Day 1 |
SSRF,RedTeam |
Day 2 |
SSRF,RedTeam,THM Room |
Day 3 |
SSRF,RedTeam,THM Room |
Day 4 |
Broken Link Hijacking, THM Room |
Day 5 |
Blind XSS,THM Room |
Day 6 |
log4j, THM Room |
Day 7 |
Password Reset link not expire, THM Room |
Day 8 |
DMARC, THM Room |
Day 9 |
CSRF, Linux PrivEsc |
Day 10 |
Clickjacking, Linux PrivEsc |
Day 11 |
Live Bug Hunting, Linux PrivEsc |
Day 12 |
Bug Bounty Wordlist, Linux PrivEsc |
Day 13 |
OWASP Web Application Security Testing, THM Room |
Day 14 |
4.1.2 OWASP Fingerprint Web Server, THM Room |
Day 15 |
4.1.3 OWASP Review Webserver Metafiles for Information Leakage, THM Room |
Day 16 |
4.1.4 Enumerate Applications on Webserver |
Day 17 |
4.1.5 Review Webpage Content for Information Leakage, THM Room |
Day 18 |
4.1.6 Identify Application Entry Points |
Day 19 |
4.1.7 Map Execution Paths Through Application, Github Recon |
Day 20 |
4.1.8 Fingerprint Web Application Framework, Recon Techniques |
Day 21 |
4.1.9,10 Map Application Architecture, THM Room |
Day 22 |
4.2 Configuration and Deployment Management Testing, THM Room |
Day 23 |
4.2.2 Test Application Platform Configuration, THM Room |
Day 24 |
4.2.3 Test File Extensions Handling for Sensitive Information, THM Room |
Day 25 |
4.2.4 Review Old Backup and Unreferenced Files for Sensitive Information, THM Room |
Day 26 |
4.2.5 Enumerate Infrastructure and Application Admin Interfaces, THM Room |
Day 27 |
4.2.6 Test HTTP Methods (with Video), THM Room |
Day 28 |
4.2.7 Test HTTP Strict Transport Security (HSTS), THM Room |
Day 29 |
4.2.8 Test RIA Cross Domain Policy, THM Room |
Day 30 |
4.2.9 Test File Permission, THM Room |
Day 31 |
4.2.10 Test for Subdomain Takeover, THM Room |
Day 32 |
4.2.11 Test Cloud Storage, THM Room, eJPT |
Day 33 |
4.2.12 Test for Content Security Policy, THM Room, eJPT |
Day 34 |
4.3.1 Test Role Definitions, THM Room, eJPT |
Day 35 |
4.3.2 Test User Registration Process |
Day 36 |
4.3.3 Test Account Provisioning Process |
Day 37 |
4.3.4 Testing for Account Enumeration and Guessable User Account |
Day 38 |
4.3.5 Testing for Weak or Unenforced Username Policy, THM Room |
Day 39 |
4.4.1 Testing for Credentials Transported over an Encrypted Channel |
Day 40 |
4.4.2 Testing for Default Credentials |
Day 41 |
CSRF |
Day 42 |
Open Redirect |
Day 43 |
log4j |
Day 44 |
JWT attacks |
Day 45 |
Content Discovery |
Day 46 |
Idor |
Day 47 |
Account takeover |
Day 48 |
RCE on a Java Web Application |
Day 49 |
Dependency Confusion |
Day 50 |
Automate Blind XSS |
Day 51 |
Finding And Exploiting S3 Amazon Buckets For Bug Bounties |
Day 52 |
Web Cache Poisioning attack |
Day 53 |
Unique Case for Price Manipulation |
Day 54 |
Account takeover via the Password Reset Functionality |
Day 55 |
API Token Hijacking Through Clickjacking, THM Room |
Day 56 |
API Exploitation --→ Business Logic Bug |
Day 57 |
Attended Infosec Community Conference on : Android Static Analysis |
Day 58 |
Finding bugs on NFT website for fun & Profit by zseano |
Day 59 |
EXIF Geolocation Data Not Stripped From Uploaded Images |
Day 60 |
Thick Client Pentesting |
Day 61 |
Conduct a Penetration Test Like a Pro in 6 Phases |
Day 62 |
Firewall Penetration Testing |
Day 63 |
Host Discovery & Vulnerability Scanning With Nessus |