Short Course

Attack Surface Discovery using OWASP Amass

Name: Attack Surface Discovery using OWASP Amass
Brand: CodeRed
Rating: 5.0 (27 reviews)

Learn how to identify potentially vulnerable external assets using open-source tools.

5.0

from 27+ reviews

2 Hours of video content

Advanced

Validation of Completion Included

Buy this course now

$99.99

Overview What You Will Learn Curriculum Instructor

Course Overview

Modern organizations often have hundreds to thousands of external assets exposed on the internet. Discovering and mapping these assets is essential. If you are a bug hunter, penetration tester, or red teamer, these assets may be vulnerable, allowing trivial and undetected access to a target’s environment. Likewise, if you are responsible for defending these assets, these assets need to be cataloged, hardened, and configured with alerts.

Asset management and discovery is a difficult problem to solve. Organizations often grow organically through acquisitions or partnerships. In some organizations, developers are given the freedom to deploy assets externally using cloud solutions like AWS. There exist several tools to discover external assets for organizations but Amass is considered the industry-standard tool for asset discovery. In this course, we will cover how to install, configure, and use Amass to identify and discover external assets.

By the end of the course, you will be able to attack or protect an organization’s assets and have the beginnings of an automated scanning pipeline created.

What You Will Learn

Learn how to install, configure, and use Amass effectively
Learn how to identify organizational assets through passive methods
Get insight on how to identify organizational assets through active methods
Create scripts for Amass using its scripting engine
Learn how to use Amass in a scanning pipeline

Program Curriculum

Course Welcome and Introduction
A Quick Primer on DNS
How Amass Works Under the Hood
Active vs. Passive and OAM Tools
$7 Million Cybersecurity Scholarship by EC-Council
Chapter 1 Quiz

Installing via Docker
Installing via a Package Manager
Installing from Source
Configuring API Keys
Chapter 2 Quiz

Performing Horizontal Discovery
Active vs. Passive Considerations
The Intel Command in Action
Chapter 3 Quiz

Performing Vertical Discovery
The Enum Command in Action
Chapter 4 Quiz

Purpose of the Graph Database
Interacting with and Configuring Databases
Using OAM Tools to Track and Visualize Data
Chapter 5 Quiz

Overview of Amass Scripting
Creating an Amass Script
What is a Scanning Pipeline?
Creating a Scanning Pipeline using Amass
Chapter 6 Quiz

Active Directory Process
Conducting Active Discovery
Chapter 7 Quiz

Key Takeaways from the Course

Load more modules

Instructor

Nathan Tucker

Nathan Tucker is a Staff Security Engineer at Praetorian. He has worked in offensive security as a consultant for multiple years and has conducted numerous network, web, mobile, and thick-client engagements. During these engagements, he has used Amass extensively to discover client assets and has contributed to and developed scanning pipelines. One of the key roles of his job is to educate both clients and junior consultants on how to effectively identify, exploit, and patch discovered assets. He hopes he can continue sharing that knowledge with anyone interested in this course.

Buy this course now

$99.99

Get Immediate access for one year today!

Upgrade to Pro Plans and Get Full Access Today!

Get this course, along with 900+ courses and 70+ learning paths and more in one subscription. Learn more

Unlock All Access

Plans start from $33/mo. Cancel anytime.

Join over 1 Million professionals from the most renowned Companies in the world!

Fastest Way to Level Up Your Cybersecurity Skills

Invest in your future with flexible subscription plans that give you access to the world’s largest online cybersecurity course library. Whether you're exploring cybersecurity courses for beginners or advancing your expertise,
access in-demand courses, practical labs, and CTF challenges designed to support continuous learning.

Monthly Plans

Annual Plans

Save 20% with our annual plans!

Pro

Build your cybersecurity skills with 900+ bite-sized courses and curated learning paths designed for continuous learning.

^$ 69.00

Billed monthly or $599.00 billed annually

Get Started Now

Start your 7-day trial for $1

What is included

880+ Premium Short Courses
70+ Structured Learning Paths
Validation of Completion with all courses and learning paths
New Courses added every month

Early Access Offer

Pro +

Develop real-world cybersecurity skills through hands-on labs and CTF challenges designed for practical learning.

^$ 79.00

Billed monthly or $699.00 billed annually

Get Started Now

Start your 7-day trial for $1

Everything in Pro, Plus:

1600+ Hands-on lab exercises with guided instructions
150+ CTF Challenges with detailed walkthroughs
New Hands-on Labs and Challenges added every month

Related Courses

Short Course

Bootstrap 4 Quick Website Bootstrap Components Course

Software Development

Explore the basics of Bootstrap and learn to create a website in 4 easy steps

Explore the basics of Bootstrap and learn to create a website...

$49.99

Beginner

1 hr 30 m

Hello
Short Course

CCNA - Understanding Routers and Switches

Security Architecture and Operations

A comprehensive guide to understanding the in-depth functioning of routers and switches for the preparation of CCNA Exam.

A comprehensive guide to understanding the in-depth functioni...

$49.99

Intermediate

2 hr 0 m

Hello
Short Course

The Complete Full-Stack JavaScript Course

Software Development

Learn full-stack web development using JavaScript (ReactJS, NodeJS, LoopbackJS, Redux and Material-UI)!

Learn full-stack web development using JavaScript (ReactJS, N...

$79.99

Beginner

24 hr 17 m

Hello
Short Course

React.JS for Ecommerce: Building a Store with React.JS

DevSecOps

From React.js Fundamentals to Crafting an Online Storefront

From React.js Fundamentals to Crafting an Online Storefront

$49.99

Advanced

3 hr 30 m

Hello
Short Course

CISSP Certification Domains 5, 6, 7, and 8 Video Training

Cybersecurity

This course is ideal for individuals who desire to pass the Information Systems Security Professional CISSP Certification Exam and want to gain more insight and knowledge around IT, Information, and Cyber Security from a management/senior leader perspective.

This course is ideal for individuals who desire to pass the I...

$69.99

Intermediate

6 hr 30 m

Hello
Short Course

Helm 3 - Package Manager for Kubernetes

Software Development

A must tool for every DevOps engineer

A must tool for every DevOps engineer

$49.99

Intermediate

1 hr 27 m

Hello
Short Course

Learn Ethical Hacking by Hacking Real Websites Legally

Vulnerability Assessment and Pentesting

Fun way to learn ethical hacking by playing online hacking games - hacking real websites legally

Fun way to learn ethical hacking by playing online hacking ga...

$69.99

Beginner

4 hr 18 m

Hello
Short Course

Mastering Ansible Playbooks: Debugging and Security

Software Development

Securing and Automating Linux and Windows Systems with Advanced Ansible Playbooks

Securing and Automating Linux and Windows Systems with Advanc...

$99.99

Advanced

5 hr 34 m

Hello