Ultimate Bug Bounty (updated)

Learn the art of finding and automating the bugs

What you'll learn
Web Fundamentals
Python Fundamentals
Automating Bug Hunting with Python
Different WebApp Vulnerabilities
Burp Suite Fundamentals
Injection Vulnerabilities
File Inclusion Vulnerabilities
OWASP TOP 10
Requirements
No prerequisite as this course teaches from basics
Description
This course teaches you how to find bugs in web applications . This course also teaches you Python and also covers most of modules in automating with python . Having Programming skills became necessary in rapidly growing industry . Same applies to cybersecurity and bug hunting . Python helps in automating many things and saves you a ton of time . This course also covers OWASP Top 10 Vulnerabilities . This course can be a good starting point for your bug bounty journey . More and more content will be added from time to time just like my other courses . Modules upto Python Fundamentals were recorded year ago so they contain my bad english but from then onwards there will be no problem in watching videos .This paragraph tells you essence of cybersecurity Use of cyberspace, i.e. computer, internet, cellphone, other technical devices, etc., to commit a crime by an individual or organized group is called cyber-crime. Cyber attackers use numerous software and codes in cyberspace to commit cybercrime. They exploit the weaknesses in the software and hardware design through the use of malware. Hacking is a common way of piercing the defenses of protected computer systems and interfering with their functioning. Identity theft is also common. Cybercrimes may occur directly i.e, targeting the computers directly by spreading computer viruses. Other forms include DoS attack. It is an attempt to make a machine or network resource unavailable to its intended users. It suspends services of a host connected to the internet which may be temporary or permanent.Malware is a software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It usually appears in the form of code, scripts, active content, and other software. ‘Malware’ refers to a variety of forms of hostile or intrusive software, for example, Trojan Horses, rootkits, worms, adware, etc.

Overview

Section 1: Why should you buy this course ?

Lecture 1 Reason to buy this course

Section 2: Web Fundamentals

Lecture 2 HTML Basics

Lecture 3 CSS Basics

Lecture 4 JavaScript Basics

Lecture 5 URL Explained

Lecture 6 HTTP Requests

Lecture 7 HTTP Responses

Lecture 8 Proxy Explained

Lecture 9 URL Encoding

Lecture 10 Robots.txt Explained

Section 3: Burpsuite Fundamentals

Lecture 11 Installation

Lecture 12 Foxyproxy

Lecture 13 Manual Spidering

Lecture 14 Intruder

Lecture 15 Repeater

Lecture 16 Decoder

Section 4: Python Fundamentals

Lecture 17 Installing Python

Lecture 18 Setting Up Visual Studio Code

Lecture 19 Variables

Lecture 20 Operators

Lecture 21 Strings

Lecture 22 User Input

Lecture 23 Lists

Lecture 24 Tuples

Lecture 25 Loops

Lecture 26 Dictionaries

Lecture 27 File I/O

Lecture 28 Functions

Lecture 29 Object Oriented Programming

Lecture 30 Pip Installer

Lecture 31 Sockets Introduction

Lecture 32 Debugging

Lecture 33 Modules

Lecture 34 Exception Handling

Section 5: SubDomain Enumeration

Lecture 35 Enumerating Subdomains

Lecture 36 Enumerating Virtual Hosts

Lecture 37 Enumerating with Sublist3r

Lecture 38 Automating with Python

Section 6: Broken Authentication

Lecture 39 Default Credentials

Lecture 40 Burp , Hydra , Wfuzz , Python for Bruteforcing

Lecture 41 Bypassing Rate Limit

Lecture 42 Bruteforcing Usernames

Lecture 43 Bruteforcing Usernames and Bypassing Rate Limit - Portswigger Labs

Lecture 44 Username Enumeration via UI

Lecture 45 Username Enumeration via SignUp

Lecture 46 Bruteforcing Usernames via Timing Attack

Lecture 47 Filtering wordlist according to Password Policy

Lecture 48 Abusing Password Reset Functionality

Lecture 49 Cookie Tampering

Lecture 50 Bypassing IP Block , Account Locking and Rate Limit

Lecture 51 2FA Bypass and Bruteforcing OTP

Section 7: SQL Injection (SQLI)

Lecture 52 Installing MySQL Workbench

Lecture 53 MySQL Basics

Lecture 54 Error Based SQL Injection - OR AND

Lecture 55 Union Based SQL Injection

Lecture 56 Fetching SQL Version and OS Information

Lecture 57 Dumping All tables and data

Lecture 58 Blind SQL Injection - Boolean Condition Responses

Lecture 59 Blind SQL Injection - Conditional Errors

Lecture 60 Blind SQL Injection - Time Delay Attack

Lecture 61 HacktheBox - FALAFEL Walkthrough

Section 8: File Inclusion

Lecture 62 Local File Inclusion - Information Disclosure

Lecture 63 Log Poisoning to RCE

Lecture 64 Session Poisoning to RCE

Lecture 65 Remote File Inclusion - Getting RCE

Lecture 66 TryHackMe - Dogcat walkthrough

Section 9: Command Injection

Lecture 67 Basic Command Injection

Lecture 68 Advanced Command Injection Bypass Techniques

Lecture 69 Blind Command Injection - Time Delays & Output Redirection

Section 10: HTTP Verb Tampering

Lecture 70 Tampering HTTP Verbs

Section 11: File Upload Vulnerability

Lecture 71 Unprotected File Upload

Lecture 72 Bypassing Client Side Filters

Lecture 73 Bruteforcing Extensions

Lecture 74 Content-Type and Magic Bytes

Lecture 75 File Upload using Python

Lecture 76 Content - Type - Python

Lecture 77 Path Traversal

Lecture 78 rconfig 3.9.6 File Upload RCE via Python

Section 12: Insecure Direct Object Reference (IDOR)

Lecture 79 Bruteforcing Parameters

Lecture 80 Bruteforcing Encoded Parameters

Lecture 81 Portswigger Lab

Lecture 82 HacktheBox CAP Walkthrough

Section 13: Information Disclosure

Lecture 83 Error Messages

Lecture 84 Debug Information

Lecture 85 Backup Files

Lecture 86 TRACE Method

Section 14: Cross Site Scripting (XSS)

Lecture 87 Reflected XSS

Lecture 88 Stored XSS

Lecture 89 Bruteforcing Valid Tags & Attributes to Bypass WAF

Lecture 90 Cookie Stealing with XSS

Lecture 91 TryHackMe XSS Walkthrough

Section 15: Cross Site Request Forgery (CSRF)

Lecture 92 CSRF Attack

Lecture 93 Bypassing CSRF check by Tampering Verbs

Lecture 94 Insecure Configurations

Lecture 95 Duplicate Tokens

Section 16: Server Side Request Forgery (SSRF)

Lecture 96 SSRF Attack

Lecture 97 Scanning Internal Systems with SSRF

Lecture 98 Scanning Internal Ports with SSRF

Lecture 99 Bypassing Blacklist Defenses

Lecture 100 OpenRedirect with SSRF

Lecture 101 Blind SSRF

Lecture 102 TryHackMe SSRF Walkthrough

Section 17: XML eXternal Entities (XXE)

Lecture 103 XML and DTD Explained

Lecture 104 XXE File Read

Lecture 105 SSRF with XXE

Lecture 106 Blind XXE

Lecture 107 Data Exfiltration with Blind XXE

Lecture 108 Out of Band Data Exfiltration - XXE

Lecture 109 XXE via File Upload

Lecture 110 HackTheBox - MARKUP Walkthrough

Section 18: Pentesting WordPress

Lecture 111 Installing WordPress

Lecture 112 WordPress Directory Enumeration

Lecture 113 Enumeration with WPScan

Lecture 114 WordPress XMLRPC

Lecture 115 Wpscan XMLRPC

Lecture 116 Metasploit XMLRPC

Lecture 117 Login Bruteforcing with Burp and Hydra

Lecture 118 Exploiting themes to get reverse shell

Lecture 119 Exploiting Plugins to get reverse shell

Lecture 120 Metasploit shell upload

Lecture 121 Hacking Drupal

Section 19: Insecure Deserialization

Lecture 122 Serialization and Deserialization using Python Pickle

Lecture 123 Python Pickle's reduce magic method

Lecture 124 RCE via Cookie Injection

Lecture 125 Session Hijacking with Deserialization

Section 20: NOSQL Injection

Lecture 126 MongoDB Basics and NOSQL Injection

Section 21: Downloads Section

Lecture 127 Tryhackme blog walkthrough

Security Engineers,Penetration Testers,Python Enthusiasts,Bug Bounty Hunters,WebApp Security Testers