Offensive Bug Bounty (HKT)

$3,299.00

Duration

3 days

Delivery Method

in-person

Level

beginner

Seats Available

20

Duration

3 days

Delivery Method

in-person

Level

beginner

ATTEND IN-PERSON: Onsite in Phuket

DATE: 21-23 August 2023

TIME: 09:00 to 17:00 ICT/GMT+7

Date Day Time Duration
21 Aug Monday 0900-17:00 ICT/GMT+7 8 Hours
22 Aug Tuesday 0900-17:00 ICT/GMT+7 8 Hours
23 Aug Wednesday 0900-17:00 ICT/GMT+7 8 Hours

Bug bounty Hunting is the act of finding security vulnerabilities or bugs in a website and responsibly disclosing it to that company’s security team in an ethical way.

Bug bounties, also known as responsible disclosure programs, are set up by companies to encourage people to report potential issues discovered on their sites. Some companies choose to reward a researcher with bounty, swag, or an entry in their hall-of-fame list. If you are interested in web application security, then they have a great place of honing your skills, with the potential of earning some bounty and credibility at the same time.

 

Agenda

 

Day 1 


  1. Introduction
  2. Information Gathering & Basic Terminologies 2: Recon For Bug Bounty Hunting
  3. Introduction of Burpsuite
  4. Host Header Injection
  5. URL Redirection
  6. Parameter Tampering
  7. HTML Injection
  8. File Inclusion
  9. Missing/insufficient SPF record
  10. Insecure CORS Configuration
  11. Server Side Request Forgery 13: Critical File Found
  12. Source Code Disclosure
  13. Cross Site Request Forgery 16: NO RATE LIMITING
  14. Long Password Dos Attack
  15. HSTS
  16. Insecure Direct Object Refernce

 

Day 2


  1. Comprehensive XSS
  2. Hostile Subdomain Takeover
  3. SQL Injection
  4. Command Injection
  5. File Uploading
  6. XML External Entity Injection 26: Account Lockout
  7. Advanced SQL Injection

 

Day 3


  1. Android App Dynamic Vulnerability Hunting 29: Ios App Dynamic Vulnerability Hunting
  2. Hostile Subdomain Takeover
  3. Buffer Overflow
  4. WordPress
  5. Joomla
  6. Drupal
  7. Cms Vulnerability Hunting 36: Session Fixation
  8. Conclusion

Agenda

  • Day 1 

    - Introduction - Information Gathering & Basic Terminologies 2: Recon For Bug Bounty Hunting - Introduction of Burpsuite - Host Header Injection - URL Redirection - Parameter Tampering - HTML Injection - File Inclusion - Missing/insufficient SPF record - Insecure CORS Configuration - Server Side Request Forgery 13: Critical File Found - Source Code Disclosure - Cross Site Request Forgery 16: NO RATE LIMITING - Long Password Dos Attack - HSTS - Insecure Direct Object Reference

  • Day 2

    - Comprehensive XSS - Hostile Subdomain Takeover - SQL Injection - Command Injection - File Uploading - XML External Entity Injection 26: Account Lockout - Advanced SQL Injection

  • Day 3

    - Android App Dynamic Vulnerability Hunting 29: Ios App Dynamic Vulnerability Hunting - Hostile Subdomain Takeover - Buffer Overflow - Wordpress - Joomla - Drupal - Cms Vulnerability Hunting 36: Session Fixation - Conclusion

Why You Should Take This Course

This course teaches you the complete offensive approach to hunt bugs, and covers most of the critical vulnerabilities in web & mobile applications. Some companies choose to reward a researcher with bounty, swag, or an entry in their hall-of-fame list. If you are interested in the potential of earning some bounty and bug creds, this is the course for you.

Who Should Attend

  • Students,
  • Cyber Security Aspirants
  • Security Engineer
  • VAPT Employee

Key Learning Objectives

  • Offensive Approach to Find Vulnerabilities in a web app
  • Prerequisite Knowledge

    • Basic of OWASP TOP 10

    Hardware / Software Requirements

    • Burpsuite
    • Firefox

    Your Instructor

    Himanshu Mehta is currently working as a Security Officer at Atos and is very passionate about Cyber Security and Threat Intelligence. He is the advisory board member of the ECCouncil’s Licensed Penetration Tester group and HackersEra.

    He is involved in several bug bounty & Capture the Flag programs around the globe and has been invited to present his research at multiple renowned international security conferences like BlackHat, RSAC USA, ICS Singapore, Hack In Paris, HITB (Amsterdam, Dubai, Abu Dhabi), SecurityFest (Sweden), InfoSecurity (London), Offzone (Moscow), NanoSec (Malaysia), DSCI, National Cyber Security Conference, Best of the world Conference & Hakon.

    He previously worked as the Head of Cyber Threat Intelligence at Hive Pro, Senior Security Researcher at Darkmatter and led a global team of security intelligence at Symantec, which gave very good insight and increased his thirst into cyber-security that helped him eventually to emerge as a creative leader.

    Vikash Chaudhary is a Pillar of the Indian Ethical Hackers community and is responsible for a whole new generation of rising ethical hackers, a lot of whom successfully contribute to platforms like HackerOne & Bugcrowd. He’s looking to expand his mentorship for the new generation to come in this field i.e. Cyber Security, which he thinks could be a great resource to help grow the security talent pool worldwide.

    He is also the author of multiple security courses:

    1. “Offensive Approach to Hunt Bugs” A manual Hands-on Bug Bounty Course.

    2. “Offensive Bug Bounty – Hunter 2.0”

    3. “SDR Exploitation” Hands-On Penetration testing up in the air.

    Recently, his name was enlisted in the “Top 100 Security Researcher of Microsoft” and his rank is 51 among top 100 security researchers around the globe.