COURSE INFO: I am thrilled to introduce you to The Bug Hunter's Methodology LIVE,

my masterclass designed for aspiring and seasoned offensive security professionals, including
web application security testers, red teamers, and bug bounty hunters.
The Bug Hunter's Methodology (ICC's TBHM) is a two-month, paid, virtual training that aims to
equip you with the latest tools, techniques, and strategies, plus provide a data-driven
methodology on how and where to search for vulnerabilities that are currently common in the
wild.
Unlike other courses, ICC's TBHM Live is not an A-Z or beginner-oriented course. True to the
spirit of my public TBHM talks, my emphasis is on expert tips, time-saving tricks, practical Q&As,
automation strategies, vetted resources, and engagement via the dedicated community on
Discord.
Here are the details for the upcoming masterclasses:
Each module will be driven live, using real-time targets where possible. You'll have access to all
source material to refer back to after the training. Plus, a video recording of the class will be
available for all participants shortly after the course concludes. TBHM Live is also much more
than just a course. I am dedicated to fostering a vibrant and supportive community for our
learners. In keeping with this commitment, I will maintain a Discord channel for ongoing support,
including resume guidance and job placement assistance.
Join us for TBHM Live and get ready to supercharge your skills, refine your strategies, and join an
active community of like-minded professionals.

I look forward to seeing you in the class!

SYLLABUS
Section1
 Concepts of Bug Bounty
 Introduction to Bug Bounty

Module 1:
 Web Application Concepts
o Web Application Architecture and Technologies
o Web Application Firewall
o HTTP Basic

2
 o Severity Levels for security Issues – CVSS v3 Rating
 Why Penetration Testing is Required?
 Types of Security Testing
o Black Box Testing
o White Box Testing
o Grey Box Testing
 Web Application Penetration Technology Methodology
o OWASP (Open Web Application Security Project)
o OSSTMM (Open-Source Security Testing Methodology Manual)
o NIST (National Institute of Standards and Technology)
o ISSAF (Information System Security Assessment Framework)
o PCI DSS (Payment Card Industry Data Security Standard)
 Homework – Learn about JavaScript and HTML

Section2
 Acquisitions and Domains
 Scope
 Shodan
 ASN Analysis
 Crunchbase ++
 ReconGTP
 Reverse WHOIS
 Certificate Analysis
 Add and Analytics Relationships
 Supply chain investigation and SaaS
 Google-fu (trademark & Priv Pol)
 TLDs Scanning
 0365 Enumeration for Apex Domains

3
Module 2:
 Deploying Kali Linux VM
 Burp Suite Configuration and Setup
 Setting up OWASP Juice Shop
 Demonstration g Web Application Security Tools
o Nikto, Dirb, NetSparker, Nmap, Wireshark, Acunetix and Many More
 Overview of Useful Browser Extensions
o FoxyProxy, Wappalyzer, Edit This Cookie, XSS Rays. Etc.
 Homework - Learn About Kali and Basic Linux Commands
 Homework - Learn About Above Mentioned Tools

Section3
 Subdomain Enumeration
 Subdomain Scraping (best sources and how to use them)
 Security Trails + Netlas
 Brute force
 Wildcards
 Permutation Scanning
 Linked Discovery
 Wordlists
 Advantageous Subs (WAF bypass - Origins)
 Favicon analysis
 Sub subdomains
 Esoteric techniques
 Dnssec / nsec / nsec3 walking

Module 3:
 Using Component of Outdated Version/ Banner Disclosure
 Clickjacking

Section4

4
  Server & App Level Analysis
 Port Scanning
 Service Brute force
 Tech Stack
 Screenshotting

Section5
 Profiling People for Social Engineering
 LinkedIn (people, tech)
 Hunter.io
 Hiring Sites

Section6
 Adjacent Vulnerability Analysis
 CVE scanners vs Dynamic Analysis
 Subtakover
 S3 buckets
 Quick Hits (swagger, git, configs, panel analysis)

Section7
 Frameworks and Helpers
 Frameworks
 Understanding your framework
 Tips for success (keys)
 Distribution and Stealth

Module 4
 Directory Traversal
 Application Accepts Arbitrary Methods
 Cleartext transmission of session token/ Sensitive Token in URL

5
  Internal IP Disclosure
 Brocken Link Hijacking
 Homework – Setup OWASP Web Goat and Complete the First Three Lessons

Section8
Application Analysis Part 1:

 Analysis Concepts
 Indented usage (not holistic, contextual)
 Analysis Layers
 Application Layers as related to success.
 Tech profiling
 The Big Questions
 Change Monitoring

Section9
Application Analysis Part 2:

 Vulnerability Automation
 More on CVE and Dynamic Scanners
 Dependencies
 Early running so you can focus on the manual.
 Secrets of automation kings

Section10
Application Analysis Part 3:

 Content Discovery
 Intro to CD (walking, brute/fuzz, historical, JS, spider, mobile, params)
 Importance of walking the app
 Brute force Tooling
 Brute force Tooling Lists: based on tech

6
  Brute force Tooling Lists: make your own (from-install, docker hub, trials, from word
analysis)
 Brute force Tooling Lists: generic/big
 Brute force Tooling Lists: quick configs
 Brute force Tooling Lists: API
 Brute force Tooling Tips: Recursion
 Brute force Tooling Tips: sub as a path
 Brute force Tooling Tips: 403 bypass
 Historical Content Discovery
 New school JavaScript Analysis
 Spidering
 Mobile Content Discovery
 Parameter Content Discovery

Section11
Application Analysis Part 4:

 The Big Questions

 How does the app pass data?
 How/where does the app talk about users?
 Does the site have multi-tenancy or user levels?
 Does the site have a unique threat model?
 Abuse Primitives
 Has there been past security research & vulns?
 How does the app handle common vuln classes?
 Where does the app store data?

Section12
Application Analysis Part 5:

 Application Heat Mapping

 Common Issue Place: Upload functions
 Common Issue Place: Content type multipart-form

7
  Common Issue Place: Content type XML / JSON
 Common Issue Place: Account section and integrations
 Common Issue Place: Errors
 Common Issue Place: Paths/URLs passed in parameters
 Common Issues Place: chatbots

Section13
Application Analysis Part 6:

 Web Fuzzing & Analyzing Fuzzing Results

 Parameters and Paths (generic fuzzing)
 Reducing Similar URLs
 Dynamic-only fuzzing
 Fuzzing resources SSWLR - "Sensitive Secrets Were Leaked Recently”
 Backslash-powered Scanner

Section14
Application Analysis Part 7:

 Introduction to Vulnerability Types

 Indented usage (not holistic. Tips and Contextual)
 Covered vulns and why

Section15
Application Analysis Part 8:

 XSS Tips and Tricks

 Stored and Reflected
 Polyglots
 Blind
 DOM

8
  Common Parameters
 Automation and Tools

Section16
Application Analysis Part 9:

 IDOR Tips and Tricks

 IDOR, Access, Authorization, MLAC, Direct browsing Business logic, parameter
manipulation
 Numeric IDOR
 Identifying user tokens GUID IDOR
 Common Parameters

Section17
Application Analysis Part 10:

 SSRF Tips and Tricks

 SSRF intro
 schemas
 Alternate IP encoding
 Common Parameters

Section18
Application Analysis Part 11:

 XXE
 Common areas of exploitation
 Payloads
 Common Parameters
 Application Analysis Part 12: File Upload Vulnerabilities Tips and Tricks
 Common bypasses
 Common Parameters

9
Section19
Application Analysis Part 11:

 XXE
 Common areas of exploitation
 Payloads
 Common Parameters
 Application Analysis Part 12: File Upload Vulnerabilities Tips and Tricks
 Common bypasses
 Common Parameters

Section20
Application Analysis Part 12:

 SQL Injection Tips and Tricks

 Manual Identification
 SQL map tamper
 Common Parameters

Section21
Application Analysis Part 13:

 SQL Injection Tips and Tricks

 Manual Identification
 SQL map tamper
 Common Parameters

Section22
Application Analysis Part 14:

10
  Command Injection Tips and Tricks
 Common Parameters
 Application Analysis Part 15: COTS and Framework Scanning
 Default Creds
 CMS's WordPress + Adobe Experience Manager
 Others

Section23
 COTS and Framework Scanning
 Default Creds
 CMS's WordPress + Adobe Experience Manager
 Others

Section24
Application Analysis Part 16:

 Bypass of security controls

 Subdomains where controls are not applied
 Origins
 TLDs (.jp, .uk, .xx)
 Red Team Analysis

Section25
Application Analysis Part 17:

 Bypass 2 Factor authentication (OTP BYPASS)

Module 5:
 Medium Level Vulnerabilities
 Open URL Redirection
 Content Spoofing

11
  Two Factor Authentication Method Bypass
 Session Fixation and No-Account Lockout
 Host Header Injection
 OTP Bypass
 Insecure CORS Configuration
 Weak Encryption Vulnerability
 Local File Inclusion
 Session Hijacking
 HTTP Response Manipulation
 Server-Side Template Injection (SSTI)
 Parameter Pollution
 Homework - Complete Sections A6, A9 and A10 From Web Goat
 Write A Report Including a Case Study for Each Vulnerability

Module 6- High-Level Vulnerabilities

 OAuth Misconfiguration
 Weak Password Reset Implementation
 Server-Side Request Forgery
 Cross-Site Request Forgery
 No Rate Limit Vulnerability
 Reflected XSS
 File Upload Vulnerabilities
 Subdomain Takeover
 Critical File Found
 Data Tampering
 CAPTCHA Not Implemented Properly/CAPTCHA Bypass
 Dangerous Http Method Enabled
 Hardcoded Passwords
 Homework - Complete Sections A3, A5 and A8 From Web Goat
 Write A Short Case Study for Each Vulnerability

12
Module 7-Critical Level Vulnerabilities
 Login Using Default Credentials
 Remote Code Execution (RCE)
 SQL Injection
 Authentication Bypass

Red Teaming Analysis Part 1:

 Initial Access Primer
 Phishing Tips and Tricks
 Threat Intel + Levels
 Credential Stuffing
 Open discussion of C2
 SaaS
 Cloud

Red Teaming Analysis Part 2:

 Post Initial Access

 Open Discussion of common internal methods to succeed

--------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------

Attendees should have:

 Burp Suite (PRO preferably), VM or equivalent access to *nix command

line. We will provide you with a professional version with lifetime access
for free.
 Pre-requisites for attendees: Have a spirit for learning Rest everything can
be learnt.

13
  A full list of tools needed will be posted in the class WhatsApp before class.

**Students who have previously taken the course**

Having had the privilege to lead the course numerous times, it becomes evident
that each session cultivates unique student queries, responses, and input. This
diversity presents a wonderful opportunity for thought-provoking discussions on
various tools, techniques, and invaluable teachings. Every time the class is
conducted, there's a fresh lesson to be learned. For former participants who
have previously purchased this course, I extend an invitation to join any future
batch at a cost of Rs 2000 or $65 USD. Please feel free to reach out to me on the
class discord channel to further discuss this opportunity.

THANK YOU!!

14