Ethical Hacking / Penetesting & Bug Bounty Hunting 2025

Explore the Open Web Application Security Project and injection, study the OWASP top ten and 2013–2017 updates, and learn fixes via input validation, escaping, and parameterized queries.

Broken authentication allows attackers to bypass session controls, brute force credentials, or evade rate limits, enabling temporary or account takeover; fix with strong authentication, rate limiting, and secure session management.

Explore how sensitive data exposure occurs when apps fail to protect passwords, API keys, or invoices, causing leaked tokens and insecure storage, with practical fixes.

Explore XML external entities (XXE) vulnerabilities, including data disclosure, SSRF, port scanning, denial of service, and remote code execution, and learn how to fix by validating input and disabling DTD.

Understand broken access control, combining IDOR and missing functional level access control, leading to privilege escalation among student, teacher, and principal roles, with server-side enforcement and token handling as fixes.

Explore cross site scripting, including reflected, stored, and DOM XSS, the most prevalent web vulnerability. Unvalidated input enables javascript execution and session hijack; escaping and a WAF prevent it.

Understand how the ninth vulnerability in the OWASP top 10, using components with known vulnerabilities, leads to remote code execution and server takeovers when software is outdated.

Address insufficient logging and monitoring by enforcing comprehensive logging and real-time monitoring, capturing auditable events such as logins, failed logins, and high-value transactions, with alerts to the SOC.

Learn to set up Burp Suite as a proxy for web traffic, configure Firefox, install the CA certificate, and practice intercepting and modifying requests in a lab.

Showcases an OTP bypass vulnerability in healthie.in, illustrating how responding to client-side checks and API manipulation can lead to account takeover.

Demonstrates an authentication bypass attack on the BMW India website by intercepting and altering OTP verification responses with Burp Suite to bypass mobile verification and book a test drive.

Exposes a logic flaw in a Starquik otp verification flow that accepts a master otp 0000, enabling account takeover and wallet balance access through login bypass.

the video demonstrates authentication bypass exploitation, showing how manipulated otp verification and burpsuite intercepts can lead to account takeover, including email and phone number access.

demonstrates captcha bypass via response manipulation, exposing client-side validation weaknesses and showing how otp and captcha can be manipulated to reset a password.

Demonstrates an authentication bypass leading to account takeover by exploiting user ID and OTP validation, underscoring the need for strong access controls and secure session handling.

Demonstrates authentication bypass through manipulating the user id parameter to take over accounts, using OTP verification, Burp interception, and post requests to log in on misrii.com.

This lecture demonstrates how OTP exposure in web responses enables authentication bypass and account takeover, illustrated with a bank site and a chat bot attack.

This lecture demonstrates an authentication bypass via otp exposure in the response, revealing verification codes to an attacker. It uses intercepting a post request with Burpsuite to show the vulnerability.

Explore a two-factor authentication flaw that enables bypassing the authentication flow and logging into a web application by manipulating the mfa enabled flag.

Discover mitigations for authentication bypass by enforcing server-side checks, using json web token, encrypted data such as aes, and addressing captcha and two-factor bypass risks.

Explore authentication bypass concepts, including types, and real-world impact, showing how attackers bypass two-factor authentication, captcha, and OTP, and discuss severity, business risk, and fixes.

Show how the OWASP ZAP proxy serves as a Burp suite alternative for intruder-like testing. Note that throttling is unavailable in Burp's free edition, so ZAP can be used instead.

Explore how no rate limit enables account takeover by brute-forcing OTPs, exposing authentication flaws and the risks of unlimited requests on live sites.

Demonstrate no rate limit on OTP verification and how attackers can trigger an account takeover by sending multiple OTP guesses and reusing a valid token.

Demonstrates a no rate limit vulnerability that enables brute-forcing OTP verifications on a live site, leading to potential account takeover and security risk exposure.

explain how a no rate limit attack enables account takeover by bypassing OTP verification through brute-forcing, using Burp Suite intruder to automate throttled requests.

Demonstrates a no-rate-limit login bypass by brute-forcing a four-digit OTP via the forget-password flow, using burp suite intruder to achieve account takeover.

Bypassing Instagram's rate limiting using race conditions and IP rotation, the researcher demonstrated Burp Suite Intruder with multiple IP addresses and earned thirty thousand dollars.

Demonstrates no rate limit bypass techniques by spoofing headers such as x forwarded for and x forwarded host, with practical tests across sites and a supporting python script.

Learn to bypass IP-based rate limits with the Burp Suite fake IP extension by injecting local, random, or specified IP headers.

Enforce server-side rate limiting by tracking per-action and per-account attempts and block abusive actions, instead of relying on IP-based limits that can be spoofed.

Learn to use OWASP ZAP as a free alternative to Burp Suite, configure the proxy, and perform no rate limit fuzzing on OTP login to test for vulnerabilities.

Demonstrates reflected XSS balancing by crafting and executing a JavaScript payload on a live site. Shows how to break out of a quoted parameter to trigger script execution.

Demonstrates a reflected xss attack (rxss) by injecting a payload into a search field, which executes JavaScript and reveals a vulnerability in the web application.

Learn to build and balance manual reflected XSS payloads by examining page sources, locating the value parameter, and triggering script execution.

Explore how to bypass script tag blocking for reflected xss on limited inputs, using image src with onerror, and switching from alert to confirm or prompt payloads.

Explores XSS on limited inputs with carid.com, demonstrating how input stripping blocks simple scripts and how to bypass with alternative payloads, including image-based techniques and on error alerts.

Discover how to test for cross-site scripting by injecting payloads into request headers, like the referer header, using Burp Suite and repeater to see reflection and identify XSS vulnerabilities.

Explore how reflected XSS in the user agent and payload poisoning of a caching server demonstrate cache miss and hit behavior, with practical demonstrations of storing XSS in cache.

Use burp spider to crawl the target site and reveal hidden parameters, identify injection points, and test xss by injecting a payload like script alert 1, as demonstrated on optimizely.com.

Explore how poorly validated input and weak html encoding allow an xss bypass, with a hands-on proof-of-concept showing reflected parameters and executable payloads.

Discover blind XSS exploitation in form submissions, learn how payloads trigger server-side execution, and use XSS Hunter for proof-of-concept testing in ethical hacking.

Explore a client-side xss vulnerability where unsanitized input travels from source to sink in the document object model, with a practical payload exploit.

Discover how to exploit dom xss using the document.location sink to redirect to external sites and execute xss payloads such as alert.

Explore dom-based xss in a demonstration of a vulnerable index parameter, showing how unsanitized user input reflected into the page can trigger an alert via an execution sink.

Use the dom xss automated scanner findom-xss to detect dom-based xss by cloning the repo, installing dependencies, configuring the path to linkfinder, and validating payloads on a target site.

Demonstrates how adding arbitrary parameters and headers can trigger reflected xss on a live site using burp suite, spidering, and payloads like script alert.

Explore mouse based xss payloads, including on mouse over, on mouse move, on mouse up, on mouse enter, on mouse leave, and on mouse out, to bypass reflected input checks.

Demonstrate how XSS can be triggered with a mouse payload on a live application, showing reflection, hover actions, and payload execution, with a preview of more mouse-based payloads.

Explore how different mouse-based payloads can trigger XSS in a web page, including on mouse over, on mouse move, and on mouse wheel events, with reflections and encoded payload variants.

Demonstrate XSS exploitation and URL redirection by injecting payloads into parameters, using Burp Suite spider to locate weaknesses, and causing victims to be redirected to an attacker’s site.

Learn how XSS exploitation can steal cookies through a lab demo that crafts a payload, runs a Python http server listener, and demonstrates account takeover after login.

Explore how cross-site scripting can be triggered by abusing file upload through exif metadata manipulation, inserting an xss payload into image metadata using exif tool.

Explore how to exploit XSS through file uploads by abusing upload forms, using Burp Suite to spider, dump, and repeater requests, and injecting a simple XSS payload.

Mitigate XSS by sanitizing untrusted input, encoding output, and validating input; deploy a strong WAF, filter input on arrival, use content type headers, and enforce a content security policy.

Explains XSS bonus tricks by using param spider to crawl wayback machine, extract parameters, and identify vulnerable values on subdomains like tez.google.com, highlighting a $3133.7 bug bounty.

Analyze HackerOne XSS reports to identify common payloads, stored and reflected patterns, and bounty outcomes across platforms, equipping bug bounty hunters with practical attack and defense insights.

Explore how csrf, or cross-site request forgery, enables an attacker to update a victim's email and password via a malicious link, risking account takeover.

Demonstrates a CSRF attack using a PoC file and Burp Suite to alter a logged-in user's profile, updating name and address after the victim clicks a phishing link.

Demonstrates a CSRF attack and why login/logout CSRF is out of scope, outlining three prerequisites and how a CSRF PoC changes a victim's password via an emailed HTML payload.

Demonstrate how csrf on live sites can change a victim's email and enable an account takeover by submitting forged requests.

Demonstrates a cross site request forgery CSRF attack that changes a victim's password using a forged request, Burp Suite tools, and a CSRF POC generator, highlighting phishing risks.

Demonstrates a csrf funds transfer attack in a lab, moving funds from the victim's account to the attacker, using burp suite to generate a poc and a crafted request.

Explore how attackers chain cross-site scripting to exfiltrate CSRF tokens and cookies, bypass CSRF protections, and submit CSRF/XSS bug reports, highlighting token leakage risks.

Learn how to mitigate csrf attacks by validating requests from legitimate sources, using dynamic per-request tokens with high entropy, and matching client tokens against server records.

Discover bonus tricks to identify csrf vulnerabilities by examining token handling, including cookie-based validation, static tokens, and the role of server-side validation and token entropy.

Demonstrate a reflection-based cors exploitation to exfiltrate account details from a red-teaming portal, revealing how sensitive information is exposed to an attacker site.

Explains exploitation of a reflected CORS vulnerability by injecting an origin and reflecting it in response headers, enabling exfiltration of credentials and sensitive data from a GoPro API.

demonstrates a cors proof-of-concept exploit against canva.com, showing how an attacker site can receive canva data via permissive access-control headers and credentials.

Examine how prefix and suffix match techniques exploit cors to bypass origin checks via headers like Access-Control-Allow-Origin and Access-Control-Allow-Credentials, guiding ethical hacking and bug bounty training.

Explore CORS mitigations, with the same-origin policy as the primary defense, and learn to discard reflective and arbitrary origins while applying proper origin validation beyond hostname checks.

Learn the HackerOne roadmap to find and report vulnerabilities, and navigate programs to earn bounties. Create an account, build reputation, and manage payouts from your profile.

Learn to start hunting on open bug bounty by creating an account, reporting vulnerabilities like XSS, and earning badges, certificates, and reputation through the open source community.

Learn how to report vulnerabilities to NCIIPC, the Government of India’s vulnerability disclosure program, including how to submit reports by email and how newsletters recognize top researchers.

Explore a road map to report vulnerabilities to private responsible disclosure programs worldwide, and learn to identify programs using bug bounty dorks and country top-level domains.