{
"name": "CyberBruhArmy",
"occupation": "Cyber Security Architecture",
"likes": ["Pentest", "Bug Bounty,Cloud Security, Endpoint Security,Network Security"],
}
Our Courses
Web App Penetration Testing & Bug Bounty Hunting
Mastering PKI, Encryption, and Security Protocols
Portfolio
Web App Penetration Testing & Bug Bounty Hunting
Penetration Testing & Bug Bounty Hunting
1 - How To Setup A Virtual Penetration Testing Lab
2 - Listening for HTTP traffic, using Burp
3 - Getting to Know the Burp Suite of Tools, Know the Burp Suite
4 - Assessing Authentication Schemes
5 - Assessing Authorization Checks
6 - Assessing Session Management Mechanisms
7 - Assessing Business Logic
This course is for Absolute Beginners to Expert levels. A variety of applications with known Web Security vulnerabilities and Web App Penetration Testing.
Testing for browser cache weaknesses - Assessing Authentication Schemes
Testing for account enumeration and guessable accounts -Assessing Authentication Schemes.
Testing for weak lock-out mechanisms -Assessing Authentication Schemes
Account provisioning process via REST API - Assessing Authentication Schemes
Testing for directory traversal - Directory traversal
Assessing Authorization Checks - Local File Include
Assessing Authorization Checks - Remote File Inclusion
Assessing Authorization Checks - Privilege escalation
Assessing Authorization Checks - Insecure Direct Object Reference
Testing session token strength using Sequencer - Assessing Session Management Mechanisms
Testing for cookie attributes - Assessing Session Management Mechanisms
Testing for exposed session variables - Assessing Session Management Mechanisms
Testing for Cross-Site Request Forgery - Assessing Session Management Mechanisms
Above mentioned points will cover in this course which is help you to find Web Security Vulnerabilities and Web App Penetration testing.
Mastering PKI, Encryption, and Security Protocols
Unlock the mysteries of cybersecurity with our comprehensive course on Public Key Infrastructure (PKI) and encryption. This course is designed for anyone looking to deepen their understanding of the essential components that secure our digital world.
What You'll Learn:
1. Public Key Infrastructure (PKI): Discover the framework that enables secure, encrypted communication and data exchange across networks.
2. Encryption Fundamentals: Understand what encryption is and explore different types, including symmetric and asymmetric encryption.
3. Encryption vs. Hashing: Learn the differences between these two critical security techniques and their respective use cases.
4. TCP 3-Way Handshake: Gain insight into the foundational process that establishes reliable communication between devices over a network.
5. SSL Handshake Explained: Delve into the steps involved in establishing a secure connection using the SSL protocol.
6. SSL Chain of Trust: Understand how SSL certificates create a chain of trust, ensuring secure data exchange on the web.
7. SSL Certificate Chain Validation: Learn the process of validating an SSL certificate chain to guarantee authenticity and trustworthiness.
8. IPSec Overview: Explore the workings of Internet Protocol Security (IPSec) and its role in securing internet communications.
9. Hardware Security Modules (HSM): Get to know HSMs, their types, and how they safeguard cryptographic keys and sensitive information.
10. HSM and Card/User Validation: Understand how HSM devices validate cards and users, ensuring secure transactions.
11. HSM's Role in CVV Generation: Learn about the critical function of HSMs in generating Card Verification Values (CVVs) for credit card transactions.
Join us on this journey to master the intricacies of network security, encryption, and the technologies that protect our digital interactions. Whether you're an IT professional, a cybersecurity enthusiast, or someone looking to enhance your skills, this course is tailored to equip you with the knowledge you need to excel in the field of cybersecurity.
VPN: IPsec [From Zero to Advanced] & Proxy
This course provides a deep dive into the world of IPSec VPNs and Proxy, covering everything from basic concepts to advanced troubleshooting techniques. Participants will gain a thorough understanding of IPSec, Virtual Private Networks (VPN) & Proxy, and their various types. The course delves into the inner workings of IPSec, exploring its protocols, modes, and frameworks.
Topics Covered:
Understanding VPNs:
Definition of VPN
Types of VPNs
Introduction to IPSec:
What is IPSec?
How IPSec Works
Benefits of IPSec
IPSec Modes:
Tunnel Mode
Transport Mode
IPSec Framework:
Protocols involved in IPSec
IKEv1 & IKEv2:
Wireshark Capture and PCAP file analysis
Authentication Header (AH)
Encapsulating Security Payload (ESP)
Internet Key Exchange (IKE)
IPSec Best Practices:
Recommended practices for implementing IPSec
Policy-Based VPN vs. Route-Based VPN:
Understanding the differences between these two VPN types
Troubleshooting IPSec-VPN Issues:
Identification and resolution of common problems
IPSec VPN Troubleshooting Decision Diagram:
A structured approach to diagnosing IPSec VPN issues
tcpdump for IPSec VPN Troubleshooting:
Practical guidance on using tcpdump for troubleshooting IPSec VPNs
Interview Preparation:
Most asked Interview Questions and Answers related to IPSec VPNs
Understanding Proxy, Forward Proxy, and Reverse Proxy
By the end of this course, participants will be equipped with the knowledge and skills needed to confidently implement, manage, and troubleshoot IPSec VPNs in real-world scenarios.
VPN: IPsec [From Zero to Advanced] & Proxy
Palo Alto and Panorama - Hardening the Configuration
Palo Alto and Panorama - Hardening the Configuration
As per Hardening Network Devices National Security Agency Cybersecurity Information, below points are covers in this Course.
The possibility of unwanted access to a network's infrastructure is decreased by hardening network equipment. A malicious cyber actor might take advantage of flaws in device management and configurations to establish presence and maintain persistence within a network. Adversaries are increasingly focusing on targeting specialized and embedded devices, such as routers and switches, rather than only standard endpoints. They achieve this by managing routing protocols, exploiting configuration flaws, and introducing malware into the operating systems.
In the cybersecurity world, that means making that device more secure and resilient to attacks. By hardening a device, you are making it more difficult to break into for hackers.
Minimizing attack surface, or surface of vulnerability, and potential attack vectors
Hardening the Firewall Configuration
Hardening the Network devices Firewalls, Routers and Switches etc
The possibility of unwanted access to a network's infrastructure is decreased by hardening network equipment.
Management interface is kept secure, and access is limited to only those administrators that need access.
Accessing internet resources from offline management
Admin accounts also need to be set so they only have access to the sections of the configuration they need to access and use external authentication.
Password security
Keep Content and Software Updates Current Patch vulnerability
Set up notifications for system and configuration log messages
Monitor system and configuration logs
Practical Firewall Penetration Testing
Firewall penetration testing is the process of locating, investigating and penetrating a certain firewall in order to reach the internal trusted network of a certain system.
Mostly considered to be a key part in external network penetration testing, firewall In this video we discussed the below points.
Locating The Firewall
Conducting Traceroute
Port Scanning
Banner Grabbing
Firewall Enumeration Testing
The Firewall Policy
Firewalking
How to identify Firewall Specific Vulnerabilities
Firewall Penetration Test Process/Checklist
Below Tools used during:
NMAP
HPING3
Firewalk
Network audit tool
Tracert
Traceroute
This course also covered the Best Deployment practices Hardening Network Devices used in the industry and some real-world scenarios including the Tips and Tricks. You will definitely learn a lot in this course and will surely find this valuable.
Ransomware Attack & Prevention: Everything You Need To Know
Ransomware Attack & Prevention: Everything You Need To Know
Ransomware is a type of malicious software that encrypts files and then demands a fee to decrypt them. This sort of malware has existed since 2004 and has grown in popularity as cryptocurrencies have made it simpler to gather anonymous and untraceable payments. This has resulted in millions, if not billions, of Euros being extorted from unsuspecting users and corporations.
This course is recommended for IT administrators who are interested in cyber security.
It can assist IT admin in obtaining numerous career responsibilities such as security analyst, security engineer, and members of the incident handling team, among others.
IT administrators will learn how to cope with ransomware and how to prevent it. They will be aware of the recovery solutions available to them, giving them the confidence they need to deal with ransomware.
In recent years, ransomware has been the talk of the town, posing serious problems for both small and large businesses. As a result, it is critical to comprehend all aspects of ransomware from both a business and an individual's perspective. It is necessary to understand how ransomware works and how to defend our organization from it.
What is Ransomware?
How does ransomware get into your network? Ransomware Entry Points
Ransomware Countermeasures and Preparing Your Incident Response
Ransomware Incident Response Detection and Containment
Ransomware detection and recovering your files - OneDrive
Malware Analysis Tools
Steps to Help Prevent & Limit the Impact of Ransomware
Free Ransomware Decryption Tools
Total tracked ransomware payments
Comprehensive Guide to AWS WAF - Protecting Web Applications
Comprehensive Guide to AWS WAF - Protecting Web Applications
The "Comprehensive Guide to AWS WAF" is course designed to provide participants with a thorough understanding of AWS Web Application Firewall (WAF) and its role in safeguarding web applications from cyber threats. With a focus on hands-on learning and real-world examples, this course covers the essential concepts, best practices, and advanced configurations related to AWS WAF.
Throughout the course, participants will be introduced to the basics of AWS WAF, including its key features and benefits, while gaining insights into common web application security threats and attack vectors. They will learn to create and customize WAF Web ACLs, rules, conditions, and filters, and explore the intricacies of rule actions and priority settings.
The course delves into advanced WAF configurations, such as rate-based and IP-based rules, geolocation filtering, and protection against Cross-site Scripting (XSS) and SQL injection attacks. Moreover, participants will discover how to integrate AWS WAF with other AWS services, such as Amazon CloudFront, Application Load Balancer (ALB), and AWS Firewall Manager.
With a strong emphasis on security automation, the course equips participants with the skills to automate WAF management using AWS API, CLI, and AWS CloudFormation. They will also learn to monitor WAF logs and metrics effectively and optimize WAF performance and costs.
By the end of the course, participants will possess the knowledge and proficiency needed to implement robust security measures using AWS WAF. Whether protecting static websites or dynamic web applications, mitigating DDoS attacks, or ensuring cost-efficient and scalable WAF architecture, attendees will be equipped to secure their web applications against a wide array of cyber threats in real-world scenarios. Prerequisites include a basic understanding of AWS services and web application security fundamentals
Web App Penetration Testing
This course is for Absolute Beginners to Expert levels and Freshers out of College who want to start career with Web Security.
This course is for Absolute Beginners to Expert levels. A variety of applications with known Web Security vulnerabilities and Web App Penetration Testing.
Setting up a web app pentesting lab
Burp Suite
Testing for account enumeration and guessable accounts
Weak lock-out mechanisms
Testing for bypassing authentication schemes
Browser cache weaknesses
Testing the account provisioning process via REST API
Testing for directory traversal
Local File Include (LFI)
Remote File Include (RFI)
Testing for privilege escalation
IDOR
Testing session token strength using Sequencer
Testing for cookie attributes
Testing for session fixation
Exposed session variables
Cross-Site Request Forgery
Testing business logic data validation
Unrestricted file upload – bypassing weak validation
Performing process-timing attacks
Testing for the circumvention of workflows
Uploading malicious files – polyglots
Reflected cross-site scripting
Stored cross-site scripting
Testing for HTTP verb tampering
HTTP Parameter Pollution
Testing for SQL injection
Command injection
Web App Penetration Testing - Home LAB.
1 - How To Setup A Virtual Penetration Testing Lab
2 - Listening for HTTP traffic, using Burp
3 - Getting to Know the Burp Suite of Tools, Know the Burp Suite
4 - Assessing Authentication Schemes
5 - Assessing Authorization Checks
6 - Assessing Session Management Mechanisms
7 - Assessing Business Logic
8 - Evaluating Input Validation Checks
Above mentioned points will cover in this course which is help you to find Web Security Vulnerabilities and Web App Penetration testing
Web App Penetration Testing
About Us
We are passionate and versatile Cyber Security engineers with proficiency in a diverse range of Cyber Security.
Portfolio
Wanna talk?
Contact me with any questions or just to say a few nice words ... or mean ones. Up to you .... free will and all
© 2025 CyberBruhArmy