|
(W00) Course Instructions |
|
00:00:00 |
|
(W36M00) Pre-Course Materials |
|
00:00:00 |
Module 1 |
|
(W36M01) Lab Environment Configuration |
|
00:00:00 |
|
(W36M02) Burp CA Certificate for SSL, TLS |
|
00:00:00 |
|
(W36M03) Invisible proxying for non-proxy aware clients |
|
00:00:00 |
|
(W36M04) Intercepting mobile device traffic with Burp Suite - iPhone |
|
00:00:00 |
|
(W36M05) Spider the target, site in scope, Interceptor |
|
00:00:00 |
|
(W36M06) Host Header re-writing |
|
00:00:00 |
|
(W36A01) M1 Exercise 1 - Explore and make configuration for a pentest engagement |
30, 00:00 |
|
(W36A02) M1 Exercise 2 - Configure and use non-proxy aware clients |
30, 00:00 |
|
(W36A03) M1 Exercise 3 - Automate and filter spider, target site map |
30, 00:00 |
|
(W36A04) M1 Exercise 4 - Rewrite host header |
30, 00:00 |
Module 2 |
|
(W36M11) Repeater Module |
|
00:00:00 |
|
(W36M12) Privilege Esclation using Repeater |
|
00:00:00 |
|
(W36M13) Unrestricted file upload - using Repeater |
|
00:00:00 |
|
(W36M14) Advanced Intruder with multiple attack types |
|
00:00:00 |
|
(W36M15) Data extraction and response header manipulation |
|
00:00:00 |
|
(W36M16) Payload types and Insecure direct object reference attack |
|
00:00:00 |
|
(W36M17) Burp macros, session handling rules with Repeater |
|
00:00:00 |
|
(W36A05) Module 2 Exercise 1 - Use Intruder module |
30, 00:00 |
|
(W36A06) Module 2 Exercise 2 - Use payloads positioning |
30, 00:00 |
|
(W36A07) Module 2 Exercise 3 - Manipulate response headers |
30, 00:00 |
|
(W36A08) Module 2 Exercise 4 - Configure macros for session recovery |
30, 00:00 |
Module 3 |
|
(W36M22) Scanner Issue definition - Burp Methodologies & Scanning |
|
00:00:00 |
|
(W36M22) Content discovery of invisible functionalities |
|
00:00:00 |
|
(W36M23) Burp Extender - Burp APIs to make your own extensions |
|
00:00:00 |
|
(W36M24) Bypass WAF and CO2 attack Extensions |
|
00:00:00 |
|
(W36M25) Download: generated report for reference |
|
00:00:00 |
|
(W36A09) Module 3 Exercise 1 - Explore the Burp Suite Professional |
30, 00:00 |
|
(W36A10) Module 3 Exercise 2 - Discover the content for hidden functionalities – Burp Suite Pro Users |
30, 00:00 |
|
(W36A11) Module 3 Exercise 3 - Use the various extensions from BApp store |
30, 00:00 |
Module 4 |
|
(W36M29) Self-submitting scripts and CSRF PoC generator |
|
00:00:00 |
|
(W36M30) Statistical analysis of session tokens using sequencer |
|
00:00:00 |
|
(W36M31) Burp Collaborator |
|
00:00:00 |
|
(W36M32) Burp Infiltrator attacks |
|
00:00:00 |
|
(W36M33) Clickjacking with Clickbandit |
|
00:00:00 |
|
(W36M34) Comparer and Decoder |
|
00:00:00 |
|
(W36A12) Module 4 Module 4 Exercise 1 - Live capture of session tokens and analysis - All users |
30, 00:00 |
|
(W36A13) Module 4 Exercise 2: Attacking with Burp Collaborator – Burp Professional users |
30, 00:00 |
|
(W36A14) Module 4 Exercise 3: Attacking with Infiltrator – Burp Professional users |
30, 00:00 |
|
(W36A15) Module 4 Exercise 4 - Find at least two examples of clickjacking in simulating lab - All users |
30, 00:00 |
Final test |
|
(W36Q01) Final Exam |
|
00:20:00 |