ＨｉｄｅＺｅｒｏＯｎｅ

The course will purely focus on Web/Server/Mobile offensive hacking using the Bug Bounty Hunter Mentality.

Syllabus

1. Information Security Concepts.
2. Advanced Reconnaissance Methodologies (10+ methodologies).
3. Advanced Network Scanning & Enumeration.
4. Systems Exploitation.
5. Vulnerability Assessment.
6. Web Hacking Vulnerabilities (Client Side bugs, Server Side bugs, Business Logic Bugs, Server Security Misconfigurations, Bypassing Security Controls, and much more…).
7. Mobile Hacking (Reverse Engineering, Static Analysis, Dynamic Analysis).
8. Source Code Analysis.
9. Forensics Analysis.

Advanced Reconnaissance & Bug Bounty Hacking Methodologies

SEC642 is an expert-level course tailored for cybersecurity professionals seeking to deepen their skills in identifying, exploiting, and mitigating vulnerabilities in web applications. This course focuses on advanced techniques for penetration testing, ethical hacking, and exploitation, offering hands-on experience in assessing modern, complex web environments.

So you popped a shell, now what? Windows Post Exploitation focuses on four major components of any adversary simulation or red team exercise: enumeration, persistence, privilege escalation, and lateral movement. Each of these steps will be covered in detail with hands-on labs in a custom Active Directory environment. In addition, students will learn several modern techniques to minimize opportunities for detection. This course goes beyond teaching popular tactics, techniques, and procedures. Instead, students will learn how to covertly gather and leverage information about a target environment to achieve their objectives efficiently. A review of each post-ex capability will include discussion on the OPSEC implications and publicly documented detection recommendations. Open-source SIEM rules from Sigma and Elastic will be used as a starting point for avoiding alert generation. No technique is undetectable; the key is understanding an environment’s detection capabilities and choosing the best course of action.

Antisyphon: Windows Post Exploitation w/ Kyle Avery

This class is a distillation of what I’ve learned in my pentesting career about how to create a report that is both easy to read and hard to misunderstand. I will help you develop habits and support materials that simplify the work of reporting so you can get better results with less effort. Ask anyone who signs the checks which is worth more: a clear and actionable report from a tester with average technical skills, detailing how vulnerabilities were found and exploited, showing the impact of those exploits, and making concrete recommendations for improvement? Or a hastily-assembled list of compromised systems, thrown together by an elite hacker in the last hour of the contract after running a rampage through your networks? If you want to set yourself apart, work on your reporting skills. The hacks are ephemeral. The report lives forever. The hacks are fun – and they require your constant effort to keep current. The reporting is what makes this all a viable career – and once you know how to produce a good one, you can apply that skill endlessly as the computing world changes around you. This course helps you know what makes a good report good. It discusses the reporting mindset, and the foundational principles that always lead to a report you can be proud of, regardless of the tools you use for the test or for writing the report. We will look at some real reports as examples, and work together on ways to improve in the areas that are most important, as well as those that are most commonly neglected.

Antisyphon: Reporting for Pentesters w/ BB King

This is  a collection of Offensive Security’s curated cyber security learning paths These learning paths are designed to provide a comprehensive understanding of various cyber security domains, such as network penetration testing, web application security, wireless security, secure software development, and cloud security . Each learning path is tailored to suit the needs of cyber security enthusiasts, from beginners to advanced learners