$1,000

The Bug Hunter's Methodology Live Course December 2024

Buy this

The Bug Hunter's Methodology Live Course December 2024

$1,000

TBHM Live - Course Info

I am thrilled to introduce you to The Bug Hunter's Methodology LIVE, my masterclass designed for aspiring and seasoned offensive security professionals, including web application security testers, red teamers, and bug bounty hunters.

The Bug Hunter's Methodology (TBHM) is a three-day, paid, virtual training that aims to equip you with the latest tools, techniques, and strategies, plus provide a data-driven methodology on how and where to search for vulnerabilities that are currently common in the wild.

Unlike other courses, TBHM Live is not an A-Z or beginner-oriented course. True to the spirit of my public TBHM talks, my emphasis is on expert tips, time-saving tricks, practical Q&As, automation strategies, vetted resources, and engagement via the dedicated community on Discord.


Here are the details for the upcoming masterclass:

  • December 17th 9am-5:30pm MST (30 minute lunch break)
  • December 18th 9am-5:30pm MST (30 minute lunch break)
  • December 19th 10am-5:30pm MST (30 minute lunch break)


Each module will be driven live, using real-time targets where possible. You'll have access to all source material to refer back to after the training. Plus, a video recording of the class will be available for all participants shortly after the course concludes.

TBHM Live is also much more than just a course. I am dedicated to fostering a vibrant and supportive community for our learners. In keeping with this commitment, I will maintain a Discord channel for ongoing support, including resume guidance and job placement assistance.

Join us for TBHM Live and get ready to supercharge your skills, refine your strategies, and join an active community of like-minded professionals.

I look forward to seeing you in the class!

Attendees should have:

Burp Suite (PRO preferably), VM or equivalent access to *nix command line.

Pre-requisites for attendees: General Web application and network security testing knowledge required. Some topics will assume some knowledge of OWASP Top Ten type vulnerabilities and previous experience.

A full list of tools needed will be posted in the class discord before class.


**Students who have previously taken the course**

Having had the privilege to lead the course numerous times now, it becomes evident that each session cultivates unique queries, responses, and input from students. The content is also cutting edge, so each cohort has new information.This diversity and rapid channge presents a wonderful opportunity for thought-provoking discussions on various tools, techniques, and invaluable teachings. Every time the class is conducted, there's a fresh lesson to be learned. For former participants who have previously purchased this course, I extend an invitation to join any future sessions at a cost of $100 USD. Please feel free to reach out to me on the class discord channel to further discuss this opportunity.


Full Syllabus:


General Topics

  • Project tracking for Large scope assessments (Red Team and Bounty)
  • Mental Health in Offensive Security
  • Templating and Reporting
  • Testing Env
    • Providers
    • Tools


Recon Topics


Recon Concepts

  • Introduction to Recon

Recon Techniques:

  • Acquisitions and Domains
  • Shodan
  • ASN Analysis
  • Crunchbase ++
  • SSL Recon
  • ReconGTP
  • Reverse WHOIS
  • Reverse DNS
  • Reverse IP
  • DMARC Analysis
  • Add and Analytics Relationships
  • Supply chain investigation and SaaS
  • Google-fu (trademark & Priv Pol)
  • TLDs Scanning
  • 0365 Enumeration for Apex Domains
  • Subdomain Scraping (all the best sources and why to use them)
  • Sources
  • Brute force
  • Wildcards
  • Permutation Scanning
  • Linked Discovery
  • Wordlists
  • Advantageous Subs (WAF bypass - Origins)
  • Favicon analysis
  • Sub sub domains
  • Port Scanning
  • Screenshotting
  • Esoteric techniques
  • Service Bruteforce




Application Analysis Topics


Best rousources to follow to stay sharp

Recon Adjacent Vulnerability Analysis

  • CVE scanners vs Dynamic Analysis
  • Subtakover
  • S3 buckets
  • Quick Hits (swagger, .git, configs, panel analysis)


Analysis Concepts

  • Indented usage (not holistic, contextual)
  • Analysis Layers
  • Application Layers as related to success.
  • Tech profiling
  • The Big Questions
  • Change monitoring


Vulnerability Automation

  • More on CVE and Dynamic Scanners
  • Dependencies
  • Early running so you can focus on manual.
  • Secrets of automation kings


Content Discovery

  • Intro to CD (walking, brute/fuzz, historical, JS, spider, mobile, params)
  • Importance of walking the app
  • Bruteforce Tooling
  • Bruteforce Tooling Lists:
    • based on tech
    • make your own (from-install, dockerhub, trials, from word analysis)
    • best base wordlists
    • quick configs
    • API lists
  • Bruteforce Tooling Tips: Recursion
  • Bruteforce Tooling Tips: sub as path
  • Bruteforce Tooling Tips: 403 bypass
  • Historical Content Discovery
  • Spidering
  • Mobile Content Discovery
  • Parameter Content Discovery


Application Analysis: JavaScript

  • Cheatsheets (BETA)
  • Raw Analysis
  • Inline JS
  • Obfuscated JS
  • Lazy Loaded JS
  • Minified JS
  • Mobile JS Analysis
  • Advanced tooling and tips for all the above


Application Analysis: The Big Questions

  • How does the app pass data?
  • How/where does the app talk about users?
  • Does the site have multi-tenancy or user levels?
  • Does the site have a unique threat model?
  • Has there been past security research & vulns?
  • How does the app handle common vuln classes?
  • Where does the app store data?


Application Analysis: Application Heat Mapping

  • Common Issue Place: Upload functions
  • Common Issue Place: Content type multipart-form
  • Common Issue Place: Content type XML / JSON
  • Common Issue Place: Account section and integrations
  • Common Issue Place: Errors
  • Common Issue Place: Paths/URLs passed in parameters
  • Common Issues Place: Chatbots


Application Analysis: Web Fuzzing & Analyzing Fuzzing Results

  • Parameters and Paths (generic fuzzing)
  • Reducing Similar URLs
  • Dynamic only fuzzing
  • Fuzzing resources SSWLR - "Sensitive Secrets Were Leaked Recently”
  • Backslash powered Scanner


Application Analysis: Introduction to Vulnerability Types

  • Indented usage (not holistic. Tips and Contextual)
  • Covered vulns and why


Application Analysis: XSS Tips and Tricks

  • Stored and Reflected
  • Polyglots
  • Blind
  • DOM Tools
  • Common Parameters
  • Automation and Tools


Application Analysis: IDOR Tips and Tricks

  • IDOR, Access, Authorization, MLAC, Direct browsing Business logic, parameter manipulation
  • Numeric IDOR
  • Identifying user tokens GUID IDOR
  • Common Parameters


Application Analysis: SSRF Tips and Tricks

  • SSRF intro
  • schemas
  • Alternate IP encoding
  • Common Parameters


Application Analysis: XXE

  • Common areas of exploitation
  • Payloads
  • Common Parameters


Application Analysis: File Upload Vulnerabilities Tips and Tricks

  • Common bypasses
  • Common Parameters


Application Analysis: SQL Injection Tips and Tricks

  • SQLmap tamper
  • ghauri
  • Common Parameters



Application Analysis: Bypass of security controls

  • Sec control types (CDN, Server, Code-level)
  • Block Triggers
  • Bypass techniques
Buy this

No refunds

As the content is digital and includes access to the discord where some files will be hosted, to prevent piracy there will be no refunds.

Last updated Oct 29, 2024

Copy product URL