OSCP Ethical Hacking With Bug Bounty,Cloud,Defensive &Mobile
Ethical Hacking:- OSCP, Active Directory Mastery, Cloud Security, Mobile and Bug Bounty Expertise
4.21 (209 reviews)
4 919
students
49.5 hours
content
Mar 2024
last update
$74.99
regular price
What you will learn
OSCP Prep Methodology
Bug Bounty Advance and Live Bug Bounty Sessions
Passive Information Gathering
Host And Nmap
SMB Enumeration
SMTP Enumeration
SNMP Enumeration
Web Application Assessment Tools
Web Attacks
Shells
Locating Public Exploits
Cracking SSH , RDP and WEB
Password Cracking
Windows Privilege Escalation
Situational Awareness
Hidden In Plain View
Goldmine AKA Powershell
Automated Enumeration
Leveraging Windows Services
DLL Hijacking
Scheduled Tasks
SeImpersonate Privilege
SeBackup Privilege
UAC Attack
Always Elevated
GPO Edit
Tools For Windows Privilege Escalation
Enumerating Linux
Automated Enumeration
Abusing Password Authentication
Abusing Binaries And Sudo
Exploiting Kernel Vulnerabilities
Exploiting Cron Jobs
Port Redirection And Tunneling
Ligolo NG
Chisel
SSH Tunneling
HTTP Tunneling
Active Directory Manual Enumeration
Active Directory Automatic Enumeration
LDAP Search
Active Directory Hacking
Cached AD Credentials
Password Attacks
AS-REP Roasting
Lateral Movement
Impacket Tools
Others Tools For Active Directory
File Transfer Linux-Linux
File Transfer Linux -Windows
Bug Bounty Automation
ReconFTW
NucleiFuzzer
Magic Recon
Subzy
SocialHunter
Authentication bypass via OAuth implicit flow
SSRF via OpenID dynamic client registration
Forced OAuth profile linking
OAuth account hijacking via redirect_uri
Stealing OAuth access tokens via an open redirect
Stealing OAuth access tokens via a proxy page
Remote code execution via web shell upload
Web shell upload via Content-Type restriction bypass
Web shell upload via path traversal
Web shell upload via extension blacklist bypass
Clickjacking And Its Bounty
Web shell upload via obfuscated file extension
Remote code execution via polyglot web shell upload
Web shell upload via race condition
TXT Records and Github Recon
Early Recon for a Web Application
Hacking Windows Server Using Eternal Blue
Ligolo-ng For Tunneling
Getting Hold Of Enum and Ways
Cached AD Credentials
Password Attacks For Active Directory
Lateral Movement For Active Directory
File Transfer Linux-Linux
File Transfer Windows-Linux
Meaning Of API
Security Mechanism Of API
IDOR and severity levels
No Rate Limit On Registration
No Rate Limit On Login
No Rate Limit On Contact Us Page
No Rate Limit On Redeem Page
No Rate Limit On Invite Link
Using Default Credentials
Infotainment, Radio Head Unit PII Leakage
RF Hub Key Fob Cloning
Misconfigured DNS High Impact Subdomain Takeover
OAuth Misconfiguration Account Takeover
Infotainment, Radio Head Unit OTA Firmware Manipulation
Misconfigured DNS Basic Subdomain Takeover
Mail Server Misconfiguration No Spoofing Protection on Email Domain
Misconfigured DNS Zone Transfer
Mail Server Misconfiguration Email Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain
Database Management System (DBMS) Misconfiguration Excessively Privileged User / DBA
Lack of Password Confirmation Delete Account
No Rate Limiting on Form Email-Triggering
No Rate Limiting on Form SMS-Triggering
Exploiting Linux Machine With ShellShock
Exploiting Linux with dev shell and Privesc with cronjob
Basic password reset poisoning
Host header authentication bypass
Web cache poisoning via ambiguous requests
Broken Link HIjacking
HTTP By Default
HTTPS and HTTP Both Available
Improper Cache Control
Token Is Invalidated After Use On Registration
Token Is Invalidated After Use On Login
Token Is Invalidated After Use On Forgot Password
Token Is Invalidated After Use On Invite
Token Is Invalidated After Use On Coupon
Token Is Invalidated After Use On Collaboration
Introduction To Defensive Security
Overview of Cyber Security
Importance of Defensive Security
OSI Model
TCP/IP Basics
Subnetting
Interface And Cables
Security Fundamentals
Introduction to Mobile App Pentesting
Mobile App Pentesting Process
Practical:Reconnaissance on a target
Understanding the Android Architecture
Introducing android apps building blocks
Understanding Reverse Engineering
Performing lab setup on windows
Performing lab setup on kali linux
Performing lab setup on MAC
Setting up Emulator on Android studio
Setup for physical device
Pulling apk from playstore
Introduction to injured android
What to look at in AndroidManifest xml file
RCE In CSE-Webstore
HTML Email Injection
Token Leaked In Response
External Authentication Injection
Cleartext Transmission Of Session Token
Account Lockout Bypass
Token Leakage Via 3rd Party Referrer
CRLF To XSS
Clipboard Enabled
DoS To Owner
No Secure Integrity Check
Privacy Concern
Iframe Injection
Session Fixation
Wifi SSID + Password
Source Code Credential Storage
Cyber Security Quiz
Target Finding Methadology
Performing Static Analysis
Applying Static Analysis To Get Some Flags
Exploiting Storage Buckets
Exploiting Firebase Database
Understanding SSL Pinning
Using Burpsuite For Intercepting Traffic
Using Proxyman For Intercepting Traffic
Automation For Patching Applications
Manual Patching Of Applications
Understanding Broadcast Receiver
Decryption Using Frida
Understanding Sqlite databases In An Application
Performing Unicode Collision
Deeplinks And Binary Analysis
Using HTML To Generate Deep links(RCE)
Assembly Language And Shared Objects
DIVA Application
AndroGoat Application
Introduction To iOS
Automated Analysis Using MobSF
Introduction To Defensive Security
Overview of Cyber Security
Importance of Defensive Security
OSI Model
TCP/IP Basics
Subnetting
Lab Setup For Defensive
Interface And Cables
Security Fundamentals
Practical on Packet Tracer
Standard ACLs
Extended ACLs
Working Layer of Protocols
Wireshark And Nmap
Protocols and Ports
Compliance and Standards
Incident Response And Management
Risk Management
Firewall v/s IDP v/s IPS
SIEM
Windows and Linux Fundamentals
Countermeasure
Introduction To AWS Security
Monitoring & Logging in AWS
Overview About AWS CloudWatch & Guard Duty
Security Reference Architecture
AWS Config Theory
Log Analysis In Cloudwatch And Cloudtrail
Unauthorized Activity
Incident Response
Event Bridge
Overview About AWS Inspector & Defender
AWS Configuration Practicals Overview
CloudWatch Practical Overview
EventBridge Practical Overview
Amazon SNS Practical Overview
CloudTrail Practical Overview
AWS Shared Responsibility Model
Introduction To Owasp Top 10
A01 - Broken Access Control
A02 - Cryptographic Failures
A03 - Injections
A04 - Insecure Design
A05 - Security Misconfigurations
A06 - Vulnerable & Outdated Componenets
A07 - Identification & Authorization Failures
A08 - Software & Data Integrity Issues
A09 - Security Logging & Monitoring Failures
A10 - SSRF
Securing Layered Web Architecture In AWS
Best Practices To Secure Layered Web Application
Edge Security Design
DDOS Attack Overview & AWS Shield Introduction
Best Practices for DDOS Protection
Designing Secure Isolated Network Architecture
Gateways & Traffic Monitoring Concept In VPC
Difference In Security Group & NACL
AWS Firewall Tools Stack Overview
Common Use Cases of Edge Security Strategy
AWS Hybrid Network Security
Building AWS Hybrid Network Security Architecture
Reachability Analysis In AWS
Host Based Security In AWS
AWS Inspector Overview
Hardening Concept Overview
CV Making
Working Of IAM in AWS
Users in AWS IAM
Roles in AWS IAM
Policies in AWS IAM
Best Practices in AWS IAM
Introduction to Access Control Concept in AWS IAM
Overview about RBAC & ABAC access control
Separation of Duties Concept in AWS
Deployment of SOD in AWS
Active Directory in AWS
AWS Managed Active Directory
AD Connector in AWS
Scalable System Design to Access AWS Resources
Course Gallery
Charts
Students
Price
Rating & Reviews
Enrollment Distribution
Comidoc Review
Our Verdict
With its broad coverage of essential cybersecurity domains like ethical hacking, offensive security, defensive strategies, mobile app pentesting, and cloud security, this course serves as a versatile learning platform. Though some beginners might initially find the sheer volume of content daunting, committing time to foundational knowledge acquisition will enhance their overall learning experience. Ideally suited for IT professionals keen on enhancing their cybersecurity career prospects, the One Stop Hacking Marathon paves the way for aspiring ethical hackers and bug bounty hunters alike.
What We Liked
- The course offers a comprehensive coverage of ethical hacking, OSCP preparation, mobile app pentesting, cloud security, and defensive security, making it a one-stop solution for cybersecurity enthusiasts.
- Real-world scenarios, hands-on labs, and practical exercises provide a solid foundation for mastering various ethical hacking techniques and tools like Metasploit, Nmap, and Burp Suite.
- Expert instructors with real-world experience share their insights on the latest hacking tools, techniques, and methodologies, ensuring learners stay updated with industry trends.
- By participating in a bug bounty program with real rewards and recognition, learners gain exposure to responsible disclosure and the opportunity to showcase their skills.
Potential Drawbacks
- The vast amount of content may initially overwhelm beginners who might need to invest extra time in understanding foundational concepts before diving into practical exercises.
- While the curriculum emphasizes practical application, some learners might prefer more comprehensive theory-based instruction alongside hands-on labs.
- Prerequisite knowledge of computer networks and operating systems is expected; therefore, learners lacking this background may struggle to keep pace with the course material.
- Apart from sporadic feedback, a more systematic and consistent evaluation mechanism could provide learners with actionable insights for continuous improvement.
5548924
udemy ID
09/09/2023
course created date
16/02/2024
course indexed date
Bot
course submited by