Offensive Bug Bounty

This course teaches you the complete offensive approach to hunt bugs, and covers most of the critical vulnerabilities in web & mobile applications.
Some companies choose to reward a researcher with bounty, swag, or an entry in their hall-of-fame list. If you are interested in the potential of earning some bounty and bug creds, this is the course for you.

EUR $3,299.00

Duration

3 days

Delivery Method

in-person

Level

beginner

Seats Available

20

ATTEND IN-PERSON: Onsite in Amsterdam 

DATE: 17-19 April 2023

TIME: 09:00 to 17:00 CEST/GMT+2

Date Day Time Duration
17 Apr Monday 0900-17:00 CEST/GMT+2 8 Hours
18 Apr Tuesday 0900-17:00 CEST/GMT+2 8 Hours
19 Apr Wednesday 0900-17:00 CEST/GMT+2 8 Hours

 


Offensive Bug Bounty – Hunter 2.0 This course will cover Most of the Critical Vulnerabilities in Web Application & Mobile Application. You have to first Complete Offensive Approach to Hunt Bugs, after this course, you will emerge as a stealth Bug Bounty Hunter.

Bug bounty Hunting is the act of finding security vulnerabilities or bugs in a website and responsibly disclosing it to that company’s security team in an ethical way. Bug bounties, also known as responsible disclosure programs, are set up by companies to encourage people to report potential issues discovered on their sites. Some companies choose to reward a researcher with bounty, swag, or an entry in their hall-of-fame list. If you are interested in web application security, then they have a great place of honing your skills, with the potential of earning some bounty and credibility at the same time.

 

Agenda

 

Day 1 


  1. Introduction
  2. Information Gathering & Basic Terminologies 2: Recon For Bug Bounty Hunting
  3. Introduction of Burpsuite
  4. Host Header Injection
  5. URL Redirection
  6. Parameter Tampering
  7. HTML Injection
  8. File Inclusion
  9. Missing/insufficient SPF record
  10. Insecure CORS Configuration
  11. Server Side Request Forgery 13: Critical File Found
  12. Source Code Disclosure
  13. Cross Site Request Forgery 16: NO RATE LIMITING
  14. Long Password Dos Attack
  15. HSTS
  16. Insecure Direct Object Refernce

 

Day 2


  1. Comprehensive XSS
  2. Hostile Subdomain Takeover
  3. SQL Injection
  4. Command Injection
  5. File Uploading
  6. XML External Entity Injection 26: Account Lockout
  7. Advanced SQL Injection

 

Day 3


  1. Android App Dynamic Vulnerability Hunting 29: Ios App Dynamic Vulnerability Hunting
  2. Hostile Subdomain Takeover
  3. Buffer Overflow
  4. WordPress
  5. Joomla
  6. Drupal
  7. Cms Vulnerability Hunting 36: Session Fixation
  8. Conclusion

Why You Should Take This Course

This course teaches you the complete offensive approach to hunt bugs, and covers most of the critical vulnerabilities in web & mobile applications.
Some companies choose to reward a researcher with bounty, swag, or an entry in their hall-of-fame list. If you are interested in the potential of earning some bounty and bug creds, this is the course for you.

Who Should Attend

  • Students,
  • Cyber Security Aspirants
  • Security Engineer
  • VAPT Employee

Key Learning Objectives

  • Offensive Approach to Find Vulnerabilities in a web app
  • Prerequisite Knowledge

    • Basic of OWASP TOP 10

    Hardware / Software Requirements

    • Burpsuite
    • Firefox

    Your Instructor

    Himanshu Mehta is currently working as the Head of Cyber Threat Intelligence at Hive Pro and is very passionate about Cyber Security and Threat Intelligence. He is the board member of the EC-Council’s Licensed Penetration Tester group and involved in several bug bounty & Capture the Flag programs around the globe.

    He has been invited as Chief Guest for several security events and presented his research at multiple international security conferences like RSAC USA, ICS Singapore, Hack In Paris, HITB (Amsterdam, Dubai, Abu Dhabi), SecurityFest (Sweden), InfoSecurity (London), Offzone (Moscow), NanoSec (Malaysia), DSCI, National Cyber Security Conference, Best of the world Conference & Hakon.

    He previously worked as a Senior Security Researcher at Darkmatter and led a global team of security intelligence at Symantec, which gave very good insight and increased his thirst into cyber-security that helped him eventually to emerge as a creative leader.

    Vikash Chaudhary is a Pillar of the Indian Ethical Hackers community and is responsible for a whole new generation of rising ethical hackers, a lot of whom successfully contribute to platforms like HackerOne & Bugcrowd. He’s looking to expand his mentorship for the new generation to come in this field i.e. Cyber Security, which he thinks could be a great resource to help grow the security talent pool worldwide.

    He is also the author of multiple security courses:

    1. “Offensive Approach to Hunt Bugs” A manual Hands-on Bug Bounty Course.

    2. “Offensive Bug Bounty – Hunter 2.0”

    3. “SDR Exploitation” Hands-On Penetration testing up in the air.

    Recently, his name was enlisted in the “Top 100 Security Researcher of Microsoft” and his rank is 51 among top 100 security researchers around the globe.