Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Ethical Hacking / Penetration Testing & Bug Bounty Hunting
Training Overview
Description of Training
Video Overview (3:11)
Course Introduction
1. Course Introduction (4:07)
2. Disclaimer (1:03)
Section 2: OWASP Top 10
3. What is OWASP and Injection (10:44)
4. What is Broken Authentication (2:57)
5. What is Senstive Data Exposure (5:34)
6. What is XML External Entities (2:43)
7. What is Broken Access Control (4:11)
8. What is Security Misconfiguration (2:24)
9. What is Cross Site Scripting (XSS) (3:52)
10. What is Insecure Deserialization (2:07)
11. What is Using Components with Known Vulnerabilities (2:11)
12. What is Insufficient Logging and Monitoring (3:03)
Revision of OWASP
Section 3: Burp Suite and Lab Setup
13. Burp Suite Proxy Lab Setup (17:11)
Burpsuite Setup Revision
Section 4: Authentication Bypass
14. Authentication Bypass Exploitation Live -1 (5:46)
15. Authentication Bypass Exploitation Live -2 (4:23)
16. Authentication Bypass Exploitation Live -3 (2:51)
17. Authentication Bypass Exploitation Live -4 (3:40)
18. Authentication Bypass Exploitation Live -5 (4:33)
19. Authentication Bypass Exploitation Captcha (2:48)
20. Authentication Bypass to Account Takeover Live -1 (5:35)
21. Authentication Bypass to Account Takeover Live -2 (3:52)
22. Authentication Bypass due to OTP Exposure Live -1 (4:10)
23. Authentication Bypass due to OTP Exposure Live -2 (3:14)
24. Authentication Bypass 2FA Bypass Live (3:40)
25. Authentication Bypass - Email Takeover Live (5:58)
26. Authentication Bypass Mitigations (1:58)
27. Authentication Bypass Interview Questions and Answers (4:16)
Authentication Bypass Revision
Section 5: No Rate-Limit Attacks
28. No Rate-Limit leads to Account Takeover Live Type-1 (12:30)
29. NO RL Alternative Tools Introduction (1:57)
30. No Rate-Limit leads to Account Takeover Live Type -2 (9:53)
31. No Rate-Limit leads to Account Takeover Live Type -3 (5:34)
32. No Rate-Limit leads to Account Takeover Live Type -4 (5:15)
33. No Rate-Limit leads to Account Takeover Live Type -5 (5:26)
34. No Rate-Limit to Account Takeover Live - Type 6 (6:58)
35. No Rate-Limit to Account Takeover Live - Type 7 (6:10)
36. No Rate-Limit Instagram Report Breakdown (0:55)
37. No Rate-Limit Instagram Report Breakdown 2 (4:15)
38. No Rate Limit Bypass Report Breakdown (5:29)
39. No Rate Limit Bypass Report Breakdown 2 (5:21)
40. No Rate-Limit to Tool Fake IP Practical (4:02)
41. No Rate-Limit test on CloudFare (4:08)
42. No Rate-Limit Mitigations (2:03)
43. No Rate-Limit All Hackerone Reports Breakdown (5:15)
44. Burp Alternative : OWASP ZAP Proxy for No RL (12:23)
No Rate-Limit Revision
Section 6: Cross Site Scripting (XSS)
45. How XSS Works (6:15)
46. Reflected XSS on Live 1 (3:12)
47. Reflected XSS on Live 2 (1:36)
48. Reflected XSS on Live Manual Balancing (9:52)
49. Reflected XSS on Live 3 Balanced (3:40)
50. XSS on Limited Inputs Live 1 (3:20)
51. XSS on Limited Inputs Live 2 (2:51)
52. XSS in Request Headers - Live (3:47)
53. Reflected XSS Useragent and Caching (6:41)
54. Reflected XSS Email Validator Live (4:49)
55. Reflected XSS Protection Bypass Live 1 - Base64 (5:36)
56. Reflected XSS Protection Bypass Live -2 (5:18)
57. XSS using Spider (6:30)
58. XSS Bypass Right Click Disabled (4:16)
59. Blind XSS Exploitation (5:54)
60. Stored XSS Exploitation Live (9:19)
61. DOM XSS Name (6:11)
62. DOM XSS Redirect (2:20)
63. DOM XSS Index (2:50)
64. DOM XSS Automated Scanner (12:05)
65. XSS on Live by Adding Parameters (3:22)
66. XSS Mouse on Lab (2:54)
67. XSS Mouse Live (1:44)
68. XSS Mouse Events All Types (3:25)
69. XSS Polyglots Live (6:54)
70. XSS Polyglots Breakdown (2:17)
71. XSS Exploitation - URL Redirection (4:38)
72. XSS Exploitation - Phishing (4:05)
73. XSS Exploitation Cookie Stealer Lab (10:14)
74. XSS Exploitation Cookie Stealer Live (8:35)
75. XSS Exploitation File Upload Type -2 (3:08)
76. XSS Exploitation File Upload Type -3 (6:32)
77. XSS Exploitation File Upload Type- 1 (3:23)
78. XSS Mitigations (2:19)
79. XSS Bonus TIPS and TRICKS (5:13)
80. XSS Hackerone ALL Reports Breakdown (8:31)
81. XSS Interview Questions and Answers (7:46)
XSS Revision
XSS Revision 2
XSS Revision 3
Section 7: Cross Site Request Forgery (CSRF)
82. How CSRF Works (4:53)
83. CSRF Alternative Tools Introduction (2:17)
84. CSRF on LAB (2:54)
85. CSRF on LAB - 2 (9:09)
86. CSRF on Live -1 (1:30)
87. CSRF on Live -2 (10:12)
88. CSRF Passoword Change Lab (3:28)
89. CSRF Funds Transfer Lab (3:05)
90. CSRF Request Methods Trick - Lab (3:32)
91. CSRF to Account Takeover Live -1 (7:12)
92. CSRF to Account Takeover Live -2 (7:38)
93. Chaining CSRF with XSS (2:27)
94. CSRF Mitigations (3:26)
95. CSRF BONUS Tips and Tricks (2:11)
96. CSRF ALL Hackerone Reports Breakdown (13:17)
97. CSRF Interview Questions and Answers (6:06)
98. Alternative to Burpsuite for CSRF : CSRF PoC Generator (13:01)
CSRF Revision
Section 8: Cross Origin Resource Sharing (CORS)
99. How CORS Works (3:16)
100. CORS 3 Test Cases Fundamentals (8:51)
101. CORS Exploitation Live -2 Exfiltration of Account Details (2:31)
102. CORS Exploitation Live -3 Exfiltration of Account Details (4:59)
103. CORS Live Exploitation -4 (1:45)
104. CORS Exploitation Facebook Live (2:04)
105. CORS Live Prefix Match (4:00)
106. CORS Live Suffix Match (4:11)
107. CORS Mitigations (2:13)
108. CORS Breakdown of ALL Hackerone Reports (10:55)
CORS Revision
Section 9: How to start with Bug Bounty Platforms and Reporting
109. BugCrowd ROADMAP (17:41)
110. Hackerone ROADMAP (8:57)
111. Open Bug Bounty ROADMAP (8:00)
112. NCIIPC Govt of Inida ROADMAP (8:27)
113. RVDP All Websites ROADMAP (6:25)
Bug Bounty Platforms
Section 10: Bug Bounty Reporting Templates
114. Reporting Templates
Section 11: Exploitation of CVE 2020-5902 Remote Code Execution
115. Exploitation (10:36)
116. Assets & Resources (9:24)
117. Final Words (3:30)
Section 12: Exploitation of CVE 2020-3452 File Read
118. Exploitation of CVE 2020-3452 File Read (19:23)
Chapter 13: Exploitation of CVE 2020-3187 File Delete
119. Exploitation of CVE 2020-3187 File Delete (8:44)
Chapter 14: Snapshot
Snapshot of Burpsuite
Chapter 15: PortSwigger Labs
XSS Portswigger Lab-1
CSRF Portswigger Lab-2
Chapter 16: OWASP top 10 2021
Understanding OWASP 2021 and Broken Authentication
Tips and Best Practices for IDOR
How to approch IDOR vulnerability
Chapter 17: Learning Waybackurlsbash tool
Tool :- Waybackurlbash
Chapter 18: XSS Automation
Reflected XSS
Audio Version of Training
Audio Download
71. XSS Exploitation - URL Redirection
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock