product-preview-thumbnail-0product-preview-thumbnail-1

Bug Bounty Hunter

Share
  • Image
  • 5 KB
₹ 3,000
Description

Make Contact If You Get Any Issue - Whatsapp - +91 - 7988285508
Bug Bounty Hunter - English

About

Welcome to Bug Bounty Hunting - Offensive Approach to Hunt Bugs. this course will cover most of the vulnerabilities of OWASP TOP 10 & Web Application Penetration Testing.

you will start as a beginner with no hands-on experience on bug bounty hunting and Penetration testing, after this course you will emerge as a stealth Bug Bounty Hunter.

Bug bounty hunting is the act of finding security vulnerabilities or bugs in a website and responsibly disclosing it to that company’s security team in an ethical way. Bug bounties, also known as responsible disclosure programs, are set up by companies to encourage people to report potential issues discovered on their sites. Some companies choose to reward a researcher with bounty, swag, or an entry in their hall-of-fame list. If you are interested in web application security then they have a great place of honing your skills, with the potential of earning some bounty and credibility at the same time.

Course Contents

Introduction
About Instructor
Course Introduction and Overview
Why you should take this ?
Teaser of Offensive Approach to Hunt Bugs
Information Gathering & Basic Terminologies
Information Gathering

Introduction of Burpsuite
Steps to Configure Burpsuite with Firefox
How to Use Burpsuite - Spider | Repeater | Intruder
Comprehensive XSS
Background Concept about XSS
Basic XSS
Basic XSS on Lab
Manual Building XSS Vector
XSS through Filter Bypassed XSS payloads On Lab
XSS On Live Websites
XSS Hunting Live Part 1
XSS Hunting Live Part 2
XSS Hunting Live Part 3
XSS Through Header Parameter
Reflected XSS Vs Stored XSS
Exploitation of XSS : - 1. URL Redirection
Exploitation of XSS : - 2. Phishing Through XSS
Exploitation of XSS : - 3. Cookie Stealing
XSS Through File Uploading
XSS Through Remote File Inclusion
Convert Self XSS to Reflected XSS
POC - 1 XSS Attack Discovered by Shubham Maheshwari
POC - 2 XSS Attack Discovered by Shubham Maheshwari
POC - 3 XSS Attack Discovered by Shubham Maheshwari
POC 4 XSS Attack Discovered by Ankit Singh
POC 5 XSS Attack Discovered by Ankit Singh
POC 6 XSS Attack Discovered by Ankit Singh
POC 7 XSS Attack Discovered by Ankit Singh
POC 8 XSS Attack Discovered by Ankit Singh

Host Header Injection
Overview of Host Header Injection
Host Header Attack 1. Open Redirection
Host Header Attack 2. Cache Poisoning
Host Header Attack 3. Password Reset Poisoning
Host Header Attack 4. XSS Through Host Header
POC - 1 Host Header attack by Shubham Maheshwari
POC - 2 Host Header Attack Discovered by Shubham Maheshwari
POC - 3 Host Header Attack Discovered by Shubham Maheshwari
POC -4 Host Header Attack Discovered by Shubham Maheshwari
POC - 5 Host Header Attack Discovered by Shubham Maheshwari
POC - 6 Host Header Attack Discovered by Shubham Maheshwari
POC - 7 Host Header Attack Discovered by Shubham Maheshwari

XSS Task
1 question
URL Redirection
Background Concept about URL Redirection
URL Redirection Through Get Parameter
URL Redirection Through Path Fragments
POC of URL Redirection 1
POC of URL Redirection 2
POC 3 Open Redirection Vulnerability Discovered by Shubham Maheshwari
POC 4 Open Redirection Vulnerability Discovered by Shubham Maheshwari
POC 5 Open Redirection Vulnerability Discovered by Shubham Maheshwari
POC 6 Open Redirection Vulnerability Discovered by Dawood Ansar

Parameter Tampering
Background Concept about Parameter Tampering
Parameter Tampering - Example 1
Parameter Tampering - Example 2
Parameter Tampering - Example 3
Parameter Tampering - Example 4
Parameter Tampering - Example 5
HTML Injection
Background Concept about HTML Injection
HTML Injection Finding - Example1
HTML Injection Finding - Example2
HTML Injection Finding - Example3
Exploitation of HTML Injection

File Inclusion
Background Concept about File Inclusion
LFI Vs RFI
LFI Hunting Part 1
LFI Hunting Part 2
Exploitation of LFI
RFI Hunting

Missing/insufficient SPF record
Background Concept about Missing / insufficient SPF record
Testing SPF

Exploitation of SPF
POC 1 SPF
POC 2 - SPF Vulnerability Discovered by Shubham Maheshwari
POC 3 - SPF Vulnerability Discovered by Shubham Maheshwari
POC 4 - SPF Vulnerability Discovered by Shubham Maheshwari
POC 5 - SPF Vulnerability Discovered by Shubham Maheshwari

Insecure CORS Configuration
Background Concept about CORS
Insecure CORS by Checking Response Header
Insecure CORS through Request Header
Exploitation of Insecure CORS
POC Insecure CORS

Server Side Request Forgery
Background Concept about SSRF
SSRF Testing on Lab
SSRF on Live web
Exploitation of SSRF attack

Critical File Found
Background Concept about Critical File Found
Critical File Found on Live web 1
Critical File Found on Live web 2
Source Code Disclosure
Background Concept about Source Code Disclosure
Source Code Disclosure on Lab
Source Code Disclosure on Live Web

Cross Site Request Forgery
Background Concept about CSRF
Injection Point for CSRF
CSRF on Logout Page
CSRF LiveCSRF page on some critical Business Logic Page
CSRF POC -1 Discovered by Ankit Singh
CSRF POC 2 Discovered by Ankit Singh
CSRF POC -3 Discovered by Ankit Singh

Hostile Subdomain Takeover
Background Concept about Hostile Subdomain Takeover
Hostile Subdomain Takeover on Live web 1
Hostile Subdomain Takeover on Live web 2

SQL Injection
Background Concept about SQL injection
SQL Injection Lab Setup
Injection Point for SQL Injection
Learn SQL Query Fixing
SQLI GET Based Part 1
SQLI GET Based Part 2
SQLI GET Based Part 3
Exploitation of GET Based SQLI
SQLI POST Based Part 1
SQLI POST Based Part 2
Processing..
Exploitation of POST Based SQLI
SQLI Header Based
Exploitation of Header Based SQLI
SQLI Cookie Based
Exploitation of Cookie Based SQLI
WAF Bypassing for SQLI
Authentication Bypassing through SQLI
Automation of SQLI GET Based
Automation of SQLI Post Based | Header Based and Cookie Based
Automation of SQLI Part 3 With WAF Bypassing
SQLI on Live Web 1
SQLI Live Bug Bounty Website
SQL Injection Live Website

Command Injection
Background Concept about Command Injection
Command Injection on Lab Part 1
Command Injection on Live Web 1
Command Injection on Live Web 2
Exploitation of Command Injection
File Uploading
Background Concept about File Uploading
File Uploading Part 1
File Uploading Part 2
File Uploading Part3
File Uploading on Live Part 2

XML External Entity Injection
Background Concept about XXE Injection
XXE on Lab