Udemy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Development
Web Development Data Science Mobile Development Programming Languages Game Development Database Design & Development Software Testing Software Engineering Development Tools No-Code Development
Business
Entrepreneurship Communications Management Sales Business Strategy Operations Project Management Business Law Business Analytics & Intelligence Human Resources Industry E-Commerce Media Real Estate Other Business
Finance & Accounting
Accounting & Bookkeeping Compliance Cryptocurrency & Blockchain Economics Finance Finance Cert & Exam Prep Financial Modeling & Analysis Investing & Trading Money Management Tools Taxes Other Finance & Accounting
IT & Software
IT Certification Network & Security Hardware Operating Systems Other IT & Software
Office Productivity
Microsoft Apple Google SAP Oracle Other Office Productivity
Personal Development
Personal Transformation Personal Productivity Leadership Career Development Parenting & Relationships Happiness Esoteric Practices Religion & Spirituality Personal Brand Building Creativity Influence Self Esteem & Confidence Stress Management Memory & Study Skills Motivation Other Personal Development
Design
Web Design Graphic Design & Illustration Design Tools User Experience Design Game Design Design Thinking 3D & Animation Fashion Design Architectural Design Interior Design Other Design
Marketing
Digital Marketing Search Engine Optimization Social Media Marketing Branding Marketing Fundamentals Marketing Analytics & Automation Public Relations Advertising Video & Mobile Marketing Content Marketing Growth Hacking Affiliate Marketing Product Marketing Other Marketing
Lifestyle
Arts & Crafts Beauty & Makeup Esoteric Practices Food & Beverage Gaming Home Improvement Pet Care & Training Travel Other Lifestyle
Photography & Video
Digital Photography Photography Portrait Photography Photography Tools Commercial Photography Video Design Other Photography & Video
Health & Fitness
Fitness General Health Sports Nutrition Yoga Mental Health Dieting Self Defense Safety & First Aid Dance Meditation Other Health & Fitness
Music
Instruments Music Production Music Fundamentals Vocal Music Techniques Music Software Other Music
Teaching & Academics
Engineering Humanities Math Science Online Education Social Science Language Teacher Training Test Prep Other Teaching & Academics
AWS Certification Microsoft Certification AWS Certified Solutions Architect - Associate AWS Certified Cloud Practitioner CompTIA A+ Cisco CCNA Amazon AWS CompTIA Security+ AWS Certified Developer - Associate
Graphic Design Photoshop Adobe Illustrator Drawing Digital Painting InDesign Character Design Canva Figure Drawing
Life Coach Training Neuro-Linguistic Programming Mindfulness Personal Development Meditation Personal Transformation Life Purpose Coaching Neuroscience
Web Development JavaScript React CSS Angular PHP WordPress Node.Js Python
Google Flutter Android Development iOS Development Swift React Native Dart Programming Language Mobile Development Kotlin SwiftUI
Digital Marketing Google Ads (Adwords) Social Media Marketing Google Ads (AdWords) Certification Marketing Strategy Internet Marketing YouTube Marketing Email Marketing Retargeting
SQL Microsoft Power BI Tableau Business Analysis Business Intelligence MySQL Data Analysis Data Modeling Big Data
Business Fundamentals Entrepreneurship Fundamentals Business Strategy Online Business Business Plan Startup Freelancing Blogging Home Business
Unity Game Development Fundamentals Unreal Engine C# 3D Game Development C++ 2D Game Development Unreal Engine Blueprints Blender
30-Day Money-Back Guarantee

This course includes:

  • 10 hours on-demand video
  • 1 article
  • 8 downloadable resources
  • Full lifetime access
  • Access on mobile and TV
IT & Software Network & Security Bug Bounty

Ethical Hacking/Penetration Testing & Bug Bounty Hunting v2

Complete Practical Course on Ethical Hacking, Penetration Testing and Bug Bounty Hunting with Live Attacks
Highest Rated
Rating: 4.5 out of 54.5 (90 ratings)
924 students
Created by Shifa Cyclewala, Rohit Gautam, Saba Cyclewala, Rahul Gautam
Last updated 1/2021
English
English [Auto]
30-Day Money-Back Guarantee

What you'll learn

  • Bug Bounty Hunting - Live
  • Tips and Tricks to hunt bugs
  • BreakDown of Hackerone Reports for better understanding
  • Interview Preparation Questions Answers and Approach
  • Web Application Penetration Testing - Live
  • Become a bug bounty hunters & Hunt on Live Websites
  • Intercept requests using a Burpsuite proxy
  • Gain full control over target server using SQL Injection Attacks
  • Discover Vulnerabilities, technologies & services used on target website.
  • Subdomain Takeovers
  • SQLi Interview Questions and Answers
  • Hunt Basic HTML Injection Vulnerabilities on Live Environments
  • Hunt Basic ClickJacking Vulnerabilities on Live Environments
  • Exploit and perform Local File Inclusion (LFI) on Live websites
  • Exploit and perform RemoteFile Inclusion (RFI) on Live websites
  • Exploit and perform Remote Code Execution (RCE) on Live websites
  • Fix and Mitigations against SQLi Vulnerabilities
  • Practical Tips and Tricks for hunting SQLi Live
  • Broken Link Hijacking
  • Fix and Mitigations against RCE Vulnerabilities
  • Interview Questions and answers
  • Bug Bounty - Roadmap for Hackerone
  • Bug Bounty - Roadmap for Bugcrowd
  • Bug Bounty - Roadmap for Open Bug Bounty
  • Bug Bounty - Roadmap for NCIIPC (Govt of India)
  • Bug Bounty - Roadmap for RVDP All Programs
  • Reporting Templates
Curated for the Udemy for Business collection

Requirements

  • Basic IT Skills
  • No Linux, programming or hacking knowledge required.
  • Computer with a minimum of 4GB ram/memory & Internet Connection
  • Operating System: Windows / OS X / Linux

Description

Welcome to Ethical Hacking / Penetration Testing and Bug Bounty Hunting Course v2.0 . This course covers web application attacks and how to earn bug bounties. There is no prerequisite of prior hacking knowledge and you will be able to perform web attacks and hunt bugs on live websites and secure them.

This course is not like other hacking or penetration testing course with outdated vulnerabilities and only lab attacks. This contains maximum live websites to make you comfortable with the Live Hunting Environment.

This course will start from basic principles of each vulnerability and How to attack them using multiple bypass techniques, In addition to exploitation, you will also learn how to fix them.

This course is highly practical and is made on Live websites to give you the exact environment when you start your penetrating testing or bug hunting journey.

We will start from the basics of each vulnerability and move ahead to the advance level of exploitation and multiple edge case scenarios on live websites.

This course is divided into a number of sections, each section covers how to hunt, exploit and mitigate a vulnerability in an ethical manner.

After identification of a vulnerability, we will exploit to leverage the maximum severity out of it. We will also learn how to fix vulnerabilities which are commonly found on the websites on the internet.

In this course, you will also learn How can you start your journey on many famous bug hunting platforms like Bugcrowd, Hackerone, Synack, Private RVDP, Intigriti, NCIIPC Govt of India and Open Bug Bounty.

Along with this, you will be able to hunt and report vulnerabilities to NCIIPC Government of India, also to private companies and to their responsible disclosure programs.

You will also learn Advance techniques to bypass filters and the developers logic for each kind of vulnerability. I have also shared personal tips and tricks for each attacks where you can trick the application and find bugs quickly.

This course also includes the Breakdown of all Hackerone Reports which are found and submitted by other hackers for better understanding as we will cover each type of technique in the course.

This course also includes important interview questions and answers which will be helpful in any penetration testing job interview.



Here's a more detailed breakdown of the course content:

In all the sections we will start the fundamental principle of How the attack works, Exploitation and How to defend from those attacks.


In Lab Setup, We will cover what is Burpsuite Proxy and Linux, also we will learn how to setup both for further pentesting and hunting.


1. In Subdomain Takeovers, we will cover all different types of cloud based scenarios  like AWS, Github, Shopify, Tumblr and many more. In addition, we will learn Advance fingerprints and our newly made Can I take over all XYZ templates.

We will see all the types of Subdomain takeovers attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.

This course also includes a breakdown of all the Hackerone reports submitted by other hackers for Subdomain Takeovers type of vulnerability wherein we will see and practice all types of attacks in our course.

In the end, we will also cover mitigations to secure a website and prevent these types of attacks.

In the end, I have added Interview Questions and answers which be helpful for you when Subdomain Takeovers questions are asked in any job or internship.


2. In File Inclusion , we will cover all diff types of ways to attacks Linux and Windows based systems. We will cover Local and Remote File Inclusion Attacks.

We will see all the types of File inclusion bypass on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.

We will also cover different ways to perform File Inclusion Exploitation using different techniques. We will also leverage our file inclusion to Remote Code Execution on live targets.

This course also includes a breakdown of all the Hackerone reports submitted by other hackers for File Inclusion type of vulnerability wherein we will see and practice all types of attacks in our course.

In the end, we will also cover mitigations to secure a website and prevent these types of attacks.

I have added Interview Questions and answers which be helpful for you when File Inclusion questions are asked in any job or internship.


3. In Server Side Request Forgery SSRF Attacks, we will check this vulnerability for different injection points, In addition, we will learn how to find these types of vulnerabilities in multiple targets.

We will see all the types of SSRF attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.


We will also cover different ways to perform SSRF Attacks Exploitation using multiple types by bypass tricks on targets.

We will also learn how to scan the internal ports of the target vulnerable running server.

We will also see the exploitation and download of the metadeta of the AWS Instances using SSRF which generally other researchers miss out.

This course also includes a breakdown of all the Hackerone reports submitted by other hackers for SSRF Attacks type of vulnerability wherein we will see and practice all types of attacks in our course.

In the end, we will also cover mitigations to secure a website and prevent these types of attacks.



4. In Remote Code Execution (RCE) Attacks, we will check this vulnerability for different injection points, In addition, we will learn how to find these types of vulnerabilities can lead to execution of malicious code on the target server.

We will also cover different ways to perform code injection attacks on multiple targets to make you comfortable with different examples and test cases.

This course also includes a breakdown of all the Hackerone reports submitted by other hackers for RCE type of vulnerability wherein we will see and practice all types of attacks in our course.

In the end, we will also cover mitigations to secure a website and prevent these types of attacks.



5. In SQL Injection, we will check this vulnerability for different injection points, In addition, we will learn how to find these types of vulnerabilities can lead to Database Dumping & Sensitive Data Disclosure of other users.

We will see all the types of SQLi attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.

We will also cover different ways to perform SQLi attacks and bypass SQLi protection on many live websites by using different WAF bypass payloads.


This course also includes a breakdown of all the Hackerone reports submitted by other hackers for SQLi type of vulnerability wherein we will see and practice all types of attacks in our course.

In the end, we will also cover mitigations to secure a website and prevent these types of attacks.


6. In HTML Injection, we will check this vulnerability for different injection points, In addition, we will learn how to find these types of vulnerabilities can lead to tricking users in visiting malicious websites and identify theft.

We will see all the types of HTML Injection attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.

This course also includes a breakdown of all the Hackerone reports submitted by other hackers for HTML Injection type of vulnerability wherein we will see and practice all types of attacks in our course.

In the end, we will also cover mitigations to secure a website and prevent these types of attacks.


7. In Clickjacking, we will check this vulnerability for different targets, In addition, we will learn how to find these types of vulnerabilities can lead to sensitive actions on target websites.

We will see all the types of Clickjacking attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.

This course also includes a breakdown of all the Hackerone reports submitted by other hackers for Clickjacking type of vulnerability wherein we will see and practice all types of attacks in our course.

In the end, we will also cover mitigations to secure a website and prevent these types of attacks.


8. In Broken Link Hijacking , we will check this vulnerability for different targets, In addition, we will learn how to find these types of vulnerabilities can lead to takeovers of files, accounts, media etc  on target websites.

We will see all the types of BHL attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.

This course also includes a breakdown of all the Hackerone reports submitted by other hackers for BHL type of vulnerability wherein we will see and practice all types of attacks in our course.

In the end, we will also cover mitigations to secure a website and prevent these types of attacks.



You will also get additional BONUS sessions, in which I m going to share my personal approach for hunting bugs. All the videos are recorded on Live websites so that you understand the concepts as well as you get comfortable to work on a live environment. I have also added Interview Questions and answers for each attack which will be helpful for those are preparing for Job Interviews and Internships in the field of Information Security.


With this course, you get 24/7 support, so if you have any questions you can post them in the Q&A section and we'll respond to you as soon as possible.

Special Thanks to -  Ronit Bhatt, Vaibhav Lakhani, Ritika Keni, Pranav Bhandari and all other Hacktify Team Members for Vulnerability Disclosures POC's & constant support.

If you would like to contribute to us mail at - shifa@hacktify.in


Notes:

  • This course is created for educational purposes only and all the websites I have performed attacks are ethically reported and fixed.

  • Testing any website which doesn’t have a Responsible Disclosure Policy is unethical and against the law, the author doesn’t hold any responsibility.

Who this course is for:

  • Anybody interested in learning website & web application hacking / penetration testing.
  • Any Beginner who wants to start with Penetration Testing
  • Any Beginner who wants to start with Bug Bounty Hunting
  • Trainer who are willing to start teaching Pentesting
  • Any Professional who working in Cyber Security and Pentesting
  • Ethical Hackers who wants to learn How OWASP Works
  • Beginners in Cyber Security Industry for Analyst Position
  • SOC person who is working into a corporate environment
  • Developers who wants to fix vulnerabilities and build secure applications

Featured review

Anas Asif
Anas Asif
34 courses
3 reviews
Rating: 5.0 out of 53 weeks ago
This is exactly what I have been looking for. The course is practical and demonstrator explains each step as he goes. I have completed till section 4 which involves setting up domain finder and subdomain takeover tools and their practical examples.

Course content

13 sections • 102 lectures • 9h 58m total length

  • Preview01:02

  • Future Updates
    01:32

  • Preview17:11

  • What are Subdomains
    03:52
  • Subdomain Enum
    05:12
  • What is DNS
    09:26
  • Fastest Resolver
    07:38
  • What are DNS Records
    07:56
  • Sublister
    06:00
  • Findomain
    03:02
  • Subfinder
    06:27
  • Recursive Subdomain Enumeration
    03:08
  • Can I take over XYZ
    06:54
  • Preview06:37
  • Preview14:36
  • AWS Subdomain Takeover Live -2
    07:14
  • AWS Bugcrowd Report Breakdown
    06:11
  • Tumblr Subdomain Takeover
    08:23
  • Shopify Subdomain Takeover
    11:55
  • Cargo Subdomain Takeover
    04:38
  • Subzy Tool Automation for Subdomain Takeovers
    05:47
  • Subjack - Tool for Subdomain Takeovers
    05:10

  • What is HTML
    05:41
  • Understanding HTML
    03:15
  • HTML
    03:59
  • HTML Injection - Lab
    05:06
  • HTML Injection Live-1
    04:02

  • Click Jacking Live-1
    03:31
  • Click Jacking Live-2
    02:56
  • Click Jacking Live-3
    03:35
  • Click Jacking Live-4
    03:57
  • Clickjacking Exploitation
    07:40
  • Clickjacking Live Target Exploitation
    07:29
  • Clickjacking Automation Live Target Exploitation
    03:27
  • Clickjacking - ClickBandit with Burpsuite
    05:55

  • What is LFI
    04:15
  • LFI Exploitation on Lab
    09:10
  • LFI Exploitation Live -1
    04:49
  • LFI Exploitation Live -2
    04:43
  • Preview11:52
  • LFI vs RFI
    03:26

  • Introduction & Background Concept
    05:39
  • BLH Exploitation Practical
    05:36
  • BLH Exploitation Tool
    06:17
  • BLH Instagram Report Breakdown
    02:01
  • BLH Exploitation Practical Live
    02:24
  • BLH Hackerone Report Breakdown
    03:00
  • BLH Practical Tool Resource
    03:30
  • BLH Exploitation Practical Extension Tool
    03:42
  • BLH Command Injection
    05:01
  • BLH Exploitation Github Repo - Live
    07:16

  • SQL Injection Background Concept
    02:21
  • SQL vs Spreadsheets
    01:46
  • SQL Database Importance
    01:44
  • XAMPP Installation & Setup
    05:25
  • SQL Practical Hands on - First Table
    05:25
  • SQL Practical Hands on - Queries
    02:16
  • SQL Practical Hands on - Second Table
    05:47
  • SQL Practical Hands on - Exercise
    02:24
  • Truth Table
    01:51
  • Truth Table Practical
    06:11
  • SQL Understanding the Logic
    02:54
  • SQL Query Breakdown
    03:45
  • SQL Injection Impact & Approach
    05:43
  • SQLi on Lab-1
    03:57
  • SQL Query Breakdown payload-2
    03:49
  • SQLi on Lab-2
    05:45
  • Burp suite Web Academy
    02:24
  • SQLi Labs Data Retrieval Lab
    04:37
  • SQLi Labs Data Retrieval Live
    02:01
  • SQLi Login Bypass Lab
    02:14
  • SQLi Login Bypass Live 1
    02:57
  • SQLMap Installation & Setup
    03:14
  • SQLMap Exploitation - Live 2
    11:58
  • SQLMap Exploitation - Live 3
    09:40
  • Shell Exploitation Techniques
    02:26
  • SQL : Shell Exploitation - Live 4
    05:16

  • SSRF Introduction & Principle
    06:41
  • SSRF Practical
    10:06
  • SSRF Bincatcher Listener
    05:13
  • SSRF against Server Itself
    11:07
  • SSRF against another Backend Server
    10:08
  • SSRF Bypass Protection Blacklist Filter
    11:03
  • SSRF Bypass Protection Whitelist Filter
    08:07
  • SSRF Chaining with Open Redirect and Bypass Filter
    06:20
  • SSRF Exploitation using MPEG - Live
    06:58
  • SSRF Exploitation JIRA chaining with XSS - Live
    02:01
  • SSRF Exploitation JIRA chaining with XSS - Live
    04:01
  • SSRF Exploitation JIRA Automation with Python
    05:26
  • SSRF Facebook Breakdown
    14:42
  • SSRF Microstrategy Live -1
    06:29
  • SSRF PHP Filter Live
    08:04
  • SSRF PHP Filter Wordpress Config Live
    05:38

Instructors

Shifa Cyclewala
Founder at Hacktify Cyber Security
Shifa Cyclewala
  • 4.4 Instructor Rating
  • 1,475 Reviews
  • 22,467 Students
  • 6 Courses

I am Shifa Cyclewala the Founder of Hacktify Cyber Security

I am into Cyber Security Training for many years. Students have loved our courses and given 5 ★ Ratings and made Bestseller across Mumbai

My students have been in the Top 15 Cyber Security Researchers of India twice in a Row.

Apart from training's, I'm a Security researcher and a Mobile Application Developer.

I have worked for all the topmost international schools of India as a technical Instructor.

I have worked with Software development Companies into their development team ZingHR was the last Organization i worked with.

I am Working towards development of Women in Cybersecurity and 

• Presented Cyber security awareness sessions in many colleges across Mumbai

• Speaker at VULNCON 2020

• Trained more than 1000+ individuals in Cyber Security

• Conducted more than 50 workshops pan India

• Invited as Keynote speaker at Rohidas Management Studies, A.E Khalsekar College, DY Patil College, Shah and Anchor Engineering College, KJ Somaiya etc..

• Invited as a Key Speaker at Women in Cyber Security (WCS) and Infosec Girls.

Rohit Gautam
Founder & CEO of Hacktify Cyber Security
Rohit Gautam
  • 4.4 Instructor Rating
  • 1,475 Reviews
  • 22,467 Students
  • 6 Courses

I am Rohit Gautam the CEO & Founder of Hacktify Cyber Security

I am into Cyber Security Training for many years. Students have loved my courses and given 5 ★ Ratings and made Bestseller on Udemy

My students have been in the Top 15 Cyber Security Researchers of India twice in a Row.

Apart from training's, I'm a security researcher with special interest in network exploitation and web application security analysis and Red Teaming

I have worked for all the topmost banks of India in their VAPT Team.

I have worked with ICICI, Kotak, IDFC bank I have also experience working with NSDL and some financial organizations like Edelweiss

I have worked on many private projects with NTRO & Govt of India.

I was acknowledged with Swag, Hall of Fame, Letter Of Appreciation, and Monetary rewards by Google, Facebook, Conclusion, Seek, Trip Advisor, Riddlr, Hakon, Acorns, Faasos, and many more companies for finding out vulnerabilities in their organization and responsibly reporting it.



Saba Cyclewala
Training Manager at Hacktify Cyber Security
Saba Cyclewala
  • 4.5 Instructor Rating
  • 90 Reviews
  • 924 Students
  • 1 Course

I am Saba Cyclewala Training Manager at Hacktify Cyber Security.

I am into Modelling and Aviation with special interest in Cyber Security.

I am into Cyber Security Training . Students have loved our courses across Mumbai.

Apart from training's, I'm a Security researcher.

I have worked with best Airlines in India.

I was Invited as a Key Speaker at Infosec Girls.

Rahul Gautam
Security Consultant at Hacktify Cyber Security
Rahul Gautam
  • 4.5 Instructor Rating
  • 90 Reviews
  • 924 Students
  • 1 Course

Hi, I'm a power electronics and embedded system engineer with special interest in Electronics and Cyber Security.

Working presently as a security consultant at Hacktify Cyber Security.

I have been invited as a Keynote speaker at many seminars and webinars.

Our courses at bestseller courses across India in Cyber Security, Ethical Hacking and Bug Bounty Hunting.

My Hobbies are Sports, Music & Dance.

  • Udemy for Business
  • Teach on Udemy
  • Get the app
  • About us
  • Contact us
  • Careers
  • Blog
  • Help and Support
  • Affiliate
  • Terms
  • Privacy policy
  • Cookie settings
  • Sitemap
  • Featured courses
Udemy
© 2021 Udemy, Inc.