Press enter to confirm search term
Bug Hunting Training

The Bug Bounty Course is a best deal offered by many Companies, websites and software developers, programmers by which individuals can receive recognition and compensation for reporting bugs and Vulnerabilities, especially those pertaining to exploits and vulnerabilities. This course will cover most of the vulnerabilities of OWASP TOP 10 & Web Application Penetration Testing. You will start as a beginner with no hands-on experience on bug bounty hunting and Penetration testing, after this course you will emerge as a stealth Bug Bounty Hunter. Bug bounty hunting is the act of finding security vulnerabilities or bugs in a website and responsibly disclosing it to that company’s security team in an ethical way. Some companies choose to reward a researcher with bounty, swag, or an entry in their hall-of-fame list. If you are interested in web application security then they have a great place of honing your skills, with the potential of earning some bounty and credibility at the same time.

Enroll Now
Who can sign up for the training?

• Anyone who wants to Hunt
• Security Professional
• Developer
• Ethical Hacker
• Penetration Tester

Key benefits of this Course :

• HALL OF FAME
• REWARDS
• BUG BOUNTY
• ACKNOWLEDGEMENT / APPRECIATION
• VALUES FOR YOUR RESUME
• Increase the possibility of getting a job in the industry
• Opportunity to make money on spare time
• Knowledge
• The Proven one

Training Modules (1/2) :

1. INTRODUCTION TO BURPSUITE PRO
a. Java installation in the system
b. Proxy setting in Firefox browser
c. Burp Certification in Firefox


2. FOOTPRINTING / INFORMATION GATHERING
a. Background Concept
b. Nmap
c. Whatweb
d. Finding Subdomains of Domains


3. XSS – CROSS SITE SCRIPTING
a. Background Concept
b. Basic XSS
c. XSS on LAB Website
d. Manually Building XSS
e. XSS on live Website
f. XSS through filter bypass attack
g. Reflected XSS vs Stored XSS
h. Exploitation of XSS


4. HOST HEADER INJECTION ATTACK
a. Overview of the Attack
b. Open Redirection
c. Web Cache poisoning
d. Host Header XSS


5. URL REDIRECTION
a. Basic Concept
b. URL Redirection through Path Fragmentation
c. Attacks on Live Websites


6. HTML INJECTION
a. Background Concept
b. Injection Findings Examples
c. Exploitation of HTML Injection Attack


7. SQL INJECTION
a. Background Concept
b. SQL Injection LAB set up
c. Authentication Bypass Attack
d. SQL MAP
e. Havij pro
f. Union Based SQLi
g. SQL fixing query
h. Exploitation (Getting Database) on the GET BASED , POST BASED , HEADER BASED & COOKIE BASED
i. Attacks on Live website


8. COMMAND INJECTION
a. Concept
b. Attacks using Delimeters


9. PARAMETER / DATA TEMPERING
a. Basic Concept
b. Finding Injection point
c. Directly Live attacks to decease the price of commercial websites product.


10. FILE INCLUSION
a. Background concept
b. LFI
c. RFI

Training Modules (2/2) :

11. MISSING SPF FLAG
a. Background Concept
b. Target and Attacks
c. Exploitations of missing SPF


12. INSECURE CORS(CROSS ORIGIN RESOURCE SHARING)
a. Background concept
b. Insecure CORS checking Response
c. Insecure CORS through Response Header and Request Header


13. FILE UPLOADING
a. Background concept
b. Finding the uploading targets
c. Uploading .php shell and getting access to the full server
d. Uploading to some malicious files to do the DOS attack


14. CRITICAL FILE FOUND
a. Background Concept
b. Manual attacks
c. Automatic attacks through payload.


15. SOURCE CODE DISCLOSURE
a. Background concept
b. Attack manually and automatically


16. CSRF – CROSS SITE REQUEST FORGERY
a. Background concept
b. Injection Point
c. CSRF on logout page


17. DOS Attack (Denial of services)
NOTE :- sometimes there is no bounty for this attack
a. Background concept
b. Attack through LOIC & HOIC
c. Attack through Ettercap
d. Attack through metasploit


18. Report Writing & POC


19. Sign up in these online Bug Hunting platform
a. BUG CROWD
b. HACKER ONE
c. SYNACK
d. ANTI HACK
e. OPEN BUG BOUNTY
f. FACEBOOK BUG BOUNTY PROGRAM
g. EC COUNCIL BUG BOUNTY PROGRAM, ETC.

Training Outcomes :

• Experience & Knowledge
• Toolkit
• Study Material


About The Trainer :

Abrar Ahmad - Cyber Security Specialist, CEH


Enroll Now
Questions about our Training Programme? ask us about it