Bug Bounty Hunting Offensive Approach to Hunt Bug
A bug bounty program allows hackers to receive compensation for reporting bugs, also known as vulnerabilities and possible exploits, in organizations' hardware, firmware, and software.
Topics Covered In This Course
Introduction:
- About Instructor
- Why you should take this
Introduction of Burpsuite:
- Steps to Configure Burpsuite with Firefox
- How to Use Burpsuite - Spider Repeater Intruder
Comprehensive XSS:
- Background Concept about XSS
- XSS Hunting Live
- Reflected XSS Vs Stored XSS
- Exploitation of XSS - 1. URL Redirection
- POC - 1 XSS Attack Discovered by Shubham
Host Header Injection:
- Overview of Host Header Injection
- Host Header Attack - Open Redirection
- Host Header Attack - Cache Poisoning
- Host Header Attack - Password Reset Poisoning
- Host Header Attack - XSS Through Host Header
URL Redirection:
- Background Concept about URL Redirection
- URL Redirection Through Get Parameter
- URL Redirection Through Path Fragments
Parameter Tampering:
- Background Concept about Parameter Tampering
- Parameter Tampering - Example 1 - 5
HTML Injection:
- Background Concept about HTML Injection
- Background-HTML
- HTML Injection Finding - Example 1 - 3
File Inclusion:
- Background Concept about File Inclusion
- LFI Vs RFI
- LFI Hunting Part 1 and Part 2
- Exploitation of LFI
Missing insufficient SPF record:
- Background Concept about Missing insufficient SPF record
- Testing SPF
- Exploitation of SPF
- POC 1 - 5 SPF
Insecure CORS Configuration:
- Background Concept about CORS
- Insecure CORS by Checking Response Header
- Exploitation of Insecure CORS
Server Side Request Forgery:
- Background Concept about SSRF
- SSRF on Live web
Critical File Found:
- Background Concept about Critical File Found
- Critical File Found on Live web
Source Code Disclosure:
- Background Concept about Source Code Disclosure
- Source Code Disclosure on Live Web
Cross Site Request Forgery:
- Background Concept about CSRF
- Injection Point for CSRF
- CSRF on Logout Page
- CSRF Live
- CSRF page on some critical Business Logic Page
Hostile Subdomain Takeover:
- Background Concept about Hostile Subdomain Takeover
SQL Injection:
- SQL Introduction
- SQL Attacks
Command Injection:
- Background Concept about Command Injection
- Command Injection on Lab
- Command Injection on Live Website
- Exploitation of Command Injection
File Uploading:
- Background Concept about File Uploading
- File Uploading on Live Part
XML External Entity Injection:
- Background Concept about XXE Injection
- XXE on Lab
That is All
Subscribe Our YouTube Channel For More Courses
Thank You
0 Comments