Bug Hunters Methodology

Bug Hunters Methodology
English | Tutorial | Size: 5.41 GB


Full syllabus:

Day 1 – Recon
Recon Part 1: Recon Concepts

Introduction to Recon

Recon Part 2: Acquisitions and Domains

Scope

Shodan

ASN Analysis

Crunchbase ++

ReconGTP

Reverse WHOIS

Certificate Analysis

Add and Analytics Relationships

Supply chain investigation and SaaS

Google-fu (trademark & Priv Pol)

TLDs Scanning

0365 Enumeration for Apex Domains

Recon Part 3: Subdomain Enumeration

Subdomain Scraping (all the best sources and why to use them)

Security Trails + Netlas

Brute force

Wildcards

Permutation Scanning

Linked Discovery

Wordlists

Advantageous Subs (WAF bypass – Origins)

Favicon analysis

Sub sub domains

Esoteric techniques

Dnssec / nsec / nsec3 walking

Recon Part 4: Server & App Level Analysis

Port Scanning

Service Bruteforce

Tech Stack

Screenshotting

Recon Part 5: Profiling People for Social Engineering

Linkedin (people, tech)

Hunter.io

Hiring Sites

Recon Part 6: Recon Adjacent Vulnerability Analysis

CVE scanners vs Dynamic Analysis

Subtakover

S3 buckets

Quick Hits (swagger, .git, configs, panel analysis)

Recon Part 7: Recon Frameworks and Helpers

Frameworks

Understanding your framework

Tips for success (keys)

Distribution and Stealth

Day 2 – Application Analysis
Application Analysis Part 1: Analysis Concepts

Indented usage (not holistic, contextual)

Analysis Layers

Application Layers as related to success.

Tech profiling

The Big Questions

Change monitoring

Application Analysis Part 2: Vulnerability Automation

More on CVE and Dynamic Scanners

Dependencies

Early running so you can focus on manual.

Secrets of automation kings

Application Analysis Part 3: Content Discovery

Intro to CD (walking, brute/fuzz, historical, JS, spider, mobile, params)

Importance of walking the app

Bruteforce Tooling

Bruteforce Tooling Lists: based on tech

Bruteforce Tooling Lists: make your own (from-install, dockerhub, trials, from word analysis)

Bruteforce Tooling Lists: generic/big

Bruteforce Tooling Lists: quick configs

Bruteforce Tooling Lists: API

Bruteforce Tooling Tips: Recursion

Bruteforce Tooling Tips: sub as path

Bruteforce Tooling Tips: 403 bypass

Historical Content Discovery

Newschool JavaScript Analysis

Spidering

Mobile Content Discovery

Parameter Content Discovery

Application Analysis Part 4: The Big Questions

How does the app pass data?

How/where does the app talk about users?

Does the site have multi-tenancy or user levels?

Does the site have a unique threat model?

Abuse Primitives

Has there been past security research & vulns?

How does the app handle common vuln classes?

Where does the app store data?

Application Analysis Part 5: Application Heat Mapping

Common Issue Place: Upload functions

Common Issue Place: Content type multipart-form

Common Issue Place: Content type XML / JSON

Common Issue Place: Account section and integrations

Common Issue Place: Errors

Common Issue Place: Paths/URLs passed in parameters

Common Issues Place: chatbots

Application Analysis Part 6: Web Fuzzing & Analyzing Fuzzing Results

Parameters and Paths (generic fuzzing)

Reducing Similar URLs

Dynamic only fuzzing

Fuzzing resources SSWLR – “Sensitive Secrets Were Leaked Recently”

Backslash powered Scanner

Application Analysis Part 7: Introduction to Vulnerability Types

Indented usage (not holistic. Tips and Contextual)

Covered vulns and why

Application Analysis Part 8: XSS Tips and Tricks

Stored and Reflected

Polyglots

Blind

DOM

Common Parameters

Automation and Tools

Application Analysis Part 9: IDOR Tips and Tricks

IDOR, Access, Authorization, MLAC, Direct browsing Business logic, parameter manipulation

Numeric IDOR

Identifying user tokens GUID IDOR

Common Parameters

Application Analysis Part 10: SSRF Tips and Tricks

SSRF intro

schemas

Alternate IP encoding

Common Parameters

Application Analysis Part 11: XXE

Common areas of exploitation

Payloads

Common Parameters

Application Analysis Part 12: File Upload Vulnerabilities Tips and Tricks

Common bypasses

Common Parameters

Application Analysis Part 13: SQL Injection Tips and Tricks

Manual Identification

SQLmap tamper

Common Parameters

Application Analysis Part 14: Command Injection Tips and Tricks

Common Parameters

Application Analysis Part 15: COTS and Framework Scanning

Default Creds

CMS’s WordPress + Adobe Experience Manager

Others

Application Analysis Part 16: Bypass of security controls

Subdomains where controls are not applied

Origins

TLDs (.jp, .uk, .xx)

Red Team Analysis
Red Teaming Analysis Part 1: Initial Access Primer

Phishing Tips and Tricks

Threat Intel + Levels

Credential Stuffing

Open discussion of C2

SaaS

Cloud

Red Teaming Analysis Part 2: Post Initial Access

Open Discussion of common internal methods to succeed

Attendees should have:

Burp Suite (PRO preferably), VM or equivalent access to *nix command line.

Pre-requisites for attendees: General Web application and network security testing knowledge required. Some topics will assume some knowledge of OWASP Top Ten type vulnerabilities and previous experience.

A full list of tools needed will be posted in the class discord before class.

Buy Long-term Premium Accounts To Support Me & Max Speed


RAPIDGATOR
rapidgator.net/file/da472796c976d846d0c510fb672a0f86/Bug-Hunters-Methodology.part01.rar.html
rapidgator.net/file/5d7570f83f582947326ffeba1e6cb498/Bug-Hunters-Methodology.part02.rar.html
rapidgator.net/file/ff8b079aaa30c4504f7cc8b158c0e3a8/Bug-Hunters-Methodology.part03.rar.html
rapidgator.net/file/da5b6d60b701bf0d849effab817548ef/Bug-Hunters-Methodology.part04.rar.html
rapidgator.net/file/90faf60ba7fcb2f1870a4917350cc569/Bug-Hunters-Methodology.part05.rar.html
rapidgator.net/file/027bf2e0f286d26e1fa60c0a7248e5c2/Bug-Hunters-Methodology.part06.rar.html
rapidgator.net/file/f9091f920a5ee2de3b082d4949b763ee/Bug-Hunters-Methodology.part07.rar.html
rapidgator.net/file/69b601d34e72abee984a3c39bdbaafac/Bug-Hunters-Methodology.part08.rar.html
rapidgator.net/file/c0144c7dbfb66cf7295b4f821a8abf4b/Bug-Hunters-Methodology.part09.rar.html

TURBOBIT
turbobit.net/a5b2c3r3ibet/Bug-Hunters-Methodology.part01.rar.html
turbobit.net/nkme6sm4quym/Bug-Hunters-Methodology.part02.rar.html
turbobit.net/7tlzahbhblzb/Bug-Hunters-Methodology.part03.rar.html
turbobit.net/gwf4b0y2oy9z/Bug-Hunters-Methodology.part04.rar.html
turbobit.net/ndh76nw3n7m4/Bug-Hunters-Methodology.part05.rar.html
turbobit.net/c3tjxbc9anrp/Bug-Hunters-Methodology.part06.rar.html
turbobit.net/ux9ec0ep42cv/Bug-Hunters-Methodology.part07.rar.html
turbobit.net/yxtwiv69132k/Bug-Hunters-Methodology.part08.rar.html
turbobit.net/g3wfldqvor45/Bug-Hunters-Methodology.part09.rar.html

If any links die or problem unrar, send request to goo.gl/aUHSZc

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.