Description

Price: 10.00 USD | Size: 5.41 GB |   Duration : 16.4 Hours  | Recorded 2 days Live Class | Bonus : bug bounty PDF Guides

BRAND: Expert TRAINING | ENGLISH | INSTANT DOWNLOAD |  4.9

Full syllabus:

Day 1 – Recon

Recon Part 1: Recon Concepts

• Introduction to Recon

Recon Part 2: Acquisitions and Domains

• Scope
• Shodan
• ASN Analysis
• Crunchbase ++
• ReconGTP
• Reverse WHOIS
• Certificate Analysis
• Add and Analytics Relationships
• Supply chain investigation and SaaS
• Google-fu (trademark & Priv Pol)
• TLDs Scanning
• 0365 Enumeration for Apex Domains

Recon Part 3: Subdomain Enumeration

• Subdomain Scraping (all the best sources and why to use them)
• Security Trails + Netlas
• Brute force
• Wildcards
• Permutation Scanning
• Linked Discovery
• Wordlists
• Advantageous Subs (WAF bypass – Origins)
• Favicon analysis
• Sub sub domains
• Esoteric techniques
• Dnssec / nsec / nsec3 walking

Recon Part 4: Server & App Level Analysis

• Port Scanning
• Service Bruteforce
• Tech Stack
• Screenshotting

Recon Part 5: Profiling People for Social Engineering

• Linkedin (people, tech)
• Hunter.io
• Hiring Sites

Recon Part 6: Recon Adjacent Vulnerability Analysis

• CVE scanners vs Dynamic Analysis
• Subtakover
• S3 buckets
• Quick Hits (swagger, .git, configs, panel analysis)

Recon Part 7: Recon Frameworks and Helpers

• Frameworks
• Understanding your framework
• Tips for success (keys)
• Distribution and Stealth

Day 2 – Application Analysis

Application Analysis Part 1: Analysis Concepts

• Indented usage (not holistic, contextual)
• Analysis Layers
• Application Layers as related to success.
• Tech profiling
• The Big Questions
• Change monitoring

Application Analysis Part 2: Vulnerability Automation

• More on CVE and Dynamic Scanners
• Dependencies
• Early running so you can focus on manual.
• Secrets of automation kings

Application Analysis Part 3: Content Discovery

• Intro to CD (walking, brute/fuzz, historical, JS, spider, mobile, params)
• Importance of walking the app
• Bruteforce Tooling
• Bruteforce Tooling Lists: based on tech
• Bruteforce Tooling Lists: make your own (from-install, dockerhub, trials, from word analysis)
• Bruteforce Tooling Lists: generic/big
• Bruteforce Tooling Lists: quick configs
• Bruteforce Tooling Lists: API
• Bruteforce Tooling Tips: Recursion
• Bruteforce Tooling Tips: sub as path
• Bruteforce Tooling Tips: 403 bypass
• Historical Content Discovery
• Newschool JavaScript Analysis
• Spidering
• Mobile Content Discovery
• Parameter Content Discovery

Application Analysis Part 4: The Big Questions

• How does the app pass data?
• How/where does the app talk about users?
• Does the site have multi-tenancy or user levels?
• Does the site have a unique threat model?
• Abuse Primitives
• Has there been past security research & vulns?
• How does the app handle common vuln classes?
• Where does the app store data?

Application Analysis Part 5: Application Heat Mapping

• Common Issue Place: Upload functions
• Common Issue Place: Content type multipart-form
• Common Issue Place: Content type XML / JSON
• Common Issue Place: Account section and integrations
• Common Issue Place: Errors
• Common Issue Place: Paths/URLs passed in parameters
• Common Issues Place: chatbots

Application Analysis Part 6: Web Fuzzing & Analyzing Fuzzing Results

• Parameters and Paths (generic fuzzing)
• Reducing Similar URLs
• Dynamic only fuzzing
• Fuzzing resources SSWLR – “Sensitive Secrets Were Leaked Recently”
• Backslash powered Scanner

Application Analysis Part 7: Introduction to Vulnerability Types

• Indented usage (not holistic. Tips and Contextual)
• Covered vulns and why

Application Analysis Part 8: XSS Tips and Tricks

• Stored and Reflected
• Polyglots
• Blind
• DOM
• Common Parameters
• Automation and Tools

Application Analysis Part 9: IDOR Tips and Tricks

• IDOR, Access, Authorization, MLAC, Direct browsing Business logic, parameter manipulation
• Numeric IDOR
• Identifying user tokens GUID IDOR
• Common Parameters

Application Analysis Part 10: SSRF Tips and Tricks

• SSRF intro
• schemas
• Alternate IP encoding
• Common Parameters