
Learn to solve a CTF with Burp Suite by capturing login requests, using repeater and intercept, and manipulating cookies to bypass authentication and reveal the flag.
Learn how to use httpx to identify web services across subdomains and CIDR ranges, scan a whole net range for http/https availability, and spot misconfigurations and potential vulnerabilities.
learn to resolve subs and check status codes with httpx, perform banner grabbing to fingerprint hosts using content length and titles for recon in bug bounty contexts.
Practice manual GitHub recon to enumerate sensitive data from repositories, spotting API keys, secret keys, tokens, and config exposures, while recognizing limitations of automation and the value of manual checks.
Learn to install Kali Linux 2020.2 via kali.org, create a virtual machine, allocate 4 GB RAM and 50 GB disk, configure user and grub, and use top tools.
Learn to manage your Shodan account, check query and scan credits, verify the latest CLI version, and count results for OpenSSH or Big-IP to reveal exposed servers.
Navigate the Shodan gui to run queries, view regionally distributed results, and download csv or json data with filters like org, country, port, and cidr.
Welcome to Top 5 Tools & Techniques for Pentesting in Cyber Security Course. This course covers Top 5 Tools and approach for web application attacks and how to earn bug bounties. There is no prerequisite of prior hacking knowledge and you will be able to perform web attacks and hunt bugs on live websites and secure them.
This course is not like other hacking or penetration testing course with outdated vulnerabilities and only lab attacks.
This course will start with an understanding of each tool that is used in the industry by the experts for Penetration Testing.
This course is highly practical and is made on Tools used by professionals in the industry to give you the exact environment when you start your penetrating testing or bug hunting journey.
We will start from the basics and go till the advance of the particular tool.
This course is divided into a number of sections, each section covers how to hunt vulnerability in an ethical manner.
In Nmap, We will cover what is Nmap, Installation, Firewall Bypass Techniques, and Nmap cheatsheet.
In Burpsuite, We will cover what is Burpsuite, Installation, and We will see practical examples of How Interception Works. We will also solve a CTF based on a realtime example using burpsuite.
In Content Discovery, We will cover what is Project Discovery's Data set for subdomains and increase the scope for Bug Bounty Hunting.
We will also see tools to scope expansion wherein we can identify mass subdomains are alive, dead based on status codes, Title, etc.
In Google Hacking Database, We will cover what is GHDB, How you can hunt for sensitive files for a target, Also you will learn How to become the author of your own Google Dork.
In Shodan/Censys/Grey Noise, We will cover what is IOT Search Engines, How you can perform banner grabbing, and find out vulnerable and outdated servers running on the targets. We will also see how to use shodan search filters for better active enumeration.
In Github Recon, We will cover what is Github Recon both Automated and Manual Way. We will uncover sensitive information from Github repositories that fall under Sensitive Data Exposure as a P1 severity bug. In the Anatomy of an HTTP Request, We will cover what is an HTTP Request, What are different Headers How do they work and its significance.
With this course, you get 24/7 support, so if you have any questions you can post them in the Q&A section and we'll respond to you as soon as possible.
Notes:
This course is created for educational purposes only and all the websites I have performed attacks are ethically reported and fixed.
Testing any website which doesn’t have a Responsible Disclosure Policy is unethical and against the law, the author doesn’t hold any responsibility.