Bug Hunters Methodology
English | Tutorial | Size: 5.41 GB
Full syllabus:
Day 1 – Recon
Recon Part 1: Recon Concepts
Introduction to Recon
Recon Part 2: Acquisitions and Domains
Scope
Shodan
ASN Analysis
Crunchbase ++
ReconGTP
Reverse WHOIS
Certificate Analysis
Add and Analytics Relationships
Supply chain investigation and SaaS
Google-fu (trademark & Priv Pol)
TLDs Scanning
0365 Enumeration for Apex Domains
Recon Part 3: Subdomain Enumeration
Subdomain Scraping (all the best sources and why to use them)
Security Trails + Netlas
Brute force
Wildcards
Permutation Scanning
Linked Discovery
Wordlists
Advantageous Subs (WAF bypass – Origins)
Favicon analysis
Sub sub domains
Esoteric techniques
Dnssec / nsec / nsec3 walking
Recon Part 4: Server & App Level Analysis
Port Scanning
Service Bruteforce
Tech Stack
Screenshotting
Recon Part 5: Profiling People for Social Engineering
Linkedin (people, tech)
Hunter.io
Hiring Sites
Recon Part 6: Recon Adjacent Vulnerability Analysis
CVE scanners vs Dynamic Analysis
Subtakover
S3 buckets
Quick Hits (swagger, .git, configs, panel analysis)
Recon Part 7: Recon Frameworks and Helpers
Frameworks
Understanding your framework
Tips for success (keys)
Distribution and Stealth
Day 2 – Application Analysis
Application Analysis Part 1: Analysis Concepts
Indented usage (not holistic, contextual)
Analysis Layers
Application Layers as related to success.
Tech profiling
The Big Questions
Change monitoring
Application Analysis Part 2: Vulnerability Automation
More on CVE and Dynamic Scanners
Dependencies
Early running so you can focus on manual.
Secrets of automation kings
Application Analysis Part 3: Content Discovery
Intro to CD (walking, brute/fuzz, historical, JS, spider, mobile, params)
Importance of walking the app
Bruteforce Tooling
Bruteforce Tooling Lists: based on tech
Bruteforce Tooling Lists: make your own (from-install, dockerhub, trials, from word analysis)
Bruteforce Tooling Lists: generic/big
Bruteforce Tooling Lists: quick configs
Bruteforce Tooling Lists: API
Bruteforce Tooling Tips: Recursion
Bruteforce Tooling Tips: sub as path
Bruteforce Tooling Tips: 403 bypass
Historical Content Discovery
Newschool JavaScript Analysis
Spidering
Mobile Content Discovery
Parameter Content Discovery
Application Analysis Part 4: The Big Questions
How does the app pass data?
How/where does the app talk about users?
Does the site have multi-tenancy or user levels?
Does the site have a unique threat model?
Abuse Primitives
Has there been past security research & vulns?
How does the app handle common vuln classes?
Where does the app store data?
Application Analysis Part 5: Application Heat Mapping
Common Issue Place: Upload functions
Common Issue Place: Content type multipart-form
Common Issue Place: Content type XML / JSON
Common Issue Place: Account section and integrations
Common Issue Place: Errors
Common Issue Place: Paths/URLs passed in parameters
Common Issues Place: chatbots
Application Analysis Part 6: Web Fuzzing & Analyzing Fuzzing Results
Parameters and Paths (generic fuzzing)
Reducing Similar URLs
Dynamic only fuzzing
Fuzzing resources SSWLR – “Sensitive Secrets Were Leaked Recently”
Backslash powered Scanner
Application Analysis Part 7: Introduction to Vulnerability Types
Indented usage (not holistic. Tips and Contextual)
Covered vulns and why
Application Analysis Part 8: XSS Tips and Tricks
Stored and Reflected
Polyglots
Blind
DOM
Common Parameters
Automation and Tools
Application Analysis Part 9: IDOR Tips and Tricks
IDOR, Access, Authorization, MLAC, Direct browsing Business logic, parameter manipulation
Numeric IDOR
Identifying user tokens GUID IDOR
Common Parameters
Application Analysis Part 10: SSRF Tips and Tricks
SSRF intro
schemas
Alternate IP encoding
Common Parameters
Application Analysis Part 11: XXE
Common areas of exploitation
Payloads
Common Parameters
Application Analysis Part 12: File Upload Vulnerabilities Tips and Tricks
Common bypasses
Common Parameters
Application Analysis Part 13: SQL Injection Tips and Tricks
Manual Identification
SQLmap tamper
Common Parameters
Application Analysis Part 14: Command Injection Tips and Tricks
Common Parameters
Application Analysis Part 15: COTS and Framework Scanning
Default Creds
CMS’s WordPress + Adobe Experience Manager
Others
Application Analysis Part 16: Bypass of security controls
Subdomains where controls are not applied
Origins
TLDs (.jp, .uk, .xx)
Red Team Analysis
Red Teaming Analysis Part 1: Initial Access Primer
Phishing Tips and Tricks
Threat Intel + Levels
Credential Stuffing
Open discussion of C2
SaaS
Cloud
Red Teaming Analysis Part 2: Post Initial Access
Open Discussion of common internal methods to succeed
Attendees should have:
Burp Suite (PRO preferably), VM or equivalent access to *nix command line.
Pre-requisites for attendees: General Web application and network security testing knowledge required. Some topics will assume some knowledge of OWASP Top Ten type vulnerabilities and previous experience.
A full list of tools needed will be posted in the class discord before class.
RAPIDGATOR
rapidgator.net/file/da472796c976d846d0c510fb672a0f86/Bug-Hunters-Methodology.part01.rar.html
rapidgator.net/file/5d7570f83f582947326ffeba1e6cb498/Bug-Hunters-Methodology.part02.rar.html
rapidgator.net/file/ff8b079aaa30c4504f7cc8b158c0e3a8/Bug-Hunters-Methodology.part03.rar.html
rapidgator.net/file/da5b6d60b701bf0d849effab817548ef/Bug-Hunters-Methodology.part04.rar.html
rapidgator.net/file/90faf60ba7fcb2f1870a4917350cc569/Bug-Hunters-Methodology.part05.rar.html
rapidgator.net/file/027bf2e0f286d26e1fa60c0a7248e5c2/Bug-Hunters-Methodology.part06.rar.html
rapidgator.net/file/f9091f920a5ee2de3b082d4949b763ee/Bug-Hunters-Methodology.part07.rar.html
rapidgator.net/file/69b601d34e72abee984a3c39bdbaafac/Bug-Hunters-Methodology.part08.rar.html
rapidgator.net/file/c0144c7dbfb66cf7295b4f821a8abf4b/Bug-Hunters-Methodology.part09.rar.html
TURBOBIT
turbobit.net/a5b2c3r3ibet/Bug-Hunters-Methodology.part01.rar.html
turbobit.net/nkme6sm4quym/Bug-Hunters-Methodology.part02.rar.html
turbobit.net/7tlzahbhblzb/Bug-Hunters-Methodology.part03.rar.html
turbobit.net/gwf4b0y2oy9z/Bug-Hunters-Methodology.part04.rar.html
turbobit.net/ndh76nw3n7m4/Bug-Hunters-Methodology.part05.rar.html
turbobit.net/c3tjxbc9anrp/Bug-Hunters-Methodology.part06.rar.html
turbobit.net/ux9ec0ep42cv/Bug-Hunters-Methodology.part07.rar.html
turbobit.net/yxtwiv69132k/Bug-Hunters-Methodology.part08.rar.html
turbobit.net/g3wfldqvor45/Bug-Hunters-Methodology.part09.rar.html