Advance Bug Bounty Hunting V1.0
About Course
ADVANCE BUG BOUNTY HUNTING V1.0
Description
This course introduces students to the Advance Bug bounty concepts associated with Web application pentesting. We encourage you to take this course if you are a complete beginner in Advance Web bug bounty world. This course uses a custom-developed vulnerable web application pentesting to demonstrate how, web vulnerabilities can be identified and exploited. This course teaches you how to identify a variety of Advance web vulnerabilities lies in the Server-side, Client-side.
Course Content
- Testing Chrome extensions (Manual and automatic approach)
Static Testing
Dynamic Testing - Deep Down with JWT(Json Web Tokens)
- Testing Oauth Misconfigurations (Account Takeovers and more…)
- CORS bypasses
- CSRF bypasses
- Stored/Reflected Cross Site Scripting (Account Takeovers and other impacts)
Generic
Bypasses
Sandbox
Link Embed - Indirect Object References (Generic approach)
- Sensitive Data exposure
- Source code (Js analysis)
Shodan
GitHub
Other third parties resources - Webhooks/apis
- LocalStorage
- Enhancing Power of recon
- Some Client Side bypasses
- Advanced Business logic
- Different type of Race Conditions
- File uploads
- Some high CVEs vulnerability(Grafana(LFI),WordPress(XSS))
- Chaining vulnerabilities
- IDOR and cross site scripting
- Cross site scripting (with very low impact ) and oauth misconfiguration to account takeover
- Low Impact HTML injection to increasing more impact
- Cross Site Scripting with HTTP only cookie set to true(Methods to find bypasses)
- Cross Site Scripting in sandbox environment
- Link embed to Stored Cross Site Scripting stealing user user sessions
- Cross Site Scripting to Account Takeover with LocalStorage
- Shodan backup found api key and then full org takeover
- Some interesting findings with wayback URLs (CVE bases cross site scripting, IDOR chaining to massive user enumeration, support/client/third parties leaks)
- Master OTP to Massive Account Takeovers
Note: Mostly all the mentioned content will be taught live and with poc findings recording.
Trainers : Mayank Gandhi & Anurag Verma
Benefits :
- Get ISO Certified Certification
- Get Advance Bug Bounty Hunter Badge ( ID CARD )
- Live Targets to hunt
Point To Be Noted :
It takes minimum 3 months to get hard copy of ID CARD
Course Content
Introduction to Advance Bug Bounty
-
Join WhatsApp Group
00:00