The Bug Hunter’s Methodology (TBHM) is a two-day, paid, virtual training that aims to equip you with the latest tools, techniques, and strategies, plus provide a data-driven methodology on how and where to search for vulnerabilities that are currently common in the wild.
Unlike other courses, TBHM Live is not an A-Z or beginner-oriented course. True to the spirit of my public TBHM talks, my emphasis is on expert tips, time-saving tricks, practical Q&As, automation strategies, vetted resources, and engagement via the dedicated community on Discord.
Syllabus
-
Day 1
-
Recon Part 1: Recon Concepts
-
Recon Part 2: Acquisitions and Domains
-
Recon Part 3: Subdomain Enumeration
-
Recon Part 4: Server & App Level Analysis
-
Recon Part 5: Profiling People for Social Engineering
-
Recon Part 6: Recon Adjacent Vulnerability Analysis
-
Recon Part 7: Recon Frameworks and Helpers
-
-
Day 2
-
Application Analysis Part 1: Analysis Concepts
-
Application Analysis Part 2: Vulnerability Automation
-
Application Analysis Part 3: Content Discovery
-
Application Analysis Part 4: The Big Questions
-
Application Analysis Part 5: Application Heat Mapping
-
Application Analysis Part 6: Web Fuzzing & Analyzing Fuzzing Results
-
Application Analysis Part 7: Introduction to Vulnerability Types
-
Application Analysis Part 8: XSS Tips and Tricks
-
Application Analysis Part 9: IDOR Tips and Tricks
-
Application Analysis Part 10: SSRF Tips and Tricks
-
Application Analysis Part 11: XXE
-
Application Analysis Part 12: File Upload Vulnerabilities Tips and Tricks
-
Application Analysis Part 13: SQL Injection Tips and Tricks
-
Application Analysis Part 14: Command Injection Tips and Tricks
-
Application Analysis Part 15: COTS and Framework Scanning
-
Application Analysis Part 16: Bypass of security controls
-
