© 2025 skidz.io

Our Trainings

Skidz is committed to creating a secure ecosystem through profound understanding and real-world experience gained from rigorous testing. Our mentors offer live hands-on trainings to help you develop skills and tackle specific challenges effectively. By applying practical insights and established methodologies, supported by Skidz custom labs that mimic real-life scenarios, you’ll be able to implement robust security measures and stay ahead of emerging threats.

We believe in knowledge transfer through an inquiry-based model. Strong foundations are built through iterative learning, inquiry, and self-motivated practice and research. If a topic doesn’t ignite your enthusiasm, you haven’t learned it right!

Learn

Inquire

Apply

Research


Who should take it?

Organizations

Strengthen your security posture and enhance resilience across your organization through comprehensive knowledge transfer.

Individuals

Gain essential skills and hands-on experience to confidently tackle real-world security challenges and advance your career in cybersecurity.

Network Penetration Testing – Skid

The Skid Level of Network Penetration Testing training offers essential methodologies for conducting robust network security assessments. This course aims to equip participants with the skillset and technical knowledge needed for an assessment, supported by Skidz hands-on labs that mimics real-life scenarios.

Course Information

Objectives
  • Proficiency in vulnerability scanning and discovery techniques.
  • In-depth knowledge of various penetration testing methods.
  • Familiarity with industry-standard penetration testing methodologies, scope, and Rules of Engagement (ROE).
  • Foundational expertise in Linux command line interface (CLI) and security practices.
  • In-depth knowledge of Unix and Windows operating systems internals.
  • Ability to analyze and exploit vulnerabilities in different services for Linux and Windows.
  • Understanding of post-exploitation techniques to maintain access and persistence.
  • Ability to write professional findings report documents.
Good to Have
  • Familiarity with networking concepts, including TCP/IP, subnets, and common protocols (e.g., HTTP, DNS) to understand the context of network security assessments.
  • A foundational grasp of cybersecurity principles, including common threats, vulnerabilities, and defense mechanisms.
  • Familiarity with the fundamentals of programming including variables, loops, conditionals, functions, in addition to data types such as arrays.
Content
  • Module 1: Getting Started with Linux
    • 1.1 Setting Up a Virtual Environment for Testing
    • 1.2 Linux Directory Structure
    • 1.3 Getting Familiar with the CLI
    • 1.4 A Deep Dive into Linux Security and Permissions
    • 1.5 Linux User and Package Management
    • 1.6 Introduction to Linux Processes, Services, and Cron Jobs
  • Module 2: Getting Started with Windows
    • 2.1 Overview of the Windows File System
    • 2.2 Interacting with Windows
    • 2.3 Understanding Windows Permissions and ACLs
    • 2.4 Exploring the Windows Registry
    • 2.5 How Windows Authentication Works
    • 2.6 Introduction to Windows Processes, Services and Scheduled Tasks
  • Module 3: Building your Penetration Testing Methodology
    • 3.1 What is a Penetration Testing Assessment
    • 3.2 Introduction into the Penetration Testing Methodology
  • Module 4: The Pre-engagment Phase
    • 4.1 Define your scope
    • 4.2 Setting up the Rules of Engagement (ROE)
  • Module 5: Starting with Reconnaissance and Information Gathering
    • 5.1 Introduction to Passive and Active Scans
    • 5.2 Diving Deep into Linux Service Enumeration and Protocols
    • 5.3 Diving Deep into Windows Service Enumeration and Protocols
  • Module 6: Vulnerability Analysis
    • 6.1 Assessing the Vulnerable Services and Components
    • 6.2 Identifying the Exploitable Targets
  • Module 7: Exploiting your Target
    • 7.1 An Entry into Web Application Penetration Testing
    • 7.2 Understanding the Web Application Design
    • 7.3 Making use of Burp Suite Utilities
    • 7.4 Web Vulnerabilities Methodology
    • 7.5 Working with Public Exploits
    • 7.6 Different $SHELL Types
    • 7.7 Cracking Weak User Credentials
    • 7.8 Using a Responder for Poisoning
  • Module 8: Linux Post-Exploitation
    • 8.1 How to Transfer Testing Files
    • 8.2 Upgrading your $SHELL
    • 8.3 Exploiting the Kernel
    • 8.4 SUDO Misconfigurations
    • 8.5 Password Mining
    • 8.6 Elevating Privileges Through Misconfigured Cron Jobs
    • 8.7 Advanced File Permissions
    • 8.8 Exploring Results of Automated Enumeration Scripts
    • 8.9 Setting up Tunneling for Cross-Network Services
  • Module 9: Windows Post Exploitation
    • 9.1 An Exploration of Windows Privilege Escalation Techniques
    • 9.2 Exploiting the Kernel
    • 9.3 Always Installed Elevated
    • 9.4 Exploiting Misconfigured Windows Autoruns
    • 9.5 Hijacking DLLs for Elevation
    • 9.6 Insecure Service Executables
    • 9.7 Weak Windows Registries
    • 9.8 Elevating Privileges Through Misconfigured Scheduled Tasks
    • 9.9 Windows Unquoted Service Path Exploitation
    • 9.10 Exploring Different Potato Privilege Escalation Techniques
  • Module 10: Cleanup
  • Module 11: Reporting
Channel & Duration
  • Online, live training
  • 60 Hours

Web Application Security – Skid

The Skid Level of Web Application Security course offers a comprehensive methodology for conducting security assessments on web applications. It begins with a solid foundation in web application fundamentals, including APIs, domains, protocols, and proxies.
The course then covers reconnaissance techniques and various vulnerabilities, teaching participants how to identify, exploit, and prevent these issues. Real case studies will illustrate the discovery of vulnerabilities in well-known websites such as Meta, PayPal, and Shopify. Additionally, in-house labs provide hands-on experience in identifying and addressing these vulnerabilities.

Course Information

Objectives
  • Demonstrate proficiency in web application design and architecture
  • Analyze various components of web applications effectively
  • Understand fundamental concepts related to web applications
  • Assess different server-side and client-side vulnerabilities
  • Gain in-depth experience in exploiting web vulnerabilities
  • Recommend appropriate mitigations to prevent web vulnerabilities
Good to Have
  • A foundational grasp of cybersecurity principles, including common threats, vulnerabilities, and defense mechanisms
  • Familiarity with the fundamentals of programming including variables, loops, conditionals, functions, in addition to data types such as arrays
Content
  • Module 1: Web Applications Background
    • 1.1 The Evolution of Web Applications
    • 1.2 Web Applications Architecture
      • 1.2.1 Client-Server Model
      • 1.2.2 The Anatomy of the HTTP Protocol
      • 1.2.3 What is a Uniform Resource Locator (URL)
      • 1.2.4 API and File Driven Web Applications
      • 1.2.5 The Journey of the HTTP Request
    • 1.3 Networking in the Context of Web Applications
  • Module 2: Web Applications Security Assessment
    • 2.1 Whitebox vs Greybox vs Blackbox Assessments
    • 2.2 Identifying the Attack Surface
  • Module 3: Vulnerability Analysis
    • 3.1 Server-Side Vulnerabilities
      • 3.2 Business Logic Vulnerabilities
      • 3.3 Exploiting Databases with SQL Injection
      • 3.4 Remote Code/Command Execution
      • 3.5 Path Traversal and File Inclusion Vulnerabilities
      • 3.6 Broken Authentication and Authorization
      • 3.7 File Upload Vulnerability
    • Module 4: Client-Side Vulnerabilities
      • 4.1 Cross-site Scripting (XSS)
      • 4.2 Open Redirect
    • Module 5: Vulnerability Remediation
      • 5.1 Validation Methods
      • 5.2 Sanitization Techniques
  • Module 6: Reporting
Channel & Duration
  • Online, live training
  • 40 hours

Web Application Security – Ninja

The Ninja Level of the Web Application Security training builds upon the Skid level methodology, delving into advanced topics, vulnerabilities, and attack scenarios such as SSRF, SSTI, and Race Conditions. This training focuses on the detection and exploitation of these vulnerabilities, demonstrating their potential to cause significant impacts on servers, including leaking sensitive information, compromising user accounts, and gaining full access to the server.
Furthermore, the course delves into client-side attacks, teaching participants how to bypass server-configured protections that are implemented by browsers like CSP, SOP, CORS, and Cookies attributes. Moving to perform attacks like CSRF. This knowledge will be acquired through practical demonstrations, real-life case studies, and hands-on experience in our in-house labs.

Course Information

Objectives
  • Demonstrate proficiency in modern web application designs
  • Foundational understanding of web application development
  • Ability to analyze different web technologies
  • In-depth understanding of complex server-side vulnerabilities
  • Ability to exploit complex test cases through manual and automated tools
Good to Have
  • A foundational grasp of cybersecurity principles, including common threats, vulnerabilities, and defense mechanisms
  • Familiarity with the fundamentals of programming including variables, loops, conditionals, functions, in addition to data types such as arrays
  • Foundational knowledge web application design and architecture
  • Experience in assessing web vulnerabilities such as SQLi, RCE and XSS
Content
  • Module 1: Diving Deep in Web Application Architecture
    • 1.1 Understanding the MVC Components
    • 1.2 Developing a custom MVC using the FastAPI Framework
    • 1.3 Developing a File-based PHP application with Nginx
    • 1.4 Java Servlets and JSPs
    • 1.5 Adjusting modern SPA with Node.js Express Backend
  • Module 2: Introduction to Container Technology
    • 2.1 Playing with Docker Containers
    • 2.2 Containerizing our custom-developed MVC
  • Module 3: Authentication and Authorization
    • 3.1 How Identity Management Systems (IDM) helps in AuthN/AuthZ
    • 3.2 Demonstrating JWTs
    • 3.3 Stateless vs Stateful Authentication Mechanisms
  • Module 4: Vulnerability Analysis
    • 4.1 SQL Injection (SQLi)
      • 4.1.1 Analysing SQL Injection code scenarios in Java, Python, and JS Applications
      • 4.1.2 Using Parameterization
      • 4.1.3 Introduction to Object-relational mapping (ORM)
      • 4.1.4 Creating Models in SQLAlchemy
    • 4.2 Server-Side Request Forgery
      • 4.2.1 Types of SSRF
      • 4.2.2 Leak all of the file system content using SSRF
      • 4.2.3 Enumerate the full network using SSRF
    • 4.3 Server-side template Injection
      • 4.3.1 Analyzing SSTI code scenarios in Jinja, Thymleaf, and Nunjunks
      • 4.3.2 Crafting our Proper Payloads
      • 4.3.3 Using Template Variables to Mitigate the Vulnerability
    • 4.4 JWT Attacks
      • 4.4.1 Algorithm Confusion Attack
      • 4.4.2 Forging JWTs through Hosting Remote JWKs
      • 4.4.3 Using Path Traversal Vulnerability to Forge JWTs
    • 4.5 Insecure Deserialization
      • 4.5.1 Introduction to Serialization
      • 4.5.2 Analyzing Code Level Deserializations in Java Applications
      • 4.5.3 Extending the ObjectInputStream to create a dynamic validator
      • 4.5.4 Analyzing Python Pickles
      • 4.5.5 The Ysoserial Lab
    • 4.6 Race Conditions
      • 4.6.1 Introduction to Race Conditions
      • 4.6.2 Limit Overrun Race Conditions
      • 4.6.3 Preventing Race Conditions
Channel & Duration
  • Online, live training
  • 60 hours
Need more information?
Let’s Chat