Hacktify Certified Advance Pentester

About the Certification

"Hacktify Certified Advance Pentester" is an intensive certification designed to equip participants with advanced skills and knowledge in the dynamic realm of ethical hacking, security testing, and bug bounty hunting. In this comprehensive program, students explore key areas such as advanced recon methodology, OAuth vulnerabilities, JWT attacks, Active Directory fundamentals, and WordPress pentesting, gaining hands-on experience through practical labs and Capture The Flag (CTF) challenges. With a focus on practical skills and real-world applications, this certification provides the foundation for success in the ever-evolving field of cybersecurity. Join us and take the first step towards a successful career securing digital assets and identifying vulnerabilities.

What will you learn?

"In this certification, you'll learn advanced reconnaissance, OAuth vulnerability exploitation, JWT and SAML attacks, Active Directory fundamentals, optimal hacking environment setup, Attack Surface Mapper creation, and Bug Bounty Alert System development. You'll also master WordPress Pentesting, equipping you for success in ethical hacking, security testing, and bug bounty hunting."

  • Introduction
  • Recon Tactics
  • Oauth
  • JWT Attacks
  • SAML Attacks
  • WAF Bypasses
  • WordPress Pentesting
  • Active Directory

The Course Curriculam

Module 01

Introduction | 04 Hours

  • What are Advance Bug Bounties
  • Advance Recon Methodology
  • Mindmap Creation
  • Setting Up your Hacking environment

Module 02

Recon Tactics | 04 Hours

  • Effective Shodan Reconnaisance
  • Active Subdomain Enumeration + Resolvers
  • Subdomain Mastering with Advance techniques
  • Building an Attack Surface Mapper
  • Building an Bug Bounty Alert System

Module 03

Oauth | 04 Hours

  • Implicit Grant Attack
  • OAuth CSRF protection Attack Bypass
  • Leaking Authorization codes and Access tokens
  • Flawed Scope Validation Attack
  • Unverified User Registration Attack
  • Host header Injection Oauth Attack
  • Reusable OAuth access token Attacks
  • State Parameter Bypass

Module 04

JWT Attacks | 04 Hours

  • Abusing None Algorithm
  • Signature Stripping
  • HS256 (symmetric encryption) key cracking
  • Cracking weak shared secrets
  • Substitution attack
  • Practical Lab
  • CTF

Module 05

Bug Bounty Programs and Red Teaming | 04 Hours

  • Implementation of Recon
  • Identification of Assets
  • Content Discovery
  • Parameter Discovery & Mining
  • Reporting & Wrap up

Module 06

WAF Bypasses | 04 Hours

  • XSS Bypasses
  • SQL Injection Bypass
  • ModProxy & Cloudflare Bypass
  • CTF

Module 07

WordPress Pentesting | 04 Hours

  • WordPress Active Enumeration
  • WordPress Passive Enumeration
  • WordPress Users, Themes, Plugins, Versions
  • XML-RPC leads to DoS and DDoS
  • WordPress SSRF
  • WordPress Twenty Sixteen RCE
  • WordPress MSF Exploitation
  • Wpscan
  • CTF

Module 08

Active Directory | 04 Hours

  • Active Directory Fundamentals
  • Setting up Domain Controller
  • Setting up GPO
  • Extracting Information Windows AD
  • Office365 Recon
  • Mimikatz LSASS
  • Windows Local Previlage Escalation with Hot Potato
  • Process Injection
  • DLL Injection
  • Defense Evation
Final Exam | 02 Hours

Our Instructor

Meet Our Expert Instructor

Rohit Gautam

Hacktify Certified Instructor

Winner of Cyber Security Samurai of Year 2023, Director at Hacktify, Principal Security Consultant, Adjunct Prof. at Mandsaur University.

Shifa Cyclewala

Hacktify Certified Instructor

Winner of Top 20 Women Influencers Cyber Security in India 2022. Winner of Top Women Influencer Cyber Security in India 2023 by Bsides Bangalore.

hacktify team

Hacktify Certified Instructor's

We are a team of passionate cybersecurity experts, hackers turned ethical defenders, and technology enthusiasts Blue Team Cyber Suraksha 2023 Indian Army 2021 (Sainya Ranakshetram) Hackathon by Karnataka Govt. 2020 CIT Hackathon 2022 Noob Army Vulncon 2020 Southern California Tech Summit 2021

0 +




Advanced Bug Bounty Expertise: This course provides advanced bug bounty hunting skills and techniques, allowing students to master the art of discovering and reporting security vulnerabilities in web applications and systems.

Reconnaissance Tactics Mastery: Students learn effective reconnaissance tactics, including utilizing Shodan for comprehensive reconnaissance, mastering subdomain enumeration with advanced techniques, and building tools for mapping attack surfaces and monitoring bug bounty programs.

Oauth and JWT Attack Skills: The course covers advanced techniques for OAuth and JWT attacks, enabling students to understand and exploit vulnerabilities such as implicit grant attacks, OAuth CSRF protection bypass, and JWT signature stripping.

SAML Attacks Knowledge: Students delve into SAML (Security Assertion Markup Language) attacks, gaining a deep understanding of the protocol, its fundamentals, and various attacks like XML Signature Wrapping. They also explore techniques for SAML to XSS attacks and token recipient confusion.

WAF Bypass Techniques: The course equips students with the ability to bypass Web Application Firewalls (WAFs), covering methods for bypassing XSS and SQL injection restrictions, as well as techniques for bypassing ModProxy and Cloudflare protection.

Students learn WordPress pentesting, covering active/passive enumeration and vulnerability exploitation. They also gain expertise in Active Directory, including domain controller setup, GPOs, AD information extraction, Mimikatz, privilege escalation, and diverse attack vectors.