TMG Security

TMG English Courses

Advance Bug Bounty Hunting V1.0

Categories: BUG Bounty, Red Team
Wishlist Share
Share Course
Page Link
Share On Social Media

About Course

ADVANCE BUG BOUNTY HUNTING V1.0

 

Description

This course introduces students to the Advance Bug bounty concepts associated with Web application pentesting. We encourage you to take this course if you are a complete beginner in Advance Web bug bounty world. This course uses a custom-developed vulnerable web application pentesting to demonstrate how, web vulnerabilities can be identified and exploited. This course teaches you how to identify a variety of Advance web vulnerabilities lies in the Server-side, Client-side.

Course Content

  • Testing Chrome extensions (Manual and automatic approach)
    Static Testing
    Dynamic Testing
  • Deep Down with JWT(Json Web Tokens)
  • Testing Oauth Misconfigurations (Account Takeovers and more…)
  • CORS bypasses
  • CSRF bypasses
  • Stored/Reflected Cross Site Scripting (Account Takeovers and other impacts)
    Generic
    Bypasses
    Sandbox
    Link Embed
  • Indirect Object References (Generic approach)
  • Sensitive Data exposure
  • Source code (Js analysis)
    Shodan
    GitHub
    Other third parties resources
  • Webhooks/apis
  • LocalStorage
  • Enhancing Power of recon
  • Some Client Side bypasses
  • Advanced Business logic
  • Different type of Race Conditions
  • File uploads
  • Some high CVEs vulnerability(Grafana(LFI),WordPress(XSS))
  • Chaining vulnerabilities
  • IDOR and cross site scripting
  • Cross site scripting (with very low impact ) and oauth misconfiguration to account takeover
  • Low Impact HTML injection to increasing more impact
  • Cross Site Scripting with HTTP only cookie set to true(Methods to find bypasses)
  • Cross Site Scripting in sandbox environment
  • Link embed to Stored Cross Site Scripting stealing user user sessions
  • Cross Site Scripting to Account Takeover with LocalStorage
  • Shodan backup found api key and then full org takeover
  • Some interesting findings with wayback URLs (CVE bases cross site scripting, IDOR chaining to massive user enumeration, support/client/third parties leaks)
  • Master OTP to Massive Account Takeovers
Note: Mostly all the mentioned content will be taught live and with poc findings recording.

 

Trainers : Mayank Gandhi & Anurag Verma

 

Benefits :

  • Get ISO Certified Certification
  • Get Advance Bug Bounty Hunter Badge ( ID CARD )
  • Live Targets to hunt

Point To Be Noted :

It takes minimum 3 months to get hard copy of ID CARD

 

Show More

What Will You Learn?

  • Advance Vulnerabilities
  • Web Application Pentesting
  • Learn what are Business Logics, and exploits.
  • Learn how to pentest web and chrome extensions
  • Learn Advance vulnerabilities in web application
  • Learn automated tools for Web Security Testing

Course Content

Introduction to Advance Bug Bounty

  • Join WhatsApp Group
    00:00

Start Learning

Scroll to Top