Web App Testing: Episode 1 - Enumeration

The TCM Security Academy Black Friday Cyber Monday deals are HERE! Enjoy 20% off certifications and live trainings, and 50% off your first payment to the Academy.

Save on certs and live trainings - like our upcoming SOC Live Training and Hacking and Defending AD Live!: https://www.tcm.rocks/acad-certs-y
Save on the Academy: https://www.tcm.rocks/acad-bfcm-y
Save even more when you purchase our bundles - the Professional Penetration Tester Bundle and the Ultimate Hacking and Defending Training Bundle.

The Professional Penetration Tester Bundle disappears December 2, so act fast: https://www.tcm.rocks/pro-pentester-y
The Ultimate Hacking and Defending Training Bundle (which includes a 1-on-1 session with Heath): https://www.tcm.rocks/ultimate-hack-d...
0:00 - Introductions/Welcomes
5:47 - whoami
7:25 - Course learning objectives
11:30 - Important TCM resources
14:03 - Web app resources
26:15 - Five stages of ethical hacking
30:30 - Reconnaissance overview
34:30 - Identifying target to enumerate
36:15 - Using sublist3r to identify subdomains
40:50 - Using crt.sh to identify subdomains
44:45 - Setting up proxy for Burp Suite
46:50 - Enumerating with Burp Suite
1:05:00 - Credential stuffing/password spraying theory/tools
1:13:50 - Using Nikto as a vulnerability scanner
1:16:10 - Enumerating cipher strength
1:18:07 - Using nmap for fingerprinting
1:19:55 - Actively scanning with Burp Suite Pro
1:28:30 - Reviewing Juice Shop
1:31:43 - AMA begins

Resource List

Juice Shop:
https://github.com/bkimminich/juice-s...
https://bkimminich.gitbooks.io/pwning...

OWASP Testing Guides:
https://www.owasp.org/images/1/19/OTG...
https://github.com/tanprathan/OWASP-T...

Bug Bounties:
https://bugcrowd.com/
https://hackerone.com/
https://www.synack.com/red-team/
https://www.guru99.com/bug-bounty-pro...

Education:
https://www.elearnsecurity.com/course...
https://portswigger.net/web-security
https://www.giac.org/certification/we...
https://www.amazon.com/Web-Applicatio...

❓Info❓
___________________________________________
Hire me: https://tcm-sec.com
Course info: https://www.thecybermentor.com/zero-t...
Contact (professional inquiries only, please): info@thecybermentor.com

📱Social Media📱
___________________________________________
Website: https://thecybermentor.com
Twitter:   / thecybermentor  
Twitch:   / thecybermentor  
Discord:   / discord  
LinkedIn:   / heathadams  

💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
  / thecybermentor  
Support the stream (one-time): https://streamlabs.com/thecybermentor