Bug Bounty Training

BY ABRAR AHMAD & VISWANATH – TECH MARSHALS ACADEMY

This course will cover most of the OWASP TOP 10 and Web Application Penetration Testing.

Best Bug Bounty Course Training in Hyderabad

TECH MARSHALS BUG BOUNTY COURSE

A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse.

Bug Bounties Advantages

  • Values of your Resume.
  • Increase Possibility of getting a job in the industry.
  • Opportunity to make money on spare time.
  • Glory and Fame.
  • Knowledge.
  • The proven one.

Who this course is for:

Anyone who wants to Hunt | Security Professional | Developer | Ethical Hacker |  Penetration Tester

Enroll Now For Demo Session

Tech Marshals whatsapp Logo pngTech Marshals Academy Tawk WebChat

Tech Marshals – Bug Bounty Course Content

  1. INTRODUCTION
  • Bug Bounty program
  • History of Bug Bounty
  1. INTRODUCTION TO BURPSUITE PRO
  • Java installation in the system
  • Proxy setting in Firefox browser
  • Burp Certification in Firefox
  • Foxy Proxy
  1. RECON LIKE A HUNTER (FOOTPRINTING) (Reconnaisance)
  • Basic Ideas and Introduction
  • Nmap
  • Whatweb
  • Wappalyzer
  • Google dorks
  • Finding Subdomains of Domains
  • Github tools like (bbht, lazyrecon, assetfinder , )
  • Httpstatus.io
  • Github Recon
  • Extra – Censys, crt.sh , waybackmachine , dnsdumpster , shodan.io
  1. HTML INJECTION
  • Basic idea on lab websites
  • Injection Findings Examples
  • Exploitation of HTML Injection Attack
  • Live POC
  • Mitigation of this Bug
  1. CRITICAL and SOURCE CODE ERRORS, PATH TRAVERSAL
  • Basic Idea
  • Manual attacks
  • manually and automatically
  • Automatic attacks through payloads
  • Live POC
  • Mitigation of this Bug
  1. XSS – CROSS SITE SCRIPTING
  • Basic Idea
  • XSS on LAB Target
  • Play with HTML & XML source code to find the reflection
  • Reflected XSS
  • Stored XSS
  • DOM XSS
  • XSS Exploitations
  • BLIND XSS
  • Introduction to KNOXSS tool (Best tool ever)
  • Live POC
  • Mitigation of this Bug
  1. WEB CACHE POISONING ATTACK
  • Bsic Idea
  • Attack into the Host
  • Live POC
  • Mitigation of this Bug
  1. CSRF – CROSS SITE REQUEST FORGERY
  • Conclusion of the Bug
  • Attacking Area
  • CSRF on different different pages
  • Account take over CSRF
  • Anti CSRF Tokens
  • My personal Live POC
  • Mitigation of this Bug
  1. URL REDIRECT & FORWARD
  • Basic Concept
  • Attacking on the main domain URL
  • Attacking through burpsuite search key’s
  • Live POC
  • Mitigation of this Bug
  1. SQL INJECTION
  • What is SQLi
  • Virtual Box LAB for SQLi
  • Authentication Bypass Attack
  • SQL MAP
  • Havij pro
  • Union Based SQLi
  • Exploitation (Getting Database) on the GET BASED , POST BASED , HEADER BASED & COOKIE BASED
  • Attacks on Live website
  • POC
  • Mitigation of this Bug
  1. COMMAND INJECTION
  • What is CMDi
  • Attacks using Delimeters
  • Google cloud shell POC
  • Executing Arbitariry command
  • Live POC
  • Mitigation of this Bug
  1. WEB PARAMETER TAMPERING (Insecure Deserialization)
  • Basic Concept
  • Finding Injection point
  • Directly Live attacks to decrease the price of commercial websites product.
  • LIVE POC
  • Mitigation of this Bug
  1. SENDER POLICY FRAMEWORK
  • Basic Concept
  • Target and Attacks on to the web-mails
  • How to identify the bug
  • Exploitations through emkei .cz
  • Live POC
  • Mitigation of this Bug
  1. WEB SHELLING & DEFACEMENT:
  • Basic Idea
  • Finding the uploading targets
  • Bypass the uploading restriction through Burpsuite
  • Uploading .php shell and getting access to the full server
  • Uploading to some malicious files to do the DOS attack
  • LIVE POC
  • Mitigation of this Bug
  1. RATE LIMITATIONS OF LOGIN PAGE
  • Basic concept
  • Forget password page attack
  • Account take over through forget password page
  • Live POC
  • Mitigation of this Bug
  1. PASSWORD DOSING RANGE
  • Basic concept
  • Attack on the Sign up pages
  • Attacking through Burpsuite (Automation)
  • Attacking Manually by my keywords
  • Live POC
  • Mitigation of this Bug
  1. EXIF META DATA NOT STRIPPED (Bugcrowd VRT )
  • Basic concept
  • Upload images from Github
  • Checking the hidden data of image in online tools
  • Checking the hidden data of image in Kali linux exif
  • Strings kali linux
  • Live POC
  • Mitigation of this Bug
  1. IDOR (INSECURE DIRECT OBJECT REFERENCE )
  • Basic concept
  • Attacking point
  • IDOR in crafted URL
  • IDOR in the comment box
  • IDOR Account take over
  • LIVE POC
  • Mitigation of this Bug
  1. WEB CACHE DECEPTION (Bug Crowd no.1 Bug)
  • Basic concept
  • Manually getting the session into the remote browser
  • Automation tools to detect web cache deception
  • LIVE POC
  • Mitigation of this Bug
  1. FILE INCLUSION (Information Disclosure )
  • Basic concept
  • Local File Inclusion (LFI)
  • Remote File Inclusion (RFI)
  • Path traversal to get root file access
  • LIVE POC
  • Mitigation of this Bug
  1. CTF (Capture The Flag)

 

  1. Report Writing & POC
  • Getting Familier with Responsible Disclosure
  • Public target reporting
  • Private target reporting
  • Live Bug Hunting & Reporting
  • Familiers with My All Reports
  • Making a report video (screen recording while reporting)
  • Best way to get Hall of fame
  • Best way to get Appreciation
  • Best way to get Acknowledgement
  1. Some Online Bug Hunting Platform
  • Bug Crowd.com
  • Hackerone.com
  • Bugdiscover.com
  • Intigriti.com
  • Yeswehack.com
  • Synack.com
  • Antihack.me
  • Openbugbounty.org
  • Facebook Bug Bounty Program
  • EC Council Bug Bounty Program

Location

Tech Marshals Academy,

B2, 2nd Floor, KVR Enclave,

Beside Satyam Theater,

Above Bata Showroom,

Ameerpet, Hyderabad.

+91 9133333875 / 9133333871 / 04040034050

info@techmarshals.com