Bug Bounty Training by Tech Marshals Academy Training Institute in Hyderabad
Bug Bounty Training free videos and free material uploaded by Tech Marshals Academy Training Institute in Hyderabad .
INTRODUCTION
Bug Bounty program
History of Bug Bounty
INTRODUCTION TO BURPSUITE PRO
Java installation in the system
Proxy setting in Firefox browser
Burp Certification in Firefox
Foxy Proxy
RECON LIKE A HUNTER (FOOTPRINTING) (Reconnaisance)
Basic Ideas and Introduction
Nmap
Whatweb
Wappalyzer
Google dorks
Finding Subdomains of Domains
Github tools like (bbht, lazyrecon, assetfinder , )
Httpstatus.io
Github Recon
Extra – Censys, crt.sh , waybackmachine , dnsdumpster , shodan.io
HTML INJECTION
Basic idea on lab websites
Injection Findings Examples
Exploitation of HTML Injection Attack
Live POC
Mitigation of this Bug
CRITICAL and SOURCE CODE ERRORS, PATH TRAVERSAL
Basic Idea
Manual attacks
manually and automatically
Automatic attacks through payloads
Live POC
Mitigation of this Bug
XSS – CROSS SITE SCRIPTING
Basic Idea
XSS on LAB Target
Play with HTML & XML source code to find the reflection
Reflected XSS
Stored XSS
DOM XSS
XSS Exploitations
BLIND XSS
Introduction to KNOXSS tool (Best tool ever)
Live POC
Mitigation of this Bug
WEB CACHE POISONING ATTACK
Bsic Idea
Attack into the Host
Live POC
Mitigation of this Bug
CSRF – CROSS SITE REQUEST FORGERY
Conclusion of the Bug
Attacking Area
CSRF on different different pages
Account take over CSRF
Anti CSRF Tokens
My personal Live POC
Mitigation of this Bug
URL REDIRECT & FORWARD
Basic Concept
Attacking on the main domain URL
Attacking through burpsuite search key’s
Live POC
Mitigation of this Bug
SQL INJECTION
What is SQLi
Virtual Box LAB for SQLi
Authentication Bypass Attack
SQL MAP
Havij pro
Union Based SQLi
Exploitation (Getting Database) on the GET BASED , POST BASED , HEADER BASED & COOKIE BASED
Attacks on Live website
POC
Mitigation of this Bug
COMMAND INJECTION
What is CMDi
Attacks using Delimeters
Google cloud shell POC
Executing Arbitariry command
Live POC
Mitigation of this Bug
This course will cover most of the OWASP TOP 10 and Web Application Penetration Testing.
Bug Bounties Advantages:
Values of your Resume.
Increase Possibility of getting a job in the industry.
Opportunity to make money on spare time.
Glory and Fame.
Knowledge.
The proven one.
Write a public review