Training
Bug Hunting Training
A bug bounty program is a deal offered by many websites, organisations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse. Bug bounty programs have been implemented by a large number of organisations, including Mozilla, Facebook, Yahoo!, Google, Reddit, Square, and Microsoft. Companies outside the technology industry, including traditionally conservative organisations like the United States Department of Defence, have started using bug bounty programs. The Pentagon’s use of bug bounty programs is part of a posture shift that has seen several US Government Agencies reverse course from threatening white hat hackers with legal recourse to inviting them to participate as part of a comprehensive vulnerability disclosure framework or policy.
Coming Soon
Who can sign up for the training?
• Anyone who wants to Hunt
• Security Professional
• Developer
• Ethical Hacker
• Penetration Tester
Key benefits of this Course :
• HALL OF FAME
• REWARDS
• BUG BOUNTY
• ACKNOWLEDGEMENT / APPRECIATION
• VALUES FOR YOUR RESUME
• Increase the possibility of getting a job in the industry
• Opportunity to make money on spare time
• Knowledge
• The Proven one
Training Modules (1/2) :
1. INTRODUCTION TO BURPSUITE PRO
a. Java installation in the system
b. Proxy setting in Firefox browser
c. Burp Certification in Firefox
2. FOOTPRINTING / INFORMATION GATHERING
a. Background Concept
b. Nmap
c. Whatweb
d. Finding Subdomains of Domains
3. XSS – CROSS SITE SCRIPTING
a. Background Concept
b. Basic XSS
c. XSS on LAB Website
d. Manually Building XSS
e. XSS on live Website
f. XSS through filter bypass attack
g. Reflected XSS vs Stored XSS
h. Exploitation of XSS
4. HOST HEADER INJECTION ATTACK
a. Overview of the Attack
b. Open Redirection
c. Web Cache poisoning
d. Host Header XSS
5. URL REDIRECTION
a. Basic Concept
b. URL Redirection through Path Fragmentation
c. Attacks on Live Websites
6. HTML INJECTION
a. Background Concept
b. Injection Findings Examples
c. Exploitation of HTML Injection Attack
7. SQL INJECTION
a. Background Concept
b. SQL Injection LAB set up
c. Authentication Bypass Attack
d. SQL MAP
e. Havij pro
f. Union Based SQLi
g. SQL fixing query
h. Exploitation (Getting Database) on the GET BASED , POST BASED , HEADER BASED & COOKIE BASED
i. Attacks on Live website
8. COMMAND INJECTION
a. Concept
b. Attacks using Delimeters
9. PARAMETER / DATA TEMPERING
a. Basic Concept
b. Finding Injection point
c. Directly Live attacks to decease the price of commercial websites product.
10. FILE INCLUSION
a. Background concept
b. LFI
c. RFI
Training Modules (2/2) :
11. MISSING SPF FLAG
a. Background Concept
b. Target and Attacks
c. Exploitations of missing SPF
12. INSECURE CORS(CROSS ORIGIN RESOURCE SHARING)
a. Background concept
b. Insecure CORS checking Response
c. Insecure CORS through Response Header and Request Header
13. FILE UPLOADING
a. Background concept
b. Finding the uploading targets
c. Uploading .php shell and getting access to the full server
d. Uploading to some malicious files to do the DOS attack
14. CRITICAL FILE FOUND
a. Background Concept
b. Manual attacks
c. Automatic attacks through payload.
15. SOURCE CODE DISCLOSURE
a. Background concept
b. Attack manually and automatically
16. CSRF – CROSS SITE REQUEST FORGERY
a. Background concept
b. Injection Point
c. CSRF on logout page
17. DOS Attack (Denial of services)
NOTE :- sometimes there is no bounty for this attack
a. Background concept
b. Attack through LOIC & HOIC
c. Attack through Ettercap
d. Attack through metasploit
18. Report Writing & POC
19. Sign up in these online Bug Hunting platform
a. BUG CROWD
b. HACKER ONE
c. SYNACK
d. ANTI HACK
e. OPEN BUG BOUNTY
f. FACEBOOK BUG BOUNTY PROGRAM
g. EC COUNCIL BUG BOUNTY PROGRAM, ETC.
