Mastering the black magic of command injection attacks

This is a 45′ hands-on workshop, which will target any kind of infosec enthusiasts to learn –in depth– about command injection and exploitation techniques (via commix tool [1]), based on commix-testbed’s [2] attack scenarios.

What workshop attendees should bring with them: A laptop with a virtualization software (i.e VMware [3], Virtualbox [4] etc) and two VMs (virtual machines) pre-installed. The first VM will be the attacker’s machine (i.e Kali Linux [5]) and the second one the target host (a debian server [6] is recommended) in which (in “/var/www/html” directory) the contents of commix-testbed [2] should be installed.

What workshop attendes should have: Basic knowledge of Web and Linux OS commands.

What not to expect about this workshop: Becoming a “hacker” overnight. Use the knowledge gained in the workshop to start identifying / exploiting command injection flaws and sharpen your skills.
[1] https://github.com/stasinopoulos/commix
[2] https://github.com/stasinopoulos/commix-testbed
[3] http://www.vmware.com/
[4] https://www.virtualbox.org/wiki/Downloads
[5] https://www.kali.org/downloads/
[6] https://www.debian.org/distrib/