09.05.2024, 10:01
One Stop Hacking Marathon Oscp-Defensive-Cloud-Bug Bounty
Published 2/2024
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 27.33 GB | Duration: 49h 24m
Become a Cybersecurity Pro:- OSCP, Active Directory Mastery, Cloud Security, Defensive, Mobile and Bug Bounty Expertise
What you'll learn
OSCP Prep Methodology
Bug Bounty Advance and Live Bug Bounty Sessions
Passive Information Gathering
Host And Nmap
SMB Enumeration
SMTP Enumeration
SNMP Enumeration
Web Application Assessment Tools
Web Attacks
Shells
Locating Public Exploits
Cracking SSH , RDP and WEB
Password Cracking
Windows Privilege Escalation
Situational Awareness
Hidden In Plain View
Goldmine AKA Powershell
Automated Enumeration
Leveraging Windows Services
DLL Hijacking
Scheduled Tasks
SeImpersonate Privilege
SeBackup Privilege
UAC Attack
Always Elevated
GPO Edit
Tools For Windows Privilege Escalation
Enumerating Linux
Automated Enumeration
Abusing Password Authentication
Abusing Binaries And Sudo
Exploiting Kernel Vulnerabilities
Exploiting Cron Jobs
Port Redirection And Tunneling
Ligolo NG
Chisel
SSH Tunneling
HTTP Tunneling
Active Directory Manual Enumeration
Active Directory Automatic Enumeration
LDAP Search
Active Directory Hacking
Cached AD Credentials
Password Attacks
AS-REP Roasting
Lateral Movement
Impacket Tools
Others Tools For Active Directory
File Transfer Linux-Linux
File Transfer Linux -Windows
Bug Bounty Automation
ReconFTW
NucleiFuzzer
Magic Recon
Subzy
SocialHunter
Authentication bypass via OAuth implicit flow
SSRF via OpenID dynamic client registration
Forced OAuth profile linking
OAuth account hijacking via redirect_uri
Stealing OAuth access tokens via an open redirect
Stealing OAuth access tokens via a proxy page
Remote code execution via web shell upload
Web shell upload via Content-Type restriction bypass
Web shell upload via path traversal
Web shell upload via extension blacklist bypass
Clickjacking And Its Bounty
Web shell upload via obfuscated file extension
Remote code execution via polyglot web shell upload
Web shell upload via race condition
TXT Records and Github Recon
Early Recon for a Web Application
Hacking Windows Server Using Eternal Blue
Ligolo-ng For Tunneling
Getting Hold Of Enum and Ways
Cached AD Credentials
Password Attacks For Active Directory
Lateral Movement For Active Directory
File Transfer Linux-Linux
File Transfer Windows-Linux
Meaning Of API
Security Mechanism Of API
IDOR and severity levels
No Rate Limit On Registration
No Rate Limit On Login
No Rate Limit On Contact Us Page
No Rate Limit On Redeem Page
No Rate Limit On Invite Link
Using Default Credentials
Infotainment, Radio Head Unit PII Leakage
RF Hub Key Fob Cloning
Misconfigured DNS High Impact Subdomain Takeover
OAuth Misconfiguration Account Takeover
Infotainment, Radio Head Unit OTA Firmware Manipulation
Misconfigured DNS Basic Subdomain Takeover
Mail Server Misconfiguration No Spoofing Protection on Email Domain
Misconfigured DNS Zone Transfer
Mail Server Misconfiguration Email Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain
Database Management System (DBMS) Misconfiguration Excessively Privileged User / DBA
Lack of Password Confirmation Delete Account
No Rate Limiting on Form Email-Triggering
No Rate Limiting on Form SMS-Triggering
Exploiting Linux Machine With ShellShock
Exploiting Linux with dev shell and Privesc with cronjob
Basic password reset poisoning
Host header authentication bypass
Web cache poisoning via ambiguous requests
Broken Link HIjacking
HTTP By Default
HTTPS and HTTP Both Available
Improper Cache Control
Token Is Invalidated After Use On Registration
Token Is Invalidated After Use On Login
Token Is Invalidated After Use On Forgot Password
Token Is Invalidated After Use On Invite
Token Is Invalidated After Use On Coupon
Token Is Invalidated After Use On Collaboration
Introduction To Defensive Security
Overview of Cyber Security
Importance of Defensive Security
OSI Model
TCP/IP Basics
Subnetting
Interface And Cables
Security Fundamentals
Introduction to Mobile App Pentesting
Mobile App Pentesting Process
Practical:Reconnaissance on a target
Understanding the Android Architecture
Introducing android apps building blocks
Understanding Reverse Engineering
Performing lab setup on windows
Performing lab setup on kali linux
Performing lab setup on MAC
Setting up Emulator on Android studio
Setup for physical device
Pulling apk from playstore
Introduction to injured android
What to look at in AndroidManifest xml file
RCE In CSE-Webstore
HTML Email Injection
Token Leaked In Response
External Authentication Injection
Cleartext Transmission Of Session Token
Account Lockout Bypass
Token Leakage Via 3rd Party Referrer
CRLF To XSS
Clipboard Enabled
DoS To Owner
No Secure Integrity Check
Privacy Concern
Iframe Injection
Session Fixation
Wifi SSID + Password
Source Code Credential Storage
Cyber Security Quiz
Target Finding Methadology
Performing Static Analysis
Applying Static Analysis To Get Some Flags
Exploiting Storage Buckets
Exploiting Firebase Database
Understanding SSL Pinning
Using Burpsuite For Intercepting Traffic
Using Proxyman For Intercepting Traffic
Automation For Patching Applications
Manual Patching Of Applications
Understanding Broadcast Receiver
Decryption Using Frida
Understanding Sqlite databases In An Application
Performing Unicode Collision
Deeplinks And Binary Analysis
Using HTML To Generate Deep links(RCE)
Assembly Language And Shared Objects
DIVA Application
AndroGoat Application
Introduction To iOS
Automated Analysis Using MobSF
Introduction To Defensive Security
Overview of Cyber Security
Importance of Defensive Security
OSI Model
TCP/IP Basics
Subnetting
Lab Setup For Defensive
Interface And Cables
Security Fundamentals
Practical on Packet Tracer
Standard ACLs
Extended ACLs
Working Layer of Protocols
Wireshark And Nmap
Protocols and Ports
Compliance and Standards
Incident Response And Management
Risk Management
Firewall v/s IDP v/s IPS
SIEM
Windows and Linux Fundamentals
Countermeasure
Introduction To AWS Security
Monitoring & Logging in AWS
Overview About AWS CloudWatch & Guard Duty
Security Reference Architecture
AWS Config Theory
Log Analysis In Cloudwatch And Cloudtrail
Unauthorized Activity
Incident Response
Event Bridge
Overview About AWS Inspector & Defender
AWS Configuration Practicals Overview
CloudWatch Practical Overview
EventBridge Practical Overview
Amazon SNS Practical Overview
CloudTrail Practical Overview
AWS Shared Responsibility Model
Introduction To Owasp Top 10
A01 - Broken Access Control
A02 - Cryptographic Failures
A03 - Injections
A04 - Insecure Design
A05 - Security Misconfigurations
A06 - Vulnerable & Outdated Componenets
A07 - Identification & Authorization Failures
A08 - Software & Data Integrity Issues
A09 - Security Logging & Monitoring Failures
A10 - SSRF
Securing Layered Web Architecture In AWS
Best Practices To Secure Layered Web Application
Edge Security Design
DDOS Attack Overview & AWS Shield Introduction
Best Practices for DDOS Protection
Designing Secure Isolated Network Architecture
Gateways & Traffic Monitoring Concept In VPC
Difference In Security Group & NACL
AWS Firewall Tools Stack Overview
Common Use Cases of Edge Security Strategy
AWS Hybrid Network Security
Building AWS Hybrid Network Security Architecture
Reachability Analysis In AWS
Host Based Security In AWS
AWS Inspector Overview
Hardening Concept Overview
CV Making
Working Of IAM in AWS
Users in AWS IAM
Roles in AWS IAM
Policies in AWS IAM
Best Practices in AWS IAM
Introduction to Access Control Concept in AWS IAM
Overview about RBAC & ABAC access control
Separation of Duties Concept in AWS
Deployment of SOD in AWS
Active Directory in AWS
AWS Managed Active Directory
AD Connector in AWS
Scalable System Design to Access AWS Resources
Requirements
Basic Bug Bounty Knowledge
Basic Linux Knowledge
Learning Approach
High Sitting Hours
PC with minimum 8GB RAM
Scripting Knowledge
Description
Special Sections:-1. Cyber Talks2. Live Bug Bounty3. Frauds In Bug Bounty4. Mobile App Pentesting5. Cloud Security6. Defensive SecurityCourse Description:Overview: In the ever-evolving landscape of cybersecurity, staying ahead of threats and vulnerabilities is crucial. This comprehensive course combines three of the most sought-after certifications in the field Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), and Bug Bounty Mastery into one intensive program. With hands-on practical labs, real-world scenarios, and expert instruction, you'll not only prepare for these certifications but also gain the skills and confidence to excel in a competitive cybersecurity careerCourse Highlights:OSCP Preparation: Mastering Offensive SecurityDive deep into penetration testing, ethical hacking, and advanced exploitation techniquesLearn to identify, exploit, and secure vulnerabilities in various systemsNavigate through the intricacies of Metasploit, Nmap, and Burp SuiteGain hands-on experience with a wide range of targets in a controlled lab environmentCEH Certification: Ethical Hacking at its BestUnderstand the ethical hacker's mindset and approach to safeguarding systemsExplore the latest hacking tools, techniques, and methodologiesDiscover the intricacies of network scanning, enumeration, and vulnerability analysisPractice ethical hacking in virtual environments, simulating real-world scenariosBug Bounty Mastery: Hunt, Hack, and SecureUncover the secrets of bug hunting and responsible disclosureHunt for vulnerabilities in popular web applications and networksLearn to write effective and professional vulnerability reportsParticipate in a bug bounty program with real rewards and recognitionHands-On Experience: Gain practical experience through realistic labs and scenariosExpert Instruction: Learn from certified cybersecurity professionals with real-world experienceCareer Advancement: Enhance your career prospects and earning potential in the cybersecurity fieldBug Bounty Opportunities: Get a head start in the lucrative world of bug bounty huntingCommunity: Join a community of like-minded individuals and network with experts in the fieldWho Should Attend:Aspiring ethical hackers and penetration testersCybersecurity enthusiasts seeking to enter the fieldIT professionals looking to advance their career in cybersecurityAnyone interested in bug bounty hunting and responsible disclosurePrerequisites:Basic understanding of computer networks and operating systems.Familiarity with Linux command-line usage is beneficial but not mandatoryA strong desire to learn and a passion for cybersecurityInvest in Your Future: Advance your career in cybersecurity by enrolling in this transformative course. Gain the knowledge, skills, and certifications you need to excel in this dynamic and high-demand field. Don't miss this opportunity to become a cybersecurity expert and open doors to exciting and lucrative career opportunities.Join us on a journey to mastering OSCP Prep, Cloud, Defensive,CEH, Mobile App and Bug Bounty while honing your skills in a practical, real-world environment. Enroll today and secure your future in cybersecurity!Note: Course content and structure may be subject to updates and improvements to ensure alignment with the latest industry trends and standards.
Overview
Section 1: Introduction
Lecture 1 Introduction
Lecture 2 Software And Tools Required
Lecture 3 Topics To Be Covered For CEH ,OSCP Prep and Bug Bounty
Lecture 4 Words Of Caution
Section 2: Passive Information Gathering
Lecture 5 Passive Information Gathering
Section 3: Active Information Gathering
Lecture 6 Host And Nmap
Lecture 7 SMB Enumeration
Lecture 8 SMTP Enumeration
Lecture 9 SNMP Enumeration
Section 4: Recon Labs Practise
Lecture 10 Early Recon for a Web Application
Lecture 11 TXT Records and Github Recon
Section 5: Web Application Assessment Tools
Lecture 12 Useful Tools
Section 6: Web Attacks
Lecture 13 Web Attacks
Section 7: Shells
Lecture 14 shells
Section 8: Locating Public Exploits
Lecture 15 Use of tools
Section 9: Password Attacks
Lecture 16 Cracking for ssh rdp and web
Lecture 17 Password Cracking
Section 10: Windows Privilege Esclation
Lecture 18 Situational Awareness
Lecture 19 Hidden In Plain View
Lecture 20 Powershell Gold Mine
Lecture 21 Automated Enumeration
Lecture 22 Leveraging Windows Services
Lecture 23 DLL Hijacking
Lecture 24 Scheduled Tasks
Lecture 25 SeImpersonatePrivilege
Lecture 26 SeBackup Privilege
Lecture 27 UAC Attack
Section 11: Linux Privilege Escalation
Lecture 28 Enumerating Linux
Lecture 29 Automated Enumeration
Lecture 30 Abusing Password Authentication
Lecture 31 Abusing Binaries And Sudo
Lecture 32 CronJob
Section 12: Port Redirection and Tunneling
Lecture 33 Ligolo-ng
Section 13: Active Directory
Lecture 34 Getting Hold Of Enum and Ways
Section 14: Active Directory Hacking
Lecture 35 Cached AD Credentials
Lecture 36 Password Attacks
Lecture 37 AS-REP Roasting
Lecture 38 Lateral Movement
Section 15: File Transfer
Lecture 39 Linux-Linux
Lecture 40 Linux-Windows
Section 16: Practise Labs
Lecture 41 Hacking Windows Server Using Eternal Blue
Lecture 42 Access Using Wp-Scan
Lecture 43 Exploiting Linux With Shellshock Vulnerability
Lecture 44 Linux Hacking with dev shell and privesc with cronjob
Lecture 45 RCE In CSE-Webstore
Section 17: Bug Bounty Automation
Lecture 46 Most Asked Questions About Automation
Lecture 47 reconftw
Lecture 48 nucleifuzzer
Lecture 49 Magic Recon
Lecture 50 SocialHunter
Section 18: Bug Hunting
Lecture 51 Bug Bounty Methadology
Lecture 52 Meaning Of API and Purposes
Lecture 53 Security Mechanism Of API
Lecture 54 IDOR and Severity Levels
Lecture 55 Rate Limit Bugs
Lecture 56 Security Misconfiguration Bugs
Lecture 57 Authentication bypass via OAuth implicit flow
Lecture 58 SSRF via OpenID dynamic client registration
Lecture 59 Forced OAuth profile linking
Lecture 60 OAuth account hijacking via redirect_uri
Lecture 61 Stealing OAuth access tokens via an open redirect
Lecture 62 Stealing OAuth access tokens via a proxy page
Lecture 63 Basic password reset poisoning
Lecture 64 Host header authentication bypass
Lecture 65 Web cache poisoning via ambiguous requests
Lecture 66 Delete Account Without Password
Lecture 67 Broken Link Hijacking
Lecture 68 HTTP and HTTPS Bugs
Lecture 69 Improper Cache Control
Lecture 70 Token Is Invalidated After Use
Lecture 71 Weak Registration and Weak Password Implementation
Lecture 72 SubdomainTakeover Bugs
Lecture 73 Application DOS Bugs
Lecture 74 No Password Policy
Lecture 75 Exif Geo-Location Bugs
Lecture 76 Missing SPF DMARC
Lecture 77 Mass Assignment
Lecture 78 CORS
Lecture 79 Varnish Cache Bugs
Lecture 80 Adobe and Soap Misconfig Bugs
Lecture 81 WAF Bypass
Lecture 82 2FA Bypass
Lecture 83 Open Redirect
Lecture 84 Weak Cipher Suites
Lecture 85 Information Disclosure
Lecture 86 CSRF
Lecture 87 Business Logic Bugs
Lecture 88 Captcha Bypass
Lecture 89 Remote code execution via web shell upload
Lecture 90 API Authorization
Lecture 91 Web shell upload via Content-Type restriction bypass
Lecture 92 Web shell upload via path traversal
Lecture 93 API Authentication
Lecture 94 Web shell upload via extension blacklist bypass
Lecture 95 Clickjacking And Its Bounty
Lecture 96 Web shell upload via obfuscated file extension
Lecture 97 Remote code execution via polyglot web shell upload
Lecture 98 Web shell upload via race condition
Lecture 99 Failure To Invalidate Session On Logout Or Password Change
Lecture 100 HTML Email Injection
Lecture 101 Token Leaked In Response
Lecture 102 External Authentication Injection
Lecture 103 Cleartext Transmission Of Session Token
Lecture 104 Account Lockout Bypass
Lecture 105 Token Leakage Via 3rd Party Referrer
Lecture 106 CRLF To XSS
Lecture 107 Clipboard Enabled
Lecture 108 DoS To Owner
Lecture 109 No Secure Integrity Check
Lecture 110 Privacy Concern
Lecture 111 Iframe Injection
Lecture 112 Session Fixation
Lecture 113 Wifi SSID + Password
Lecture 114 Source Code Credential Storage
Section 19: Live Bug Bounty Session and Methodology Build
Lecture 115 Live Session 1
Lecture 116 Live Session 2
Lecture 117 Live Session 3
Lecture 118 Live Session 4
Lecture 119 Live Session 5
Section 20: Cyber Talks Regarding Bug Bounty
Lecture 120 Top 10 Interesting Bugs On The List {Escalating P5 to $1000}
Lecture 121 LFI To RCE
Lecture 122 Most Asked Questions in Cyber World
Lecture 123 Personal Journey With Questions From Public
Lecture 124 Target Finding Methadology
Lecture 125 Cyber Security Quiz
Lecture 126 Cyber Security Quiz 2
Section 21: Mobile App Security
Lecture 127 Introduction To Mobile App Pentesting
Lecture 128 Mobile App Pentesting Process
Lecture 129 Practical:Reconnaissance On A Target
Lecture 130 Understanding The Android Architecture
Lecture 131 Introducing Android Apps Building Blocks
Lecture 132 Understanding Reverse Engineering
Lecture 133 Performing Lab Setup On Windows
Lecture 134 Performing Lab Setup On Kali Linux
Lecture 135 Performing Lab Setup On MAC
Lecture 136 Setting Up Emulator On Android Studio
Lecture 137 Setup For Physical Device
Lecture 138 Pulling Apk From Playstore
Lecture 139 Practical: Introduction To Injured Android
Lecture 140 Performing Static Analysis
Lecture 141 Practical: Applying Static Analysis To Get Some Flags
Lecture 142 Practical: Exploiting Storage Buckets
Lecture 143 Practical: Exploiting Firebase Database
Lecture 144 Understanding SSL Pinning
Lecture 145 Practical: Using Burpsuite For Intercepting Traffic
Lecture 146 Practical: Using Proxyman For Intercepting Traffic
Lecture 147 Practical: Automation For Patching Applications
Lecture 148 Practical:Manual Patching Of Applications(Part 1)
Lecture 149 Practical:Manual Patching Of Applications(Part 2)
Lecture 150 Practical: Understanding Broadcast Receiver
Lecture 151 Practical: Decryption Using Frida
Lecture 152 Practical: Understanding Sqlite databases In An Application
Lecture 153 Practical: Performing Unicode Collision
Lecture 154 Practical:Deeplinks And Binary Analysis
Lecture 155 Practical:Using HTML To Generate Deep links(RCE)
Lecture 156 Practical:Assembly Language And Shared Objects
Lecture 157 Practical: DIVA Application
Lecture 158 Practical:AndroGoat Application
Lecture 159 Introduction To iOS
Lecture 160 Tools And Their Setup For iOS Pentesting
Lecture 161 Manual Static Analysis
Lecture 162 Automated Analysis Using MobSF
Lecture 163 Dynamic Analysis
Section 22: Defensive Security, Risk Mitigations and Compliances
Lecture 164 Introduction To Defensive Security
Lecture 165 Overview of Cyber Security
Lecture 166 Importance of Defensive Security
Lecture 167 OSI Model
Lecture 168 TCP/IP Basics
Lecture 169 Subnetting (Part 1)
Lecture 170 Subnetting (Part 2)
Lecture 171 Subnetting (Part 3)
Lecture 172 Subnetting (Part 4)
Lecture 173 Lab Setup
Lecture 174 Interface And Cables
Lecture 175 Security Fundamentals
Lecture 176 Practical on Packet Tracer (Part 1)
Lecture 177 Practical on Packet Tracer (Part 2)
Lecture 178 Practical on Packet Tracer (Part 3)
Lecture 179 Practical on Packet Tracer (Part 4)
Lecture 180 Standard ACLs (Part 1)
Lecture 181 Standard ACLs (Part 2)
Lecture 182 Extended ACLs
Lecture 183 Working Layer of Protocols
Lecture 184 Wireshark
Lecture 185 Nmap (Part 1)
Lecture 186 Nmap (Part 2)
Lecture 187 Protocols and Ports
Lecture 188 Compliance and Standards
Lecture 189 Incident Response And Management
Lecture 190 Risk Management
Lecture 191 Tools
Lecture 192 Firewall v/s IDP v/s IPS
Lecture 193 SIEM
Lecture 194 Windows and Linux Fundamentals
Lecture 195 Countermeasure (Part 1)
Lecture 196 Countermeasure (Part 2)
Lecture 197 Countermeasure (Part 3)
Section 23: Cloud Security
Lecture 198 Introduction To AWS Security
Lecture 199 Incident Response
Lecture 200 Event Bridge
Lecture 201 Unauthorized Activity
Lecture 202 AWS Config Theory
Lecture 203 AWS Configuration Practicals Overview
Lecture 204 Monitoring & Logging in AWS
Lecture 205 Overview About AWS CloudWatch & Guard Duty
Lecture 206 Overview About AWS Inspector & Defender
Lecture 207 Log Analysis In Cloudwatch And Cloudtrail
Lecture 208 CloudWatch Practical Overview
Lecture 209 EventBridge Practical Overview
Lecture 210 Amazon SNS Practical Overview
Lecture 211 CloudTrail Practical Overview
Lecture 212 Security Reference Architecture
Lecture 213 AWS Shared Responsibility Model
Lecture 214 Introduction To Owasp Top 10
Lecture 215 A01 - Broken Access Control
Lecture 216 A02 - Cryptographic Failures
Lecture 217 A03 - Injections
Lecture 218 A04 - Insecure Design
Lecture 219 A05 - Security Misconfigurations
Lecture 220 A06 - Vulnerable & Outdated Componenets
Lecture 221 A07 - Identification & Authorization Failures
Lecture 222 A08 - Software & Data Integrity Issues
Lecture 223 A09 - Security Logging & Monitoring Failures
Lecture 224 A10 - SSRF
Lecture 225 Securing Layered Web Architecture In AWS
Lecture 226 Best Practices To Secure Layered Web Application
Lecture 227 Edge Security Design
Lecture 228 DDOS Attack Overview & AWS Shield Introduction
Lecture 229 Best Practices for DDOS Protection
Lecture 230 Designing Secure Isolated Network Architecture
Lecture 231 Gateways & Traffic Monitoring Concept In VPC
Lecture 232 Difference In Security Group & NACL
Lecture 233 AWS Firewall Tools Stack Overview
Lecture 234 Common Use Cases of Edge Security Strategy
Lecture 235 AWS Hybrid Network Security
Lecture 236 Building AWS Hybrid Network Security Architecture
Lecture 237 Reachability Analysis In AWS
Lecture 238 Host Based Security In AWS
Lecture 239 AWS Inspector Overview
Lecture 240 Hardening Concept Overview
Lecture 241 Working Of IAM in AWS
Lecture 242 Users in AWS IAM
Lecture 243 Roles in AWS IAM
Lecture 244 Policies in AWS IAM
Lecture 245 Best Practices in AWS IAM
Lecture 246 Introduction to Access Control Concept in AWS IAM
Lecture 247 Overview about RBAC & ABAC access control
Lecture 248 Separation of Duties Concept in AWS
Lecture 249 Deployment of SOD in AWS
Lecture 250 Active Directory in AWS
Lecture 251 AWS Managed Active Directory
Lecture 252 AD Connector in AWS
Lecture 253 Scalable System Design to Access AWS Resources
Section 24: More learnings
Lecture 254 CV Making
Section 25: Regards
Lecture 255 Regards And Reviews
OSCP Prep,Cloud Security,Defensive Security,Mobile App Pentesting,Bug Bounty Advance,CEH,Active Directory,Linux Commands
Homepage