English | Size: 5.41 GB
Genre: eLearning
Full syllabus:
Day 1 – Recon
Recon Part 1: Recon Concepts
Introduction to Recon
Recon Part 2: Acquisitions and Domains
Scope
Shodan
ASN Analysis
Crunchbase ++
ReconGTP
Reverse WHOIS
Certificate Analysis
Add and Analytics Relationships
Supply chain investigation and SaaS
Google-fu (trademark & Priv Pol)
TLDs Scanning
0365 Enumeration for Apex Domains
Recon Part 3: Subdomain Enumeration
Subdomain Scraping (all the best sources and why to use them)
Security Trails + Netlas
Brute force
Wildcards
Permutation Scanning
Linked Discovery
Wordlists
Advantageous Subs (WAF bypass – Origins)
Favicon analysis
Sub sub domains
Esoteric techniques
Dnssec / nsec / nsec3 walking
Recon Part 4: Server & App Level Analysis
Port Scanning
Service Bruteforce
Tech Stack
Screenshotting
Recon Part 5: Profiling People for Social Engineering
Linkedin (people, tech)
Hunter.io
Hiring Sites
Recon Part 6: Recon Adjacent Vulnerability Analysis
CVE scanners vs Dynamic Analysis
Subtakover
S3 buckets
Quick Hits (swagger, .git, configs, panel analysis)
Recon Part 7: Recon Frameworks and Helpers
Frameworks
Understanding your framework
Tips for success (keys)
Distribution and Stealth
Day 2 – Application Analysis
Application Analysis Part 1: Analysis Concepts
Indented usage (not holistic, contextual)
Analysis Layers
Application Layers as related to success.
Tech profiling
The Big Questions
Change monitoring
Application Analysis Part 2: Vulnerability Automation
More on CVE and Dynamic Scanners
Dependencies
Early running so you can focus on manual.
Secrets of automation kings
Application Analysis Part 3: Content Discovery
Intro to CD (walking, brute/fuzz, historical, JS, spider, mobile, params)
Importance of walking the app
Bruteforce Tooling
Bruteforce Tooling Lists: based on tech
Bruteforce Tooling Lists: make your own (from-install, dockerhub, trials, from word analysis)
Bruteforce Tooling Lists: generic/big
Bruteforce Tooling Lists: quick configs
Bruteforce Tooling Lists: API
Bruteforce Tooling Tips: Recursion
Bruteforce Tooling Tips: sub as path
Bruteforce Tooling Tips: 403 bypass
Historical Content Discovery
Newschool JavaScript Analysis
Spidering
Mobile Content Discovery
Parameter Content Discovery
Application Analysis Part 4: The Big Questions
How does the app pass data?
How/where does the app talk about users?
Does the site have multi-tenancy or user levels?
Does the site have a unique threat model?
Abuse Primitives
Has there been past security research & vulns?
How does the app handle common vuln classes?
Where does the app store data?
Application Analysis Part 5: Application Heat Mapping
Common Issue Place: Upload functions
Common Issue Place: Content type multipart-form
Common Issue Place: Content type XML / JSON
Common Issue Place: Account section and integrations
Common Issue Place: Errors
Common Issue Place: Paths/URLs passed in parameters
Common Issues Place: chatbots
Application Analysis Part 6: Web Fuzzing & Analyzing Fuzzing Results
Parameters and Paths (generic fuzzing)
Reducing Similar URLs
Dynamic only fuzzing
Fuzzing resources SSWLR – “Sensitive Secrets Were Leaked Recently”
Backslash powered Scanner
Application Analysis Part 7: Introduction to Vulnerability Types
Indented usage (not holistic. Tips and Contextual)
Covered vulns and why
Application Analysis Part 8: XSS Tips and Tricks
Stored and Reflected
Polyglots
Blind
DOM
Common Parameters
Automation and Tools
Application Analysis Part 9: IDOR Tips and Tricks
IDOR, Access, Authorization, MLAC, Direct browsing Business logic, parameter manipulation
Numeric IDOR
Identifying user tokens GUID IDOR
Common Parameters
Application Analysis Part 10: SSRF Tips and Tricks
SSRF intro
schemas
Alternate IP encoding
Common Parameters
Application Analysis Part 11: XXE
Common areas of exploitation
Payloads
Common Parameters
Application Analysis Part 12: File Upload Vulnerabilities Tips and Tricks
Common bypasses
Common Parameters
Application Analysis Part 13: SQL Injection Tips and Tricks
Manual Identification
SQLmap tamper
Common Parameters
Application Analysis Part 14: Command Injection Tips and Tricks
Common Parameters
Application Analysis Part 15: COTS and Framework Scanning
Default Creds
CMS’s WordPress + Adobe Experience Manager
Others
Application Analysis Part 16: Bypass of security controls
Subdomains where controls are not applied
Origins
TLDs (.jp, .uk, .xx)
Red Team Analysis
Red Teaming Analysis Part 1: Initial Access Primer
Phishing Tips and Tricks
Threat Intel + Levels
Credential Stuffing
Open discussion of C2
SaaS
Cloud
Red Teaming Analysis Part 2: Post Initial Access
Open Discussion of common internal methods to succeed
Attendees should have:
Burp Suite (PRO preferably), VM or equivalent access to *nix command line.
Pre-requisites for attendees: General Web application and network security testing knowledge required. Some topics will assume some knowledge of OWASP Top Ten type vulnerabilities and previous experience.
A full list of tools needed will be posted in the class discord before class.
rapidgator.net/file/4716d50b991f09ba386cf7774318ddf7/Bug-Hunters-Methodology.part1.rar.html
rapidgator.net/file/6bdd89e71c9650f41266ceafc84224e5/Bug-Hunters-Methodology.part2.rar.html
rapidgator.net/file/c34ea49c53a7f394450b565ed6a1b7c6/Bug-Hunters-Methodology.part3.rar.html
rapidgator.net/file/310e43e477b5ffb8081402333f9b0131/Bug-Hunters-Methodology.part4.rar.html
rapidgator.net/file/bf96ae291309d1292302fe9ed4fea227/Bug-Hunters-Methodology.part5.rar.html
rapidgator.net/file/677c9de7eb71754f089569078b2bc3d1/Bug-Hunters-Methodology.part6.rar.html
trbbt.net/dd9mo4zybk7m/Bug-Hunters-Methodology.part1.rar.html
trbbt.net/lgslshsy365i/Bug-Hunters-Methodology.part2.rar.html
trbbt.net/7okuczbw8ar3/Bug-Hunters-Methodology.part3.rar.html
trbbt.net/s436aq0ir87j/Bug-Hunters-Methodology.part4.rar.html
trbbt.net/4h23f5aivial/Bug-Hunters-Methodology.part5.rar.html
trbbt.net/gld9um7tk7a0/Bug-Hunters-Methodology.part6.rar.html
If any links die or problem unrar, send request to
forms.gle/e557HbjJ5vatekDV9