
The Bug Hunter’s Methodology (TBHM) is a two-day, paid, virtual training that aims to equip you with the latest tools, techniques, and strategies, plus provide a data-driven methodology on how and where to search for vulnerabilities that are currently common in the wild.
Unlike other courses, TBHM Live is not an A-Z or beginner-oriented course. True to the spirit of my public TBHM talks, my emphasis is on expert tips, time-saving tricks, practical Q&As, automation strategies, vetted resources, and engagement via the dedicated community on Discord.
Syllabus
-
Day 1
-
Recon Part 1: Recon Concepts
-
Recon Part 2: Acquisitions and Domains
-
Recon Part 3: Subdomain Enumeration
-
Recon Part 4: Server & App Level Analysis
-
Recon Part 5: Profiling People for Social Engineering
-
Recon Part 6: Recon Adjacent Vulnerability Analysis
-
Recon Part 7: Recon Frameworks and Helpers
-
-
Day 2
-
Application Analysis Part 1: Analysis Concepts
-
Application Analysis Part 2: Vulnerability Automation
-
Application Analysis Part 3: Content Discovery
-
Application Analysis Part 4: The Big Questions
-
Application Analysis Part 5: Application Heat Mapping
-
Application Analysis Part 6: Web Fuzzing & Analyzing Fuzzing Results
-
Application Analysis Part 7: Introduction to Vulnerability Types
-
Application Analysis Part 8: XSS Tips and Tricks
-
Application Analysis Part 9: IDOR Tips and Tricks
-
Application Analysis Part 10: SSRF Tips and Tricks
-
Application Analysis Part 11: XXE
-
Application Analysis Part 12: File Upload Vulnerabilities Tips and Tricks
-
Application Analysis Part 13: SQL Injection Tips and Tricks
-
Application Analysis Part 14: Command Injection Tips and Tricks
-
Application Analysis Part 15: COTS and Framework Scanning
-
Application Analysis Part 16: Bypass of security controls
-
Security Education
OffSec
iNE
Antisyphon
EC-Council
Applied Network Defense
Kaspersky
Sektor7
CompTIA
TCM Security
BlackHat
13Cubed
Dark Vortex
Enciphers
Forty North
Cyber warfare Labs
Maltrak
Scorpio Software
Security Onion
Zero Point Security
SentinelOne
Altered Security
SpecterOps
Pentester Academy
CQURE
PluralSight
StationX
Cybr
موسسههای دیگر