Learn the strategies and techniques used by professional Red Teams, including C2 frameworks like Cobalt Strike, to test your defenses.
loyalty
Active Directory Hacking
Master the art of exploiting Active Directory environments with techniques such as Kerberoasting and ACL abuse.
addchart
Web Hacking
Exploit web application vulnerabilities like SQL Injection and XSS, using tools like Burp Suite for thorough testing.
search_off
Internal Pentesting
Learn offensive methods for internal penetration testing, focusing on network exploitation and privilege escalation.
lock_clock
Exploit Development
Develop and understand exploits, focusing on techniques like buffer overflows and Return-Oriented Programming (ROP).
dynamic_form
Source Code Auditing
Identify and exploit vulnerabilities in software through detailed source code analysis and reverse engineering.
spellcheck
Malware Development
Create and analyze malicious software, focusing on techniques for evading detection and achieving persistence.
send_and_archive
Mobile Testing
Exploit mobile application vulnerabilities, including insecure data storage and weak authentication mechanisms.
webhook
Cloud Security
Exploit cloud infrastructure vulnerabilities, focusing on misconfigurations, privilege escalation, and lateral movement.
display_settings
ICS Hacking
Learn offensive techniques to exploit Industrial Control Systems (ICS), including PLC exploits and network attacks.
text_rotation_angledown
Hacking AI/ML
Explore methods to exploit AI and Machine Learning systems, including adversarial attacks and model evasion techniques.
history_edu
Hardware Hacking
Exploit physical hardware interfaces like UART and JTAG, focusing on firmware extraction and modification.
Books
Read more to become a better hacker
Bug Bounty PlayBook
It all starts with the recon & fingerprinting phase. I go over everything like how I pick the best programs to hunt on, how I take notes, how I find targets, and more.
This version is all about the exploitation phase. I show you exactly how I go about exploiting fortune 500 companies, start ups, and everything else inbetween.
I go over in depth the different phases of the cloud hacking life cycle (initial compromise, privilege escalation, lateral movement, discovery, collection, and defense evasion) for AWS and GCP.
I just finished reading Alex Thomas's ( @ghostlulz1337 ) "Bug Bounty Playbook v2" It felt like a natural extension of many of my talks on The Bug Hunter's Methodology! v1 & v2 are great reads. I'll be adding them to TBHM "books to read"
Hussain
@AnonGray19
Not easy finding a book that explains methodologies in depth
I started with web application hacker handbook, then web hacker 001 then BugBounty Playbook and so and so on. If I be honest I found BugBounty Playbook practically helpful
The Bug Bounty Playbook v1 is a great book to use as a reference while doing recon. It’s super practical with loads of helpful tips + goes through many workflows.
Nikhil
@Ox4d5a
My friend wrote a great book on methodology on how he hunts the bugs and also explaining owasp top10, api testing, Cache poisoning, SSTI, XXE, CSP bypass techniques in depth
B Rod
@brod_lv
Thank you! I’ve had my eye on your cloud hacking book for awhile now.
fingerprint
Bug Bounty Playbook 3 Automation
I have years of experience building offensive security tools for enterprise clients at the company I founded(Red Sentry). I will teach you exactly how I built the platform that allows us to scan millions of assets a day for exploits and vulnerabilities.
I started a penetration testing company in 2020. If you are good at internals, web applications, externals, cloud, hardware, source code reviews or any other type of engagement let me know.