Name: Uncle Rat's Web Application Hacking And Bug Bounty Guide
Rating: 4.4 (971 reviews)

Udemy Business

Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Created byWesley Thijs

Last updated 5/2023

English

What you'll learn

A Bug Hunters mindset, i won't hold your hand. This is bug bounties
A solid bug bounty methodology to help you get started
Several attack techniques and how to employ them
What parameters to test for what vulnerabilities

Course content

32 sections • 144 lectures • 13h 42m total length

Introduction0:54
Bug bounties can be quite a strange topic. There are a couple of things you need to know so let's talk about them.
What you need to know about bug bounties - Video10:15
A look at bug bounties from all perspectives7:06
Explore bug bounties from multiple perspectives, covering motivations, learning mindsets, and how platforms connect ethical hackers with targets to improve security.
Discord invite link

Main app methodology - Video26:54
Master the main app methodology for bug bounty testing, covering parameter analysis, broken access control, sql injections, sdfs, csrf, and burp suite guided testing.
Main app methodology10:23
Main app methodology demonstration on the owasp juice shop9:40
Main app methodology - Demonstrated28:39
Map the scope, explore the application, and test inputs for cross-site scripting and html injection, sql injection, and broken access control using Burp Suite tools.
Quiz: Main app methodology

Broad scope manual methodology - Video11:12
Develop broad scope manual recon to complement automation, exploring subdomains, login pages, and source code through diverse sources like Google dorking and the Wayback Machine.
Broad scope manual methodology4:05
Quiz: Manual broad scope methodology
Broad scope automated methodology - video11:49
Birdseye view of broad scope methodology
Extra video: Quickly identify a target from a list of subdomains3:18
Learn to quickly identify web server targets from a large subdomain list by using eyewitness in Docker, loading a file of URLs, and capturing screenshots for easy target selection.
Quiz: Broad scope automated methodology

What exactly is CSRF and how does it happen?7:25
Explore how csrf works and how to implement and validate csrf tokens in php, including session-bound tokens, hidden form fields, and hash_equals with centralized checks.
Attack techniques: CSRF - Video9:40
Learn how CSRF attacks happen and how server-generated CSRF tokens defend against cross-site forgery, with practical testing using Burp Suite and token validation concepts.
Attack techniques: CSRF demonstration - video10:04
Explore csrf vulnerabilities with hands-on lab demos, testing email change flows using Burp, exploit servers, and auto-submit scripts; compare token validation for post vs get to reveal method-dependent defenses.
Quiz: CSRF
Attack techniques: CSRF4:37
Labs: CSRF basic labs0:10
You can open the 0.php to begin with but that should not vulnerable
Start with the next challenge on the list (can be anything from 01.php to 10.php) The instructions are on the page
http://hackxpert.com/CSRF/
Lab: CSRF on impactful functionality0:13
Solutions: CSRF on impactful functionality0:36
Video solution CSRF lab 5 - server does not check anything6:02
Explore how a CSRF token is generated and embedded as a hidden field, and how an unchecked token lets an attacker edit a post.
Video solution: Creation a CSRF PoC3:30
Demonstrates exploiting a missing csf token by crafting a post request to alter form data, revealing how csf vulnerabilities enable unauthorized actions like admin changes or fund transfers.

Captcha bypass5:15
Explore how captchas evolve from simple text to image-based challenges and behavior analysis, and examine bypass techniques like empty inputs, method changes, token reuse, and optical character recognition.
Labs: Captcha bypass0:05
Labs: Instructions0:15
The first few labs will have what i call "naked" issues, meaning it's just that functionality and nothing else.

The next labs you will find will have that functionality hidden among all other functionality to make it more bug bounty like. You might have to find other issues such as easy to guess credentials first.

More info at info@thexssrat.com
Extra resources0:10

Attack techniques - Broken Access Control - video9:39
master broken access control by examining vertical and horizontal privilege escalation, mapping targets with a mind map, and using manual and semi-automated burp testing with the authorize extension across levels.
Attack techniques - Broken Access Control3:04
Attack techniques - Broken Access Control - Overview
Quiz: Broken Access Control
Lab: Broken Access Control0:06
Solutions: Broken Access Control0:05
Extra resources0:03

Requirements

Be farmiliar with the basics of web communication like GET,POST,PUT,DELETE... calls
A computer that can run burp suite, OS doesn't matter

Description

SUDO

I can not promise this course will find you bugs. I can promise I will leave you with a solid methodology that's netted me a few nice extra monthly salaries. This method is not guaranteed to work for you. You will need to be adept. You will need to work.

If any course promises you that they WILL find you bugs, run as fast as you can.

WHOAMI

My name is uncle rat and i am here to help you take the next step. I am not here to hold your hand, I am here to push you over the edge. You've been practicing on practice platforms for long enough now, don't you think? It's time.

I will provide you with a solid methodology to build upon. I don't want you to follow in my footsteps, I want you to write your own legend. This is after all the place where legends are born.

Every chapter has at least a video file with slides to download and where applicable a full-text PDF with extra information. All extra's like cheat sheets are separately downloadable for your comfort.

- The XSS Rat

CAT 'goals.txt'

I can hack, but i can only hack one target at a time. My passion is teaching so why not hit two birds with one stone?

I created this course because i strongly believe that if i hack 1 target i am just me but if i train 1000 hackers, we are an army.

This is my goal, I want to make the internet a safer place but I can't do it alone.

Who this course is for:

Beginner bug bounty hunters who are looking for a solid methodology and mindset
Experienced pentesters looking to get into bug bounties
Companies training their cybersecurity staff to withstand even the toughest of logic attacks

What you'll learn

Explore related topics

Course content

Introduction4 lectures • 18min

The Intricacies of bug bounties1 lecture • 27min

Main app methodology4 lectures • 1hr 16min

Broad scope methodology5 lectures • 30min

Attack techniques: CSRF9 lectures • 42min

Attack technique: Open redirect3 lectures • 4min

Attack techniques: Intro to JWT3 lectures • 7min

Attack techniques: CAPTCHA bypass4 lectures • 6min

Attack techniques - Broken Access Control6 lectures • 13min

Attack techniques - IDOR By Uncle Rat4 lectures • 18min

Requirements

Description

Who this course is for: