0:00 – Introductions/Welcomes
5:47 – whoami
7:25 – Course learning objectives
11:30 – Important TCM resources
14:03 – Web app resources
26:15 – Five stages of ethical hacking
30:30 – Reconnaissance overview
34:30 – Identifying target to enumerate
36:15 – Using sublist3r to identify subdomains
40:50 – Using crt.sh to identify subdomains
44:45 – Setting up proxy for Burp Suite
46:50 – Enumerating with Burp Suite
1:05:00 – Credential stuffing/password spraying theory/tools
1:13:50 – Using Nikto as a vulnerability scanner
1:16:10 – Enumerating cipher strength
1:18:07 – Using nmap for fingerprinting
1:19:55 – Actively scanning with Burp Suite Pro
1:28:30 – Reviewing Juice Shop
1:31:43 – AMA begins

Resource List

Juice Shop:
https://github.com/bkimminich/juice-shop#setup
https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/

OWASP Testing Guides:
https://www.owasp.org/images/1/19/OTGv4.pdf
https://github.com/tanprathan/OWASP-Testing-Checklist

Bug Bounties:
https://bugcrowd.com/
https://hackerone.com/
https://www.synack.com/red-team/
https://www.guru99.com/bug-bounty-programs.html

Education:
https://www.elearnsecurity.com/course/web_application_penetration_testing/
https://portswigger.net/web-security
https://www.giac.org/certification/web-application-penetration-tester-gwapt

❓Info❓
___________________________________________
Hire me: https://tcm-sec.com
Course info: https://www.thecybermentor.com/zero-t…
Contact (professional inquiries only, please): [email protected]

📱Social Media📱
___________________________________________
Website: https://thecybermentor.com
Twitter: https://twitter.com/thecybermentor
Twitch: https://www.twitch.tv/thecybermentor
Discord: https://discord.gg/REfpPJB
LinkedIn: https://www.linkedin.com/in/heathadams

💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
https://www.patreon.com/thecybermentor
Support the stream (one-time): https://streamlabs.com/thecybermentor