Udemy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Development
Web Development Data Science Mobile Development Programming Languages Game Development Database Design & Development Software Testing Software Engineering Software Development Tools No-Code Development
Business
Entrepreneurship Communication Management Sales Business Strategy Operations Project Management Business Law Business Analytics & Intelligence Human Resources Industry E-Commerce Media Real Estate Other Business
Finance & Accounting
Accounting & Bookkeeping Compliance Cryptocurrency & Blockchain Economics Finance Finance Cert & Exam Prep Financial Modeling & Analysis Investing & Trading Money Management Tools Taxes Other Finance & Accounting
IT & Software
IT Certifications Network & Security Hardware Operating Systems & Servers Other IT & Software
Office Productivity
Microsoft Apple Google SAP Oracle Other Office Productivity
Personal Development
Personal Transformation Personal Productivity Leadership Career Development Parenting & Relationships Happiness Esoteric Practices Religion & Spirituality Personal Brand Building Creativity Influence Self Esteem & Confidence Stress Management Memory & Study Skills Motivation Other Personal Development
Design
Web Design Graphic Design & Illustration Design Tools User Experience Design Game Design 3D & Animation Fashion Design Architectural Design Interior Design Other Design
Marketing
Digital Marketing Search Engine Optimization Social Media Marketing Branding Marketing Fundamentals Marketing Analytics & Automation Public Relations Paid Advertising Video & Mobile Marketing Content Marketing Growth Hacking Affiliate Marketing Product Marketing Other Marketing
Lifestyle
Arts & Crafts Beauty & Makeup Esoteric Practices Food & Beverage Gaming Home Improvement & Gardening Pet Care & Training Travel Other Lifestyle
Photography & Video
Digital Photography Photography Portrait Photography Photography Tools Commercial Photography Video Design Other Photography & Video
Health & Fitness
Fitness General Health Sports Nutrition & Diet Yoga Mental Health Martial Arts & Self Defense Safety & First Aid Dance Meditation Other Health & Fitness
Music
Instruments Music Production Music Fundamentals Vocal Music Techniques Music Software Other Music
Teaching & Academics
Engineering Humanities Math Science Online Education Social Science Language Learning Teacher Training Test Prep Other Teaching & Academics
Web Development JavaScript React CSS Angular Node.Js PHP HTML5 WordPress
AWS Certification Microsoft Certification AWS Certified Solutions Architect - Associate AWS Certified Cloud Practitioner CompTIA A+ Cisco CCNA Amazon AWS AWS Certified Developer - Associate Microsoft AZ-900
Microsoft Power BI SQL Tableau Business Analysis Data Modeling Business Intelligence Blockchain MySQL Data Analysis
Unity Game Development Fundamentals Unreal Engine C# 3D Game Development C++ 2D Game Development Unreal Engine Blueprints Mobile Game Development
Google Flutter Android Development iOS Development React Native Swift Dart (programming language) Mobile Development Kotlin SwiftUI
Graphic Design Photoshop Adobe Illustrator Drawing Digital Painting InDesign Canva Art Composition Design Theory
Life Coach Training Neuro-Linguistic Programming Personal Development Personal Transformation Mindfulness Life Purpose Meditation CBT Cognitive Behavioral Therapy Sound Therapy
Business Fundamentals Entrepreneurship Fundamentals Freelancing Business Strategy Business Plan Startup Online Business Blogging Home Business
Digital Marketing Social Media Marketing Marketing Strategy Internet Marketing Google Analytics Email Marketing Copywriting YouTube Marketing Advertising Strategy

IT & Software Network & Security Bug Bounty

Ethical Hacking / Penetration Testing & Bug Bounty Hunting

Complete Practical Course on Ethical Hacking, Penetration Testing and Bug Bounty Hunting with Live Attacks
Rating: 4.8 out of 54.8 (1,198 ratings)
5,836 students
Created by Rohit Gautam, Shifa Cyclewala, Hacktify Cyber Security
Last updated 3/2021
English
English

What you'll learn

  • OWASP 10 and Fundamentals
  • OWASP Top 10 2013 vs 2017
  • Bug Bounty Hunting - Live
  • Tips and Tricks to hunt bugs
  • BreakDown of Hackerone Reports for better understanding
  • Interview Preparation Questions Answers and Approach
  • Web Application Penetration Testing - Live
  • Become a bug bounty hunters & Hunt on Live Websites
  • Intercept requests using a Burpsuite proxy
  • Gain full control over target server using Authentication Bypass Attacks
  • Gain full control over target server using Captcha Bypass Attacks
  • Gain full control over target server using OTP /2FA Bypass Attacks
  • Discover Vulnerabilities, technologies & services used on target website.
  • Authentication Bypass Interview Questions and Answers
  • Hunt Basic XSS Vulnerabilities on Live Environments
  • Exploit and perform Acccount Takeovers on Live websites
  • Authentication Bypass Mitigations and Fixes
  • Authentication Bypass Breakdown of Hackerone Reports
  • Breakdown of No-Rate Limit of all Hackerone Reports by Hackers
  • Hunt Advance XSS Vulnerabilities by Filter and WAF Bypass
  • Hunt Vulnerabilities and Bug Bounty using XSS vulnerabilities.
  • Fix and Mitigations against XSS Vulnerabilities
  • Authentication Bypass Bonus Tips and Tricks
  • Practical Tips and Tricks for hunting XSS Live
  • Breakdown of XSS of all Hackerone Reports by Hackers
  • Interview Questions and Answers for XSS Attacks
  • Gain full control over target server using CSRF Attacks
  • Hunt Vulnerabilities using Advance CSRF Techniques
  • Perform Complete Account Takeover using CSRF on Lab
  • Perform Complete Account Takeover using CSRF on Live
  • Hunt Advance CSRF Vulnerabilities by Filter Bypass
  • Fix and Mitigations against CSRF Vulnerabilities
  • Practical Tips and Tricks for hunting CSRF Live
  • Breakdown of CSRF of all Hackerone Reports by Hackers
  • Interview Questions and Answers for CSRF Attacks
  • Gain full control over target server using CORS Attacks
  • Hunt Vulnerabilities using Advance CORS Techniques
  • Exfiltrating Sensitive Information by CORS Vulnerabiltiy
  • Fix and Mitigations against CORS Vulnerabilities
  • Practical Tips and Tricks for hunting CORS Live
  • Breakdown of CORS of all Hackerone Reports by Hackers
  • Hunt Vulnerabilities using No Rate-Limit Techniques
  • Complete Account Takeover at by No Rate-Limit Vulnerability
  • Fix and Mitigations against No Rate-Limit Vulnerabilities
  • Practical Tips and Tricks for hunting No Rate-Limit Live
  • Interview Questions and answers of CORS
  • Bug Bounty - Roadmap for Hackerone
  • Bug Bounty - Roadmap for Bugcrowd
  • Bug Bounty - Roadmap for OpenBugBounty
  • Bug Bounty - Roadmap for NCIIPC (Govt of India)
  • Bug Bounty - Roadmap for RVDP All Programs
  • Reporting Templates
  • Live Shodan Hunting
  • Live CVE Hunting

Requirements

  • Basic IT Skills
  • No Linux, programming or hacking knowledge required.
  • Computer with a minimum of 4GB ram/memory & Internet Connection
  • Operating System: Windows / OS X / Linux

Description

Welcome to Ethical Hacking / Penetration Testing and Bug Bounty Hunting Course. This course covers web application attacks and how to earn bug bounties. There is no prerequisite of prior hacking knowledge and you will be able to perform web attacks and hunt bugs on live websites and secure them.

This course is not like other hacking or penetration testing course with outdated vulnerabilities and only lab attacks. This contains maximum live websites to make you comfortable with the Live Hunting Environment.

This course will start from basic principles of each vulnerability and How to attack them using multiple bypass techniques, In addition to exploitation, you will also learn how to fix them.

This course is highly practical and is made on Live websites to give you the exact environment when you start your penetrating testing or bug hunting journey.

We will start from the basics of OWASP to the exploitation of vulnerabilities leading to Account Takeover on live websites.

This course is divided into a number of sections, each section covers how to hunt, exploit and mitigate a vulnerability in an ethical manner.

After identification of a vulnerability, we will exploit to leverage the maximum severity out of it. We will also learn how to fix vulnerabilities which are commonly found on the websites on the internet.

In this course, you will also learn How can you start your journey on many famous bug hunting platforms like Bugcrowd, Hackerone and Open Bug Bounty.

Along with this, you will be able to hunt and report vulnerabilities to NCIIPC Government of India, also to private companies and to their responsible disclosure programs.

You will also learn Advance techniques to bypass filters and the developers logic for each kind of vulnerability. I have also shared personal tips and tricks for each attacks where you can trick the application and find bugs quickly.

This course also includes the Breakdown of all Hackerone Reports which are found and submitted by other hackers for better understanding as we will cover each type of technique in the course.

This course also includes important interview questions and answers which will be helpful in any penetrating testing job interview.



Here's a more detailed breakdown of the course content:

In all the sections we will start the fundamental principle of How the attack works, Exploitation and How to defend from those attacks.


In OWASP, We will cover what is OWASP and Top 10 vulnerabilities.

We will also understand what is the difference between owasp 2013 vs 2017.


1. In Cross site scripting XSS, we will cover all diff types of attacks like Reflected XSS, Stored XSS and DOM XSS. In addition, we will learn Advance Exploitation for Limited Inputs and Filter Bypass.

We will see all the types of XSS attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.

We will also cover different ways to perform XSS Exploitation using multiple types of payloads like Phishing, File Upload, Cookie Stealing and Redirection.

We will also see the exploitation of Blind XSS which generally other researchers miss out.

This course also includes a breakdown of all the Hackerone reports submitted by other hackers for XSS type of vulnerability wherein we will see and practice all types of attacks in our course.

In the end, we will also cover mitigations to secure a website and prevent these types of attacks.

In the end, I have added Interview Questions and answers which be helpful for you when XSS questions are asked in any job or internship.


2. In Authentication Bypass, we will cover all diff types of ways to attack like OTP Bypass, 2FA Bypass, Captcha bypass, Email Verification Bypass etc. So we will perform all the ways to attack protection on websites.

We will see all the types of Authentication bypass on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.

We will also cover different ways to perform Auth Bypass Exploitation using different techniques.

This course also includes a breakdown of all the Hackerone reports submitted by other hackers for Authentication Bypass type of vulnerability wherein we will see and practice all types of attacks in our course.

In the end, we will also cover mitigations to secure a website and prevent these types of attacks.

I have added Interview Questions and answers which be helpful for you when Auth Bypass questions are asked in any job or internship.


3. In No Rate-Limit Attacks, we will check this vulnerability for different injection points, In addition, we will learn how to find these types of vulnerabilities in signup/creation of account or Login using password or verification of OTP or Tokens.

We will see all the types of No Rate-Limit attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.


We will also cover different ways to perform No RL Exploitation using multiple types by automated spoofing our IP address on each request the same way this bug was found on Instagram and was awarded $15000 bounty.

We will also cover how to throttle our requests by changing the requests and giving delay between each simultaneous request to bypass IDS and RateLimit checkers on the server-side.


We will also see the exploitation of No RL on various injection points which generally other researchers miss out.

This course also includes a breakdown of all the Hackerone reports submitted by other hackers for No RL type of vulnerability wherein we will see and practice all types of attacks in our course.

In the end, we will also cover mitigations to secure a website and prevent these types of attacks.



4. In CSRF Attacks, we will check this vulnerability for different injection points, In addition, we will learn how to find these types of vulnerabilities can lead to Account Takeover by changing the email and password.

We will see all the types of CSRF attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.

We will also cover different ways to perform CSRF attacks and bypass CSRF protection on many live websites.

This course also includes a breakdown of all the Hackerone reports submitted by other hackers for No RL type of vulnerability wherein we will see and practice all types of attacks in our course.

In the end, we will also cover mitigations to secure a website and prevent these types of attacks.



5. In CORS Attacks, we will check this vulnerability for different injection points, In addition, we will learn how to find these types of vulnerabilities can lead to Sensitive Data Disclosure of other users.

We will see all the types of CORS attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.

We will also cover different ways to perform CORS attacks and bypass CORS protection on many live websites by using suffix and prefix types tricks.


This course also includes a breakdown of all the Hackerone reports submitted by other hackers for CORS type of vulnerability wherein we will see and practice all types of attacks in our course.

In the end, we will also cover mitigations to secure a website and prevent these types of attacks.


You will also get additional BONUS sessions, in which I m going to share my personal approach for hunting bugs. All the videos are recorded on Live websites so that you understand the concepts as well as you get comfortable to work on a live environment. I have also added Interview Questions and answers for each attack which will be helpful for those are preparing for Job Interviews and Internships in the field of Information Security.


With this course, you get 24/7 support, so if you have any questions you can post them in the Q&A section and we'll respond to you as soon as possible.

Notes:

  • This course is created for educational purposes only and all the websites I have performed attacks are ethically reported and fixed.

  • Testing any website which doesn’t have a Responsible Disclosure Policy is unethical and against the law, the author doesn’t hold any responsibility.

Who this course is for:

  • Anybody interested in learning website & web application hacking / penetration testing.
  • Any Beginner who wants to start with Penetration Testing
  • Any Beginner who wants to start with Bug Bounty Hunting
  • Trainer who are willing to start teaching Pentesting
  • Any Professional who working in Cyber Security and Pentesting
  • Ethical Hackers who wants to learn How OWASP Works
  • Beginners in Cyber Security Industry for Analyst Position
  • SOC person who is working into a corporate environment
  • Developers who wants to fix vulnerabilities and build secure applications

Course content

13 sections • 130 lectures • 11h 2m total length

  • Preview04:07
  • Disclaimer
    01:02
  • Course FAQ
    00:23
  • Rules for asking Questions
    00:33

  • Preview09:55
  • What is Broken Authentication
    02:57
  • What is Sensitive Data Exposure
    05:34
  • What is XML External Entities
    02:43
  • What is Broken Access Control
    04:11
  • What is Security Misconfiguration
    02:24
  • What is Cross Site Scripting (XSS)
    03:52
  • What is Insecure Deserialization
    02:07
  • What is Using Components with Known Vulnerabilities
    02:11
  • What is Insufficient Logging and Monitoring
    03:03
  • Revision of OWASP
    02:13

  • Burp Suite Proxy Lab Setup
    17:11
  • Burpsuite Setup Revision
    00:41

  • Preview05:46
  • Authentication Bypass Exploitation Live -2
    04:23
  • Authentication Bypass Exploitation Live -3
    02:51
  • Authentication Bypass Exploitation Live -4
    03:40
  • Authentication Bypass Exploitation Live -5
    04:33
  • Authentication Bypass Exploitation Captcha
    02:48
  • Authentication Bypass to Account Takeover Live -1
    05:35
  • Authentication Bypass to Account Takeover Live -2
    03:52
  • Authentication Bypass due to OTP Exposure Live -1
    04:11
  • Authentication Bypass due to OTP Exposure Live -2
    03:14
  • Authentication Bypass 2FA Bypass Live
    03:40
  • Authentication Bypass - Email Takeover Live
    05:58
  • Authentication Bypass Mitigations
    01:58
  • Authentication Bypass Interview Questions and Answers
    04:16
  • Authentication Bypass Revision
    01:30

  • No Rate-Limit leads to Account Takeover Live Type-1
    12:30
  • NO RL Alternative Tools Introduction
    01:57
  • No Rate-Limit leads to Account Takeover Live Type -2
    09:53
  • No Rate-Limit leads to Account Takeover Live Type -3
    05:34
  • No Rate-Limit leads to Account Takeover Live Type -4
    05:15
  • No Rate-Limit leads to Account Takeover Live Type -5
    05:26
  • No Rate-Limit to Account Takeover Live - Type 6
    06:58
  • No Rate-Limit to Account Takeover Live - Type 7
    06:10
  • No Rate-Limit Instagram Report Breakdown
    00:55
  • No Rate-Limit Instagram Report Breakdown 2
    04:15
  • No Rate Limit Bypass Report Breakdown
    05:29
  • No Rate Limit Bypass Report Breakdown 2
    05:21
  • No Rate-Limit to Tool Fake IP Practical
    04:02
  • No Rate-Limit test on CloudFare
    04:08
  • No Rate-Limit Mitigations
    02:03
  • Preview05:15
  • Burp Alternative : OWASP ZAP Proxy for No RL
    12:23
  • No Rate-Limit Revision
    02:00

  • Preview06:15
  • Reflected XSS on Live 1
    03:12
  • Reflected XSS on Live 2
    01:36
  • Reflected XSS on Live Manual Balancing
    09:52
  • Reflected XSS on Live 3 Balanced
    03:40
  • XSS on Limited Inputs Live 1
    03:20
  • XSS on Limited Inputs Live 2
    02:51
  • XSS in Request Headers - Live
    03:47
  • Reflected XSS Useragent and Caching
    06:41
  • Reflected XSS Email Validator Live
    04:49
  • Reflected XSS Protection Bypass Live 1 - Base64
    05:36
  • Reflected XSS Protection Bypass Live -2
    05:18
  • XSS using Spider
    06:31
  • XSS Bypass Right Click Disabled
    04:16
  • Blind XSS Exploitation
    05:54
  • Stored XSS Exploitation Live
    09:19
  • DOM XSS Name
    06:11
  • DOM XSS Redirect
    02:20
  • DOM XSS Index
    02:50
  • DOM XSS Automated Scanner
    12:05
  • Preview03:23
  • XSS Mouse on Lab
    02:54
  • XSS Mouse Live
    01:44
  • XSS Mouse Events All Types
    03:25
  • XSS Polyglots Live
    06:54
  • Preview02:17
  • XSS Exploitation - URL Redirection
    04:38
  • XSS Exploitation - Phishing
    04:05
  • XSS Exploitation Cookie Stealer Lab
    10:14
  • XSS Exploitation Cookie Stealer Live
    08:35
  • XSS Exploitation File Upload Type -2
    03:08
  • XSS Exploitation File Upload Type -3
    06:32
  • XSS Exploitation File Upload Type- 1
    03:23
  • XSS Mitigations
    02:19
  • XSS Bonus TIPS and TRICKS
    05:14
  • XSS Hackerone ALL Reports Breakdown
    08:31
  • XSS Interview Questions and Answers
    07:46
  • XSS Revision
    01:33
  • XSS Revision - 2
    01:53

  • How CSRF Works
    04:53
  • CSRF Alternative Tools Introduction
    02:17
  • CSRF on LAB
    02:54
  • CSRF on LAB - 2
    09:09
  • CSRF on Live -1
    01:30
  • CSRF on Live -2
    10:13
  • CSRF Password Change Lab
    03:28
  • CSRF Funds Transfer Lab
    03:05
  • CSRF Request Methods Trick - Lab
    03:32
  • CSRF to Account Takeover Live -1
    07:12
  • CSRF to Account Takeover Live -2
    07:38
  • Chaining CSRF with XSS
    02:27
  • CSRF Mitigations
    03:26
  • CSRF BONUS Tips and Tricks
    02:11
  • CSRF ALL Hackerone Reports Breakdown
    13:17
  • CSRF Interview Questions and Answers
    06:06
  • Alternative to Burpsuite for CSRF : CSRF PoC Generator
    13:01
  • CSRF Revision
    01:23

  • How CORS Works
    03:16
  • CORS 3 Test Cases Fundamentals
    08:51
  • CORS Exploitation Live -1 Exfiltration of Account Details
    02:31
  • CORS Exploitation Live -2 Exfiltration of Account Details
    04:59
  • CORS Live Exploitation -3
    01:45
  • CORS Exploitation Facebook Live
    02:04
  • CORS Live Prefix Match
    04:00
  • CORS Live Suffix Match
    04:11
  • CORS Mitigations
    02:13
  • CORS Breakdown of ALL Hackerone Reports
    10:55
  • CORS Revision
    00:48

  • BugCrowd ROADMAP
    17:41
  • Hackerone ROADMAP
    08:57
  • Open Bug Bounty ROADMAP
    08:00
  • NCIIPC Govt of Inida ROADMAP
    08:27
  • RVDP All Websites ROADMAP
    06:25
  • Bug Bounty Platforms
    00:05

  • Reporting Templates
    00:20

Instructors

Rohit Gautam
Founder & CEO of Hacktify Cyber Security
Rohit Gautam
  • 4.6 Instructor Rating
  • 2,152 Reviews
  • 25,724 Students
  • 6 Courses

I am Rohit Gautam the CEO & Founder of Hacktify Cyber Security

I am into Cyber Security Training for many years. Students have loved my courses and given 5 ★ Ratings and made Bestseller on Udemy

My students have been in the Top 15 Cyber Security Researchers of India twice in a Row.

Apart from training's, I'm a security researcher with special interest in network exploitation and web application security analysis and Red Teaming

I have worked for all the topmost banks of India in their VAPT Team.

I have worked with ICICI, Kotak, IDFC bank I have also experience working with NSDL and some financial organizations like Edelweiss

I have worked on many private projects with NTRO & Govt of India.

I was acknowledged with Swag, Hall of Fame, Letter Of Appreciation, and Monetary rewards by Google, Facebook, Conclusion, Seek, Trip Advisor, Riddlr, Hakon, Acorns, Faasos, and many more companies for finding out vulnerabilities in their organization and responsibly reporting it.



Shifa Cyclewala
Founder at Hacktify Cyber Security
Shifa Cyclewala
  • 4.6 Instructor Rating
  • 2,152 Reviews
  • 25,724 Students
  • 6 Courses

I am Shifa Cyclewala the Founder of Hacktify Cyber Security

I am into Cyber Security Training for many years. Students have loved our courses and given 5 ★ Ratings and made Bestseller across Mumbai

My students have been in the Top 15 Cyber Security Researchers of India twice in a Row.

Apart from training's, I'm a Security researcher and a Mobile Application Developer.

I have worked for all the topmost international schools of India as a technical Instructor.

I have worked with Software development Companies into their development team ZingHR was the last Organization i worked with.

I am Working towards development of Women in Cybersecurity and 

• Presented Cyber security awareness sessions in many colleges across Mumbai

• Speaker at VULNCON 2020

• Trained more than 30000+ individuals in Cyber Security

• Conducted more than 50 workshops pan India

• Invited as Keynote speaker at Rohidas Management Studies, A.E Khalsekar College, DY Patil College, Shah and Anchor Engineering College, KJ Somaiya etc..

• Invited as a Key Speaker at Women in Cyber Security (WCS) and Infosec Girls.

Hacktify Cyber Security
Pioneer in delivering quality Cyber Security Education
Hacktify Cyber Security
  • 4.6 Instructor Rating
  • 2,152 Reviews
  • 25,724 Students
  • 6 Courses

Hacktify Cyber Security provides quality trainings in field of Ethical Hacking, Bug Bounties, App Sec, Network Security, Mobile Security, Cloud Security and Cyber Forensics.

Innovative and realtime experience courses tailored for the Industry for hands-on and practical exposure

We believe and have a vision to educate and make professionals ready for the future.

  • Udemy Business
  • Teach on Udemy
  • Get the app
  • About us
  • Contact us
  • Careers
  • Blog
  • Help and Support
  • Affiliate
  • Investors
  • Impressum Kontakt
  • Terms
  • Privacy policy
  • Cookie settings
  • Sitemap
  • Accessibility statement
Udemy
© 2021 Udemy, Inc.