The Bug Bounty Hunting Course

Course Description

The course consists of 4 chapters starting from Reconnaissance going into Attacks, learning how to think outside the box, create great structured reports, and will include enough techniques to let you hunt for the most common vulnerabilities using the best tools and the ways to conduct them. You’ll learn how to think like a hacker, using a specific mindset that requires a certain way to combine multiple knowledge gathered from Linux to Coding and Programming integrating it into your bug bounty methodology.

You are competing against many other security researchers, so if you all use the same tools, the same way you will most likely end up with a duplicate. This course will guide you through the path of achieving the “hacking” mindset using manual techniques to level up your success as a Bug Bounty Hunter.

 

Pre-Requirements*

  • Understanding of TCP/IP Networking, and layers
  • Familiar with Linux Environments, as an operating System
  • Basic Programming such as Python, Perl, Shell, C+
  • Scripting with BASH
  • Kali Linux and Hacking Tools
  • Mind Mapping Mindset – Coding structure thinking

Who this course is for?

  • Bug Bounty Hunters
  • Penetration Testers and Red Teamers
  • Security Researchers
  • Aspiring Ethical Hackers

This course includes:

  • Course Duration: 8 hours
  • Course Access: 1 Year
    *Contact us if you would like to extend your access for free.
  • Certification of Completion
  • FHD (1080p) Episodes Hosted on Vimeo
  • Supported also on Mobile, Tablet & TV
  • Downloadable Resources

Course Content

  • Introduction to Bug Bounty Hunting
  • Chapter 1: Reconnaissance
  • Chapter 2: Attacks
  • Chapter 3: Thinking Outside the Box-The Mindset of a Hacker
  • Chapter 4: Submitting better Reports

*Note: The above is recommended before taking our courses but is not mandatory. The reason is that each individual’s background when it comes to the offensive security world, varies, based on our experience, the above pre-requirements are needed to become better as you progress in this field.

€147

SIGN UP NOW

Some of the topics that this course will cover:

  • Organize and exfiltrate the domains and URLs part of the scope.
  • Perform Active and Passive Subdomain Enumeration using Amass, Recon-NG, and Sublist3r
  • Perform probing with httpx and grep out injection-based attack URLs based on patterns using GF and GF-Patterns.
  • Use Searchsploit to manually find exploits for specific versions reading from the results of Nmap in the Platform.
  • Use Eyewitness to perform website screenshotting from your terminal.
  • Perform GF on the URLs for specific attacks such as SQL, XSS, Open-Redirect, LFI and IDOR.
  • Understand how the mindset works, using manual grepping techniques against all the URLs gathered
  • Chain commands along with GF patterns against all the Javascript files, massively finding specific patterns manually using regex
  • Performing Cross-Site Scripting (XSS) Injection Attacks
  • Understanding how to choose potential URLs for SQLi attacks
  • Use Atlas bypass firewalls, and IPS/IDS to find the right encoding
  • Learn about all types of open-redirect attacks
  • Setup Burpsuite and Autorize to prepare for IDOR attacks
  • Use Ffuf to perform fuzzing and content discovery in combination with SecLists
  • Learn how Path Traversal is different for Windows and Linux
  • Learn how to trick the web app into exposing or running files with an LFI attack
  • Use a one-liner chained command to massively perform CRLF attacks in a single line
  • Bypassing 403 forbidden access directories
  • Use Repeater + Intruder to study how you can manually test if a web server is vulnerable to Cache Poisoning
  • Understand how to decrypt secrets or locations to other endpoints
  • Crack hashes without knowing the key or cipher, decode encodings
  • Find hidden API Endpoints from URLs using Kiterunner
  • Learn a technique for interfering with the way a website processes sequences of HTTP requests
  • Use Smuggler and attack a list of URLs with thousands of Payloads using the POST method
  • Use a one-liner chained command to massively perform attacks with Nuclei fetching URLs and probing
  • Learn how to approach large companies with millions of URLs and massively perform recon and attacks on a large scale
  • Have the top 3 questions asked every bug bounty hunter will encounter get answered thoroughly
  • Understand how to submit more comprehensive reports speeding up the process
  • Reduce duplicates by writing top of the state complete reports with PoCs

Disclaimer: This Course is performed for educational purposes only. It will help you expand your knowledge of Bug Bounty Hunting. Everything is done on self-owned machines, and we are not responsible for any damage done about this course. Black Hat Ethical Hacking or any security research engineer performing this demo is not held responsible nor do we influence the actions of others for such techniques that could be illegal if used for unethical reasons to be done WITHOUT the consent of the other party involved. Make sure to follow each program’s rules accordingly before conducting any of the live-action.

Course Chapters

€147

SIGN UP NOW

Get in touch with BHEH!

Reach out to us for more information.

13 + 1 =