Hacktify Certified Advance Pentester

Hacktify Certified Advance Pentester – HCAPT

Overview
Curriculum
Instructor

About the Certification

"Hacktify Certified Advance Pentester" is an intensive certification designed to equip participants with advanced skills and knowledge in the dynamic realm of ethical hacking, security testing, and bug bounty hunting. In this comprehensive program, students explore key areas such as advanced recon methodology, OAuth vulnerabilities, JWT attacks, Active Directory fundamentals, and WordPress pentesting, gaining hands-on experience through practical labs and Capture The Flag (CTF) challenges. With a focus on practical skills and real-world applications, this certification provides the foundation for success in the ever-evolving field of cybersecurity. Join us and take the first step towards a successful career securing digital assets and identifying vulnerabilities.

What will you learn?

"In this certification, you'll learn advanced reconnaissance, OAuth vulnerability exploitation, JWT and SAML attacks, Active Directory fundamentals, optimal hacking environment setup, Attack Surface Mapper creation, and Bug Bounty Alert System development. You'll also master WordPress Pentesting, equipping you for success in ethical hacking, security testing, and bug bounty hunting."

Introduction
Recon Tactics
Oauth
JWT Attacks
SAML Attacks
WAF Bypasses
WordPress Pentesting
Active Directory

The Course Curriculam

Module 01

Introduction | 04 Hours

What are Advance Bug Bounties
Advance Recon Methodology
Mindmap Creation
Setting Up your Hacking environment

Module 02

Recon Tactics | 04 Hours

Effective Shodan Reconnaisance
Active Subdomain Enumeration + Resolvers
Subdomain Mastering with Advance techniques
Building an Attack Surface Mapper
Building an Bug Bounty Alert System

Module 03

Oauth | 04 Hours

Implicit Grant Attack
OAuth CSRF protection Attack Bypass
Leaking Authorization codes and Access tokens
Flawed Scope Validation Attack
Unverified User Registration Attack
Host header Injection Oauth Attack
Reusable OAuth access token Attacks
State Parameter Bypass

Module 04

JWT Attacks | 04 Hours

Abusing None Algorithm
Signature Stripping
HS256 (symmetric encryption) key cracking
Cracking weak shared secrets
Substitution attack
Practical Lab
CTF

Module 05

SAML Attacks | 04 Hours

SAML
SAML Fundamentals
SAML vs OAuth
SAML Request & Response Breakdown
XML Signatures
XML Signature Wrapping Attacks-Type1
XML Signature Wrapping Attacks-Type2
XML Signature Wrapping Attacks-Type3
XML Signature Wrapping Attacks-Type4
XML Signature Wrapping Attacks-Type5
XML Signature Wrapping Attacks-Type6
XML Signature Wrapping Attacks-Type7
XML Signature Wrapping Attacks-Type8
SAML Extractor
SAML Raider
SAML to XSS Attacks
SAML Token Recipient Confusion Attack
Xml External Entities Attacks via SAML
Mitigations

Module 06

WAF Bypasses | 04 Hours

XSS Bypasses
SQL Injection Bypass
ModProxy & Cloudflare Bypass
CTF

Module 07

WordPress Pentesting | 04 Hours

WordPress Active Enumeration
WordPress Passive Enumeration
WordPress Users, Themes, Plugins, Versions
XML-RPC leads to DoS and DDoS
WordPress SSRF
WordPress Twenty Sixteen RCE
WordPress MSF Exploitation
Wpscan
CTF

Module 08

Active Directory | 04 Hours

Active Directory Fundamentals
Setting up Domain Controller
Setting up GPO
Extracting Information Windows AD
Office365 Recon
Mimikatz LSASS
Windows Local Previlage Escalation with Hot Potato
Process Injection
DLL Injection
Defense Evation

Final Exam | 02 Hours

Our Instructor

Meet Our Expert Instructor

Rohit Gautam

Hacktify Certified Instructor

Winner of Cyber Security Samurai of Year 2023, Director at Hacktify, Principal Security Consultant, Adjunct Prof. at Mandsaur University.

Shifa Cyclewala

Hacktify Certified Instructor

Winner of Top 20 Women Influencers Cyber Security in India 2022. Winner of Top Women Influencer Cyber Security in India 2023 by Bsides Bangalore.

hacktify team

Hacktify Certified Instructor's

We are a team of passionate cybersecurity experts, hackers turned ethical defenders, and technology enthusiasts Blue Team Cyber Suraksha 2023 Indian Army 2021 (Sainya Ranakshetram) Hackathon by Karnataka Govt. 2020 CIT Hackathon 2022 Noob Army Vulncon 2020 Southern California Tech Summit 2021

Month

0 +

Labs

24/7

Support

BENEFITS OF HACKTIFY CERTIFIED ADVANCE PENTESTER

Advanced Bug Bounty Expertise: This course provides advanced bug bounty hunting skills and techniques, allowing students to master the art of discovering and reporting security vulnerabilities in web applications and systems.

Reconnaissance Tactics Mastery: Students learn effective reconnaissance tactics, including utilizing Shodan for comprehensive reconnaissance, mastering subdomain enumeration with advanced techniques, and building tools for mapping attack surfaces and monitoring bug bounty programs.

Oauth and JWT Attack Skills: The course covers advanced techniques for OAuth and JWT attacks, enabling students to understand and exploit vulnerabilities such as implicit grant attacks, OAuth CSRF protection bypass, and JWT signature stripping.

SAML Attacks Knowledge: Students delve into SAML (Security Assertion Markup Language) attacks, gaining a deep understanding of the protocol, its fundamentals, and various attacks like XML Signature Wrapping. They also explore techniques for SAML to XSS attacks and token recipient confusion.

WAF Bypass Techniques: The course equips students with the ability to bypass Web Application Firewalls (WAFs), covering methods for bypassing XSS and SQL injection restrictions, as well as techniques for bypassing ModProxy and Cloudflare protection.

Students learn WordPress pentesting, covering active/passive enumeration and vulnerability exploitation. They also gain expertise in Active Directory, including domain controller setup, GPOs, AD information extraction, Mimikatz, privilege escalation, and diverse attack vectors.