TMG Security

TMG English Courses

Red Teaming Bundle (All-in-One)

Wishlist Share
Share Course
Page Link
Share On Social Media

About Course

We provide all our cybersecurity courses in the Red Teaming Bundle. Here’s what you’ll get:

Web Application Penetration Testing

Description

This course introduces students to the WAPT concepts associated with Web application pentesting. We encourage you to take this course if you are a complete beginner in API bug bounty world. This course uses a custom-developed vulnerable web application pentesting to demonstrate how, web vulnerabilities can be identified and exploited. This course teaches you how to identify a variety of web vulnerabilities lies in the Server-side, Client-side.

Course Content

  • Roadmap & Report Writing
  • Burp suit Advance Techniques
  • Practical Recon Techniques
  • Practical Recon techniques (Manual + Automation)
  • Subdomain Finding.
  • Rate Limit Bypass.
  • Authentication bypass
  • CSRF
  • Third party password token Leakage
  • File Upload Bugs
  • Parameter Tampering
  • Sensitive Token in URL
  • OS (Command) Injection
  • DMARC and SPF
  • Clickjacking
  • Broken Authentication
  • CORS
  • WordPress pentesting
  • Key Exploits
  • Jira Misconfiguration
  • Email, Password or delete Account Validation
  • Information Disclosure
  • Long password Dos attack
  • Web Cache Deception Attack
  • URL Redirection
  • Host header Attacks
  • LFI & RFI
  • IDOR
  • SSRF
  • XSS (Blind, Stored, Reflected)
  • HTML Injection
  • Subdomain Takeover
  • CVES +Types of exploits
  • 2Fa Bypass
  • Exif Metadata
  • Business Logic Errors
  • Google Dorks

 

API Penetration Testing

Requirements

The course starts from basics, however it is good to have basic knowledge of web applications pentesting.

Description

This course introduces students to the security concepts associated with APIs pentesting. In this courses we encourage you to take this course if you are a beginner in API pentesting security world. This course uses a custom developed vulnerable APIs pentesting to demonstrate how , API vulnerabilities can be identified and exploited. This course teaches you how to identify a variety of  API vulnerabilities such as SQL Injection, XXE, Sensitive data in GET, Leaky APIs etc.

OWASP API PENTESTING

  • Bola (broken object level authentication)
  • Injection attack
  • Improper assets management
  • Security misconfiguration
  • Mass assignment
  • Broken function level authorization
  • Excessive data exposure
  • Broken user authentication
  • API rate limiting

API-PENTESTING using postman tool

  • Introduction $ installation
  • Postman authentication
  • Postman navigation
  • OAUTH 2.0 authentication in postman

API PROJECT TESTING

  • Access admin api/ access admin panel
  • Brute-force apis to find new endpoints
  • Make an account / loging to account
  • Restore / delete everything
  • Edit someone’s grade
  • Transport layer security
  • Blind xss in the admin control panel
  • User enumeration
  • Information exposure via server headers
  • Authentication bypass
  • Input validation attacks
  • Sql injection
  • Error handling
  • Encryption
  • Ssrf
  • Bola
  • Command injection

 

Android Pentesting TRAINING

Requirements:

  • The course starts from basics, however, it is good to have basic knowledge of web applications & API pen-testing.

Topics:

  • Introduction to Android Architecture
  • Concept of Android Terminologies
  • Android Signing Process
  • Android Pentesting Setup
  • Static Analysis
  • Dynamic Analysis
  • SSL Pinning Bypass
  • OWASP Mobile TOP 10
    Android Pentesting Setup

Introduction to Android Pentesting:

  • Pentesting Process / Stages
  • How android Pentesting works

Introduction to Android Architecture

  • Android Security Architecture
  • Role of Services, Activities, Permissions, etc…
  • Application Security and Signing Process

Android Pentesting Setup

We will see How you can set up an Android Pentesting Lab with so many tools and their alternatives

Android Static Analysis

  • Pull APK From Play Store
  • How to find Hardcoded Strings
  • How to find sensitive information (API-Keys, Credentials etc..)
  • How to enumerate Firebase Databases
  • Android Backup Exploit
  • Task Hijacking
  • How to Exploit Activities, Services, Providers & Broadcast Receivers.
  • Insecure Platform Usage
  • Insecure Data Storage
  • Improper Transport Usage (Logcat)
  • Automated Static Analysis MobSF

Android Dynamic Analysis

  • What is SSL Pinning
  • How to Bypass SSL Pinning Through various ways
  • Dynamic Analysis using MobSF
  • Introduction to Burp Suite / Installation
  • Introduction about Frida / Objection
  • Vulnerability Testing

Android Bug Bounty Hunting

  • Live Android App Hunting

 

ADVANCED BUG BOUNTY HUNTING V1.0

Description

This course introduces students to the Advance Bug bounty concepts associated with Web application pentesting. We encourage you to take this course if you are a complete beginner in Advance Web bug bounty world. This course uses a custom-developed vulnerable web application pentesting to demonstrate how, web vulnerabilities can be identified and exploited. This course teaches you how to identify a variety of Advance web vulnerabilities lies in the Server-side, Client-side.

Course Content

  • Testing Chrome extensions (Manual and automatic approach)
    Static Testing
    Dynamic Testing
  • Deep Down with JWT(Json Web Tokens)
  • Testing Oauth Misconfigurations (Account Takeovers and more…)
  • CORS bypasses
  • CSRF bypasses
  • Stored/Reflected Cross Site Scripting (Account Takeovers and other impacts)
    Generic
    Bypasses
    Sandbox
    Link Embed
  • Indirect Object References (Generic approach)
  • Sensitive Data exposure
  • Source code (Js analysis)
    Shodan
    GitHub
    Other third parties resources
  • Webhooks/apis
  • LocalStorage
  • Enhancing Power of recon
  • Some Client Side bypasses
  • Advanced Business logic
  • Different type of Race Conditions
  • File uploads
  • Some high CVEs vulnerability(Grafana(LFI),WordPress(XSS))
  • Chaining vulnerabilities
  • IDOR and cross site scripting
  • Cross site scripting (with very low impact ) and oauth misconfiguration to account takeover
  • Low Impact HTML injection to increasing more impact
  • Cross Site Scripting with HTTP only cookie set to true(Methods to find bypasses)
  • Cross Site Scripting in sandbox environment
  • Link embed to Stored Cross Site Scripting stealing user user sessions
  • Cross Site Scripting to Account Takeover with LocalStorage
  • Shodan backup found api key and then full org takeover
  • Some interesting findings with wayback URLs (CVE bases cross site scripting, IDOR chaining to massive user enumeration, support/client/third parties leaks)
  • Master OTP to Massive Account Takeovers

 

Note: Mostly all the mentioned content will be taught live and with poc findings recording.

Benefits :

  • Get ISO Certified Certification
  • Get WAPT ( ID CARD )
  • Live Targets to hunt

                      

(Sample)

Point To Be Noted :

It takes minimum 3 months to get hard copy of ID CARD

Show More

Course Content

WAPT (Web Application Penetration Testing)
Access WAPT Materials

  • Access Resources
    00:00
  • Join WAPT Community
    00:00

API Penetration Testing
Access API Penetration Testing Materials

Android Penetration Testing
Access Android Penetration Testing Materials

Advance Bug Bounty Hunting v1.0
Access Advance Bug Bounty Hunting v1.0 Materials

Scroll to Top