Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Bug Bounty Hunting Expert - Became A Professional Bug Bounty Hunter
01 INTRODUCTION
001 About Instructor (9:01)
002 Course Introduction and Overview (3:21)
003 Why you should take this (1:12)
004 Teaser of Offensive Approach to Hunt Bugs _Part 1_ (23:00)
005 Teaser of Offensive Approach to Hunt Bugs _Part 2_ (24:27)
02 INFORMATION GATHERING BASIC TERMINOLOGIES
005 Information Gathering (12:45)
03 INTRODUCTION OF BURP SUITE
006 Steps to Configure Burpsuite with Firefox (5:04)
007 How to Use Burpsuite - Spider Repeater Intruder (5:07)
04 COMPREHENSIVE XSS
008 Background-Concept-XSS (7:07)
009 Basic XSS (13:14)
010 Basic XSS on Lab (17:30)
011 Manual Building XSS Vector (17:59)
012 XSS through Filter Bypassed XSS payloads On Lab (10:54)
013 XSS On Live Websites (16:59)
014 XSS Hunting Live Part 1 (8:32)
015 XSS Hunting Live Part 2 (12:54)
016 XSS Hunting Live Part 3 (6:40)
017 XSS Through Header Parameter (3:40)
018 Reflected XSS Vs Stored XSS (3:35)
019 Exploitation of XSS - 1. URL Redirection (1:38)
020 Exploitation of XSS - 2. Phishing Through XSS (2:48)
021 Exploitation of XSS - 3. Cookie Stealing (6:41)
022 XSS Through File Uploading (3:40)
023 XSS Through Remote File Inclusion (1:33)
024 Convert Self XSS to Reflected XSS (2:46)
025 POC - 1 XSS Attack (1:44)
026 POC - 2 XSS Attack (0:58)
027 POC - 3 XSS Attack (1:09)
028 POC 4 XSS Attack (1:12)
029 POC 5 XSS Attack (1:31)
030 POC 6 XSS Attack (2:45)
031 POC 7 XSS Attack (0:57)
032 POC 8 XSS Attack (2:03)
05 HOST HEADER INJECTION
033 Overview of Host Header Injection (1:53)
034 Host Header Attack 1. Open Redirection (6:59)
035 Host Header Attack 2. Cache Poisoning (1:38)
036 Host Header Attack 3. Password Reset Poisoning (3:48)
037 Host Header Attack 4. XSS Through Host Header (2:42)
038 POC - 1 Host Header attack (0:50)
039 POC - 2 Host Header Attack (0:55)
040 POC - 3 Host Header Attack (0:53)
041 POC -4 Host Header Attack (0:51)
042 POC - 5 Host Header Attack (1:02)
043 POC - 6 Host Header Attack (1:20)
044 POC - 7 Host Header Attack (0:38)
06 URL REDIRECTION
045 Background Concept about URL Redirection (1:36)
045 URL-Redirection-Background
046 URL Redirection Through Get Parameter (9:50)
046 URL-Redirection-Through-Get-Parameter
047 URL Redirection Through Path Fragments (6:42)
048 POC of URL Redirection 1 (0:20)
050 POC 3 Open Redirection Vulnerability (0:27)
051 POC 4 Open Redirection Vulnerability (0:40)
052 POC 5 Open Redirection Vulnerability (1:01)
053 POC 6 Open Redirection Vulnerability Discovered by Dawood Ansar (1:18)
07 PARAMETER TAMPERING
054 Background Concept about Parameter Tampering (3:07)
054 Background-Parameter-Tampering
055 Parameter Tampering - Example 1 (3:56)
056 Parameter Tampering - Example 2 (2:58)
057 Parameter Tampering - Example 3 (3:18)
058 Parameter Tampering - Example 4 (4:32)
059 Parameter Tampering - Example 5 (4:22)
08 HTML INJECTION
060 Background Concept about HTML Injection (1:44)
060 background-htmli (1:44)
061 HTML Injection Finding - Example1 (3:55)
062 HTML Injection Finding - Example2 (5:47)
063 HTML Injection Finding - Example3 (4:56)
09 FILE INCLUSION
065 Background Concept about File Inclusion (3:03)
066 LFI Vs RFI (4:43)
067 LFI Hunting Part 1 (2:44)
068 LFI Hunting Part 2 (4:00)
069 Exploitation of LFI (2:30)
070 RFI Hunting (4:14)
10 MISSING INSUFFICIENT SPF RECORD
071 Background-SPF
071 Background Concept about Missing insufficient SPF record (2:16)
072 Testing-SPF
072 Testing SPF (3:08)
073 Exploitation of SPF (5:21)
074 POC 1 SPF (1:31)
075 POC 2 - SPF Vulnerability (1:17)
076 POC 3 - SPF Vulnerability (1:28)
077 POC 4 - SPF Vulnerability (1:48)
078 POC 5 - SPF Vulnerability (1:15)
11 INSECURE CORS CONFIGURATION
079 Background-Concept-Insecure-CORS
079 Background Concept about CORS (3:03)
080 Insecure-CORS-Response-Header
080 Insecure CORS by Checking Response Header (6:05)
081 Insecure CORS through Request Header (6:55)
081 Insecure-CORS-Through-Request-Header
082 exploitation-cors
082 Exploitation of Insecure CORS (11:20)
12 SERVER SIDE REQUEST FORGERY
084 Background Concept about SSRF (3:16)
085 SSRF Testing on Lab (9:10)
086 SSRF
086 SSRF on Live web (4:11)
087 SSRF
087 Exploitation of SSRF attack (9:30)
13 CRITICAL FILE FOUND
088 Background Concept about Critical File Found (2:38)
089 Critical File Found on Live web 1 (7:02)
090 Critical File Found on Live web 2 (11:55)
090 Critical-File
14 SOURCE CODE DISCLOSURE
091 Background Concept about Source Code Disclosure (1:23)
092 Source Code Disclosure on Lab (3:49)
093 Source Code Disclosure on Live Web (2:09)
15 CROSS SITE REQUEST FORGERY
094 Background Concept about CSRF (2:38)
095 Injection Point for CSRF (1:37)
096 CSRF on Logout Page (1:50)
097 CSRF Live (3:18)
098 CSRF page on some critical Business Logic Page (3:59)
099 CSRF POC -1 (1:46)
100 CSRF POC 2 (2:52)
101 CSRF POC -3 (2:25)
16 HOSTILE SUBDOMAIN TAKEOVER
102 Background Concept about Hostile Subdomain Takeover (6:34)
103 Hostile Subdomain Takeover on Live web 1 (7:34)
104 Hostile Subdomain Takeover on Live web 2 (5:15)
17 SQL INJECTION
105 Background Concept about SQL injection (3:29)
106 SQL Injection Lab Setup (6:06)
107 Injection Point for SQL Injection (5:23)
108 SQLI
108 Learn SQL Query Fixing (10:27)
109 SQLI GET Based Part 1 (10:37)
110 SQLI GET Based Part 2 (5:20)
18 COMMAND INJECTION
128 Background Concept about Command Injection (3:18)
128 Background-CMDi
129 Command Injection on Lab Part 1 (4:50)
130 Command Injection on Live Web 1 (4:34)
131 Command Injection on Live Web 2 (3:13)
132 exploitation-CMDI
132 Exploitation of Command Injection (3:45)
19 FILE UPLOADING
133 File-Uploading
133 Background Concept about File Uploading (1:17)
134 File Uploading Part 1 (5:15)
135 File Uploading Part 2 (3:48)
136 File Uploading Part3 (3:38)
137 File Uploading on Live Part 2 (1:26)
20 XML EXTERNAL ENTITY INJECTION
138 XXE
138 Background Concept about XXE Injection (1:58)
139 XXE on Lab (2:03)
21 THANK YOU
140 Thank you message (0:28)
Teach online with
065 Background Concept about File Inclusion
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock