RCE, 60 Remote Code Execution in 60 minutes - HitchHack - FR
- Pentest Web 101 - Root-Me talks - FR
- Introducing pty4all - TheBlackSide Opening - FR
- Exploiting PulseSecureVPN through Guacamole & WebSocket pollution - RTFMeet - FR
- FUD reverse meterpreter in golang - Informal, with friends - FR
2021
- Podcast Hack’n’Speak - FR
- Podcast SecHebdo - 14 Episodes covering weekly security issues - FR
- What if you’re pwned during an offensive engagement? Blue team goes brrrr - BarbHack - FR
- Not recorded
2018
- 1, 2, 3, PWNED (binary exploitation) - HitchHack
So here are a few topics I am willing to cover, and how technical they can be pushed.
Source: Barbhack 2021 - What if you’re pwned during an offensive engagement? Blue team goes brrRRR - @TheLaluka
Past sessions
S01 | lvl-20 | 2023 January
Attendees:
- @Nishacid
- @d34dl0ck_
- @Vhelen_
- urukaiii
Findings:
- 2 RCEs full chain
- 1 Auth bypass (weak secret)
- 1 Privilege escalation
- 1 SQL injection
- 1 File read
- 2 File write
- 2 SSRF
S02 | lvl-20 | 2023 July
Attendees:
Findings:
- 2 RCE post-auth
- 3 File write
- 1 SSTI Twig
- Phar unserialize trigger & gadget
- 1 File read