Course curriculum

  • 1

    Day 1 - July

    • Advance Recon - ASN, Whois, Reverse Whois, DNSX, nrich, Shodan etc...

    • ASN to IP Script

    • IP Info Script

    • Oct: Advance Recon Mindmap, ASN, Reverse Whois, ASN2IP, Ipinfo, subbrute, dnsx, mapcidr, nrich, Shodan etc.

    • Subbrute Script

    • Recon Mindmap (PDF Format)

  • 2

    Day 2 - July

    • Subdomain enumeration , script for active & passive enumeration , Curl one liner , telegram bot , Anew , certificate transparency , Subdomains in Github codes , ipinfox.sh

    • Oct - Advance Recon, Active Passive Subdomain Enum, nrich , gostare, ASN Enum
  • 3

    All Scripts

    • Subdomain Enumeration Scripts

    • Scripts
  • 4

    Day 3 - July

    • CVE Latest Automation, Chaos all targets scripting

    • Automation - Security.txt , JS Recon Passive & Active - wayback, subjs, hakrawler,linkfinder,secretfinder

    • Automation 2 - JS Recon Passive & Active - wayback, subjs, hakrawler, Custom Wordlist - jswords, linkfinder,secretfinder

    • Js.sh

    • chaos-hunt.sh

    • cve.sh

    • Automation 2 - JS Recon Passive & Active - wayback, subjs, hakrawler, Custom Worjswords, linkfinder,secretfinder
  • 5

    Day -4 Wordpress Pentesting

    • Wordpress Detection using Wapalyzer, HTTPX, Wp-login, WP Registration, XML RPC Pingback, RDF, WP Scan, Bash Script for themes, Wordpress Directory Listing, Plugins, Shodan CLI, Nuclei

  • 6

    Day-5 Active Directory Fundamentals

    • Active Directory Fundamentals
  • 7

    Day-6 JWT Attack

    • JWT, 4 JWT Attack Types.

    • PPT for JWT
  • 8

    Day -7 Oauth Attack

    • Oauth Attacks

    • PPT for OAuth
  • 9

    Day -8 WAF Bypasses

    • Cloudflare Bypass, Mod Proxy Core Rule Set Bypass, LFI Bypass, AD Setup
  • 10

    Day -9 SAML Attacks

    • SAML Attacks

    • SAML Attacks
  • 11

    Day - 10

    • Wordpress Pentesting - Themes, Plugins, Rce, AD Enum, Exploitation, Mimikatz
  • 12

    Day -11

    • How to find New Novel Bugs, Shodan Download CLI, Nuclei Custom Template, Icewarp Exploit, Favicon Recon
  • 13

    Demo - Small, Medium, Large Scope Recon

    • Small Medium, Large Scope Recon
  • 14

    Day -12

    • DLL Hijacking, DLL Proxying, ProcMon, EchoMirage, DNSpy, Strings

    • Fuzzing with FFUF for finding new params from wordlists
  • 15

    Day -13

    • Learning Scripter

  • 16

    Day -14

    • JWT Attacks

  • 17

    Day 15

    • WAF Bypass on Modsecurity and Resources
  • 18

    OAuth

    • Oauth
  • 19

    SAML and BAC

    • SAML & BAC Attacks
  • 20

    Active Directory Setup & Attacks

    • Active Directory Setup & Attacks
  • 21

    Tesla Live Hunting

    • Lesson Recording
  • 22

    Wordpress Pentesting

    • Wordpress PT, Themes, Plugins, Wpscan
  • 23

    June 2023

    • May - Class 1

    • May Class 2

    • May 2023: Class 3

    • May Class - 4

    • May Class 5

    • May Class 5 - Part 2

    • May Class 6

    • May Class 7

    • May Class 8

    • Class 9

    • Class 10