Offensive Bug Bounty – Hunter 2.0

سرفصل های دوره

A Dynamic Hands-on Course on Bug Bounty Hunting

1. Introduction

1. About Hunter 2.0

2. About Author

3. What you should know before taking this course

2. Recon for Bug Bounty Hunting

1. Subdomains of domain

2. Find Subdomains of Subdomains

3. Filter All the Live subdomains for Hunting

4. All subdomains https status code

3. Advance SQL Injection

1. GET - Error based - strip comments_

2. POST- Second Oder Injections Real treat ...

3. GET - Error based - All your OR & AND be ...

4. GET - Blind Based - All your OR & AND be ...

5. GET - Error based - All your SPACES and ...

6. GET - Blind Based - All your SPACES and ...

7. GET - Error Based- All your UNION & SELE ...

8. GET - Blind Based- All your UNION & SELE ...

9. GET - Error Based- All your UNION & SELE ...

10. GET - Blind Based- All your UNION & SELE ...

11. GET -Error based- IMPIDENCE MISMATCH- Ha ...

12. GET - BLIND - IMPIDENCE MISMATCH- Having ...

13. GET - BLIND - IMPIDENCE MISMATCH- Having ...

14. GET - Bypass custom filter adding slashe ...

15. GET - Bypass AddSlashes()

16. POST - Bypass AddSlashes()

17. POST - Bypass Add Slashes (we dont need ...

18. GET -Bypass MySQL Real Escape String

19. POST - Bypass MySQL Real Escape String

20. GET- Stacked Query Injection - String

21. GET - Stacked Query Injection - Intiger ...

22. GET - BLIND based - String - Stacked

23. GET - BLIND based - Intiger - Stacked

24. POST - Error based - String - Stacked

25. POST - Error based - String - Stacked -B ...

26. POST - Error based - String - Stacked - ...

27. GET - Error based - Numeric - ORDER BY C ...

28. GET - Error based - String - ORDER BY CL ...

29. GET - Error based - Blind- Numeric- ORDE ...

30. GET - Error based - String- Blind - ORDE ...

31. GET - Error based - ORDER BY CLAUSE -num ...

32. GET - Error based - ORDER BY CLAUSE-Stri ...

33. GET - Blind based - ORDER BY CLAUSE -num ...

34. GET - GET - Blind based - ORDER BY CLAUS ...

35. GET - challenge - Union- 10 queries allo ...

36. GET - challenge - Union- 14 queries allo ...

37. GET - challenge - Union- 14 queries allo ...

38. GET - challenge - Union- 14 queries allo ...

39. GET - challenge - Double Query- 5 querie ...

40. GET - challenge - Double Query- 5 querie ...

41. GET - challenge - Double Query- 5 querie ...

42. GET - challenge - Double Query- 5 querie ...

43. GET - challenge - Blind - 130 queries al ...

44. GET - challenge - Blind - 130 queries al ...

4. NO RATE LIMITING

1. Background Concept

2. No Rate Limiting Live Hunting 1

3. No Rate Limiting Live Hunting 2

4. No Rate Limiting Live Hunting 3

5. Reporting

5. Long Password Dos Attack

1. Background Concept

2. Long Password Dos Attack Hunting 1

3. Long Password Dos Attack Hunting 2

4. Long Password Dos Attack Hunting 3

5. Reporting

6. Buffer Overflow

1. Background Concept

2. Types of Buffer Overflow

3. Buffer Overflow Live Hunting

4. Buffer Overflow on browser

7. Android App Vulnerability Hunting

1. Background Concept

2. Intercepting mobile app traffic in burpsuite

3. Bypassing Android ssl pinning

4. Android App Live Hunting part 1

5. Android App Live Hunting part 2

6. Android App Live Hunting 2

7. Android App Live Hunting 3

8. Accont takeover through response interception

9. No rate limiting in android app

8. Hostile Subdomain Takeover

1. Background Concept

2. Hostile Subdomain Takeover Live Hunting 1

3. Hostile Subdomain Takeover Live Hunting 2

4. AWS S3 Bucket Takeover part 1

5. AWS S3 Bucket Takeover part 2

6. Hostile Subdomain Takeover Live Hunting 4

7. Hostile Subdomain Takeover Live Hunting 5

8. Hostile Subdomain Takeover Live Hunting 6

9. Insecure Direct Object Refernce

1. Background Concept

2. Idor Live Hunting 1

3. Idor Live Hunting 2

4. Idor Live Hunting 3

5. Idor Live Hunting 4

6. Account Takeover Idor

10. Wordpress

1. Background Concept

2. WPSCAN Overview

3. Hunting lab part 1

4. XML RPC ping Back

5. Blind RCE

6. CMS Map Overview

7. Hunting lab part 2

8. Live hunting 1

9. Live hunting 2

11. Joomla

1. Overview of joomla

2. Live hunting 1

3. Live hunting 2

4. Live hunting 3

5. Live hunting 4

6. Live hunting 5

12. Drupal

1. Background Concept

2. Drupal Vulnerability Hunting

3. Metasploit for Drupal

4. Live Hunting 1 RCE

5. Live Hunting 2 RCE and Others

6. Live Hunting Part 3

13. CMS Vulnerability Hunting

1. Overview of All Types of CMS

2. Background Concept about All types of CMS Vulnerabilities

3. Automated CMS Vulnerability Scanners

4. Automated CMS Vulnerability Scanners

14. Cross Site Request Forgery

1. Background Concept

2. Csrf Live Hunting 1

3. Csrf Live Hunting 2

4. Csrf Live Hunting 3

5. Csrf Live Hunting 4

6. Csrf Account Takeover

7. Reporting

15. HSTS

1. Background Concept

2. Hsts Live Hunting 1

3. Hsts Live Hunting 2

4. Reporting

16. Session Fixation

1. Background Concept

2. Session Fixation Live Hunting 1

3. Session Fixation Live Hunting 2

4. Session Fixation Live Hunting 3

17. Account Lockout

1. Background Concept

2. Account Lockout Hunting 1

3. Account Lockout Hunting 2

4. Account Lockout Hunting 3

5. Reporting

18. Server Side Request Forgery

1. SSRF Concept

2. Basic SSRF concept

3. SSRF to XSS

4. SSRF to read internal file

5. SSRF in FFMPEG

6. SSRF AWS cloud retrieve metadata

7. SSRF through html

19. Mobile App static code Analysis

1. Background Concept

2. Introduction to MobsF

3. Static Analysis with MobSf

4. Live Static Analysis

5. Static Analysis with Visual code Grepper

6. Live Static Analysis

7. All About AndroBug Framework

8. Hunting With Qark

9. Mobile App Static Analysis

20. Password Reset Poisoning

1. All about Password Reset Poisoning

2. Live Hunting 1

3. Live Hunting 2

4. Live Hunting 3

21. Android App Dynamic Analysis

1. Frida & Objection

2. Installation and Setting Up Frida & Objection

3. SSL Pinning Bypass with Frida

4. SSL Pinning Bypass with objection

5. Android Anti Root Bypass with Frida & Objection

6. Frida & Objection Conclusion

7. Introduction to AppMon

8. Android APP Tracer

9. Intruding in Android APP

10. All About Drozer

11. Hunting with Drozer

22. Blind XSS

1. Background Concept

2. Attack Points

3. Blind xss on Practice Web

4. Blind xss Live Hunting 1

5. Blind xss Live Hunting 2

6. Multiple Blind xss Payloads Execution 1

7. Multiple Blind xss Payloads Execution 2

8. Blind xss Live Hunting 3

9. Blind xss on DELL

23. Identity Management Testing

1. Identity Management Testing

2. Test Role Definitions 1

3. Test Role Definitions 2

4. Test User Registration Process

5. Test Account Provisioning

6. Testing for account enumeration and guessable user account

7. Test for weak or unenforced username policy

24. DIGGING INTO DIGITAL IMAGES EXIF Geolocation Data Not Stripped From Uploaded Im

1. Background Concept

2. Facebook Live Hunting

3. Live Bug Bounty Hunting on Google and others

4. Flickr & Pinterest Live Hunting

5. POC 1

6. POC 2

7. Conclusion

25. Application Server Vulnerabilities

1. Introduction

2. Testing for default credentials

3. Testing for default content

4. Dangerous http methods

5. Ways to detect http methods

6. Exploitation of dangerous methods

7. Application Server as proxy

8. Web server software bugs

9. Web server software bugs 2

10. Web server software bugs 3

26. Cryptography Vulnerabilities Bug Hunting

1. Cryptography related issues

2. Common Bugs in TLSSSL

3. Testing for weak ssltls ciphersprotocolkeys vulnerabilities

4. Checking for client renegotiation Manual Hunting

5. Testing ssltls Vulnerabilities

6. Testing ssltls Vulnerabilities part2

7. Breach Compression Attack

8. Poodle attack SSLV3 Live Hunting

9. Poodle attack SSLV3 Live Hunting 2

10. Why U should Hunt for Poodle Attack

27. Testing for Session Management

1. Session Management Issues

2. Bypassing Session Management Schema

3. Testing for Cookies Attributes

4. Cookies Attributes Live

5. Testing for Exposed Session Variables

6. Testing for Logout Functionality

7. Testing for Session Timeout

8. Session Mgmt Vuln on Password Reset or on other inj point

28. Exposed Source Code Control Systems

1. Background Concept Must watch

2. Find Source Code Control system using Burpsuite

3. Find Source Code Control system using dirb

4. Git Repository Dumper

5. Other Types of Source Code Control System Dump

6. Why Hunt and Extract Metadata of Repository

29. Apache Struts RCE Hunting and Exploitation

1. Apache Struts Vulnerability Details

2. Identify Apache Struts2 RCE Vuln

3. Exploit Apache Struts 2 RCE through Content Type

4. Exploit Apache Struts 2 RCE Live website 2

30. Comprehensive Command Injection

1. Comprehensive Command Injection

2. Steps to setup lab

3. Classic regular example

4. Classic (Base64) regular example

5. Classic (Hex) regular example

6. Classic single-quote example

7. Classic double-quote example

8. Classic blacklisting example

9. Classic hashing example

10. Classic example & Basic HTTP Authentication

11. Blind regular example

12. Double Blind regular example

13. Eval regular example

14. Eval (Base64) regular example

15. Classic (JSON) regular example

16. Eval (JSON) regular example

17. Preg_match() regular & blind example

18. Str_replace() regular example

19. Create_function() regular example

20. Regex for domain name validation

21. Nested quotes

31. Web cache deception

1. Background Concept

2. Exploitation Way

3. Live Demo 1

4. Live Demo 2

5. Live Demo 3

32. Server Side Includes Injection

1. Background Concept

2. More about SSI injection

3. Live SSI injection

4. Live SSI injection

5. Live SSI injection

33. Ticket Trick Bug Bounty

1. The HelpDesk let the Hacker in

2. Live Hunting Ticket Trick

3. Impact of Ticket Trick Hack

34. Evil way to Account Takeover

1. Evil Takeover Concept

2. Steps for Evil way Takeover

3. Live Demonstration of Evil Takeover

4. Successfully Evil Takeover

35. Multifactor Authentication

1. Background Concept

2. Live demonstration

3. Live Demonstration Part 2

36. HTTPOXY Attack

1. HTTPOXY Attack

2. Hunting for HTT POXY Attack

3. Second way to hunt HTT POXY Attack

4. Live hunting of HTTPOXY Vulnerability

5. Live hunting using tool

37. Shellshock bash RCE

1. Background Concepts

2. Shellshock bash RCE live demo

3. Live hunting Shellshock RCE

4. Live hunting for shellshock RCE 2

38. Apache http server byte range dos

1. Background Concept

2. Hunting apache range dos

3. Exploitation of apache range dos

39. Webmin unauthenticated RCE

1. Background Concept

2. Webmin unauthenticated RCE

40. Appweb authentication bypass

1. Background Concept

2. Live demo authentication bypass

3. Hunting for appweb authentication bypass

41. Nginx

1. Nginx Rate Filtering shaping overflow

2. Hunting For Nginx Rate Filtering shaping overflow

42. Adobe Coldfusion Vulnerabilities

1. Background Concepts

2. File read Vulnerability

43. Docker RCE

1. Docker API Unauthorized RCE

2. Enum For Docker API Services

3. Docker API Unauthorized RCE On lab

4. Docker API Unauthorized RCE Live

44. Postgres RCE

1. Postgresql Authenticated RCE

2. Postgres RCE On Lab

3. Live Hunting Postgres RCE

45. Apache Spark RCE

1. Apache Spark RCE

2. Hunting Apache Spark RCE Part 1

3. Hunting Apache Spark RCE Part 2

46. PHPMyadmin RCE

1. PHPMyadmin Authenticated RCE

2. Hunting RCE For Authenticated PHPMyadmin

3. PHPMyadmin Authenticated RFI

4. PHPMyadmin Authenticated LFI To RCE

47. Mysql Authentication Bypass

1. Mysql Authentication Bypass Vulnerability

2. Hunting For MySQL Authentication bypassing

3. Live Hunting For Mysql Auth bypass

48. DNS ZONE Transfer

1. DNS Zone transfer vulnerability

2. Live attack dns zone transfer

49. Flask (Jinja2) SSTI to RCE

1. Flask (Jinja2) Server side template injection

2. Exploitation of template injection

50. Hadoop Vulnerabilities

1. Hunting Hadoop Vulnerability

2. Nmap for Hadoop Vulnerability

3. Hunting for Hadoop

4. Browsing the HDFS Data Leak

5. Hadoop RCE

6. Live Hadoop Hunting

51. GIT Shell RCE

1. GIT Shell Bypass

2. Git Shell bypass Hunting

3. Git Shell Command Execution

52. REDIS RCE

1. Redis Unauthorised Access Vulnerability

2. Hunting For Unauthorised Access

3. Live Hunting

4. Redis RCE

53. Scrapyd RCE

1. Attack Scrapyd Crawler

2. Exploting Scrapyd

3. Live Hunting Scrapyd

54. Advance File Uploads

1. Lab Setup In Windows

2. Setting Up Labs

3. Upload Image by Blocking JavaScript

4. Content-Type Bypass

5. Suffix Blacklist Bypass

6. File Parsing Rules Bypass

7. Not Unified Case Of Suffix

8. Blacklist Bypassing Windows Feature

9. Blackist Bypassing Windows Feature More Lession 7

10. Blackist Bypassing Windows Feature More Lession 8

11. Blackist Bypassing Windows Feature More Lession 9

12. Double Write Bypass Method

13. Picture Prefix Bypass

14. GetImageSize Functionality Bypass

15. Php-Exif Module Bypass

16. Comprehensive Picture Horse Example

17. Conditional Race 1

18. Conditional Race 2

19. Nullbyte

55. CSRF Same Site Bypass

1. CSRF Same Site Bypass

2. CSRF Same Site Bypass lab

56. Session Puzzling

1. Session Puzzling

2. Session Puzzling Lab

3. Live Session Puzzling Test Cases

57. JWT Token Attack

1. JWT

2. Issues Of JWT tokens

3. JWT None Algorithm

4. JWT Weak Secret used as a Key

5. JWT Signature RS256 To HS256

58. Email Bounce Issues

1. Email Bounce Issues

2. Email Bounce Live

3. Email Bounce Exploit Impact

59. IVR Call Request Crash

1. IVR Call Request Crash

2. Live IVR Call Crash

60. Obscure Email Vulnerability

1. Obscure Email

2. Live Hunting Obscure Email Vulnerability

61. AWS Pentesting

1. Background Concept

2. AWS Attack Vector

3. Attacker Motivation

4. Bucket Listing Access Permission Set to Everyone

5. Bucket Listing Any AWS Authenticated User

6. Leaking AWS Keys by commiting GIT REPO

7. EC2 Snapshot Accesible to ALL AWS USER

8. Exposed Proxy Access to Instance Metadata

9. Excessive Permission are Given

10. Privilege Escalation by Rollback

11. Privilege Escalation Automation

12. AWS Cloud Breach

13. AWS EC2 SSRF

14. CODEBUILD Secrets

15. RCE WEB APP

16. RCE WEB APP Part 2

17. Input Validation Vulnerability

18. Open Container Images

19. SSRF to Private IP Instance MetaData

74,300 تومان

خرید اشتراک افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: Udemy