Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Bug Bounty - Web Track
Introduction
About the intructor (0:30)
What to expect (1:55)
Techniques and Terms (3:53)
Introduction to Ethical Hacking. Footprinting and Reconnaissance
Introduction to Ethical Hacking. Footprinting and Reconnaissance (24:55)
Demo - Information Gathering using Google Dorks and DNS Queris (4:17)
Demo - Scanning and Enumeration (8:58)
Do it yourself - Information Gathering Exercise
Information Gathering
Information Gathering using websites - part 1 (12:59)
Information Gathering using websites - part 2 (17:17)
Introduction to Maltego (4:58)
Maltego Demo (9:16)
Web Security
Core Problems - Why Web Security (7:33)
Web Technologies
Preparing the Lab Environment (8:31)
Sniffing. Attacking Authentication and Session Management - Session Hijacking
Sniffing (15:00)
Theoretical Overview of Attacking Authentication and Session Management
Session Hijacking trough Man In The Middle Attack (11:05)
Intercept and access traffic over HTTPS. Get Gmail and Facebook passwords. (8:56)
Attacking the users trough websites - XSS and Beef-XSS
XSS Basics (8:27)
Reflected XSS (10:29)
Stored XSS (6:59)
Beef-XSS Basics (16:12)
Access controls. Data stores and Client-side Controls
Access controls. Data stores and Client-side Controls
SQL injection (9:09)
Exploiting SQLi using Sqlmap and Getting Remote Shell (10:07)
Upload and Remote File Execution (10:43)
Other vulnerabilities - web and mobile
OWASP Top Ten Mobile Vulnerabilities (13:22)
Penetration Testing Cheat Sheet (18:59)
For Developers - Android Security Guidelines (1:21)
Further research - Automatic and Manual Scanning for Vulnerabilities (18:16)
Android Development Tools
Android Studio (11:21)
Android Debug Bridge (6:23)
Playing with Android Emulators - practice your social engineering
Android emulator or Android Device? (6:57)
Android Rooting (5:43)
Setting up a proxy in Android (10:25)
Installing CA Certificate (5:41)
Android Vulnerable Application Setup (3:43)
Android Application Review. Reverse Engineering and App Analysis
APK file Structure. AndroidManifest XML file (7:01)
Reversing to get Source code of the Application - decompiling with dex2jar (10:53)
Reversing and Re-compiling With APKTool (10:55)
Static vs Dynamic Analysis (5:58)
Static Analysis of Android Application using QARK (13:05)
Dynamic Analysis of Android Application using Inspeckage and Xsposed (15:36)
MobSF - Mobile-Security-Framework (10:48)
Automated Security Assessments with Drozer (8:45)
Intercept traffic using Wireshark (5:22)
Intent Sniffing (5:23)
Fuzzing using Burp - Password Brute-Force. Username enumeration (11:58)
Bypass Certificate Pinning
General Description (4:10)
Automatic Bypass of SSL Pinning (8:51)
Manual Bypass of SSL Pinning (31:50)
Social Engineering Toolkit (SET)
About Social Engineering Toolkit (1:50)
Use SET to get facebook credentials (6:11)
Burp Suite for Advanced Web, Api and Mobile Pentesting
2. What to expect (1:54)
2. Expectation. What is Burp
3. env setup (4:35)
3. download resources and setup environment
4. About Burp (1:26)
5. import-ca (10:19)
6 general concept (4:24)
6. General concept
9. Proxy Part 2 (10:06)
10. Spider Module (6:34)
11. Sequencer and Scanner Module (12:10)
13. Decoder module (9:08)
15. BApp Store (13:26)
16. Further Reading
16. Further Reading (1:47)
17. Burp Alternatives
Final Words
Countermeasures for Social Engineering (6:48)
Final words (0:14)
For Developers - Android Security Guidelines
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock