SEC-T - 0x10sion

10-13th of September 2024

Attacking and Securing APIs


This is a fully hands-on practical concentrated course on securing and attacking web and cloud APIs. APIs are everywhere nowadays: In web apps, embedded systems, enterprise apps, cloud environments and even IoT, and it is becoming increasingly necessary to learn how to defend, secure and attack API implementation and infrastructure. This training aims to engage you in creating secure modern APIs, while showing you both modern and contemporary attack vectors.

With more than 55 labs in two days, you are in for a glue-me-to-the-keyboard adventure covering:

You will learn

Course Outline

Training delivery format: full focus on hands on exercises and labs (55+) labs, with a CTF challenge and multiple questions. The labs have multiple levels to accommodate different levels and speeds of training attendees, as well as take-home labs for those interested in spending the night on the keyboard!

Students Should Bring

Student Prerequisites

The Instructor

Mohammed Aldoub is an independent security consultant and Blackhat Trainer from Kuwait, who, in his 12 years of experience, worked on creating Kuwait’s national infrastructure for PKI, cryptography, smartcards and authentication. Mohammed delivers security trainings, workshops and talks in events like Blackhat (USA,EU, Asia),DEFCON, SANS, RSA, SecTor, Infosec in the City, OPCDE, SEC-T, CyberNights around the world in places like the Netherlands, USA, Sweden, London, Czech Republic, Singapore, Dubai, Lebanon, Riyadh, Kuwait, and others. Mohammed is a member of the Training Review Board of the Blackhat conference, overseeing global training delivered there and ensuring the best quality training is delivered there. Mohammed is focusing now on APIs, secure devops, modern appsec, cloud-native security, applied cryptography, security architecture and microservices. He is the author of “barq”, the AWS post exploitation attack framework, which you can find at: and he’s also the author of Desharialize, which you can find at: Mohammed is deeply interested in malware, especially those used by state actors in the Middle East zone, where he volunteered as OWASP Kuwait’s chapter leader. You can find his twitter account at You can find his Github accout at: