Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
204 views8 pages

Bug Hunting Live Training

Uploaded by

sivakarthik88107
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
204 views8 pages

Bug Hunting Live Training

Uploaded by

sivakarthik88107
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

EARN YOUR LIFE FIRST BOUNTY

BUG HUNTING
LIVE TRAINING

PROGRAM DURATION

3 Months
PROGRAM OVERVIEW

Welcome to Bug Training Live Training.


This Training covers web application attacks and
how to earn bug bounties. There is no prerequisite
of prior hacking knowledge and
you will be able to perform web attacks and hunt
bugs on live websites and secure them.

This Training is not like other hacking or penetration testing


Training with outdated vulnerabilities and only lab attacks. This
contains maximum live websites to make you comfortable with
the Live Hunting Environment.
This course is highly practical and is made on Live websites to
give you the exact environment
TRAINING CONTENT:

Module 1 : Introduction to Bug Bounty Programs


What is Bug Bounty?
How Bug Bounties Work
Bug Bounty Platforms Overview
Setting Expectations: Rewards, Reports, and Disclosures
Understanding Bug Bounty Program Policies

Module 2 : Understanding Web Fundamentals


What is the Internet?
IP Address, DNS, and Ports
How Websites Work (Backend vs Frontend)
Web Application Infrastructure
HTTP Response Codes Explained
Making Requests with Proxy Tools (Caido & BurpSuite
Overview)
Introduction to Regular Expressions (RegEx)
Module 3 : Reconnaissance and Information Gathering
Reconnaissance Basics: How to Approach a Target
Subdomains Explained & Discovery Techniques
Google Dorking
Certificate Transparency and Tricks
Shodan Explained & Examples
Port Scanning with Hands-On Labs
Module 4 : Cross-Site Scripting (XSS)
Different Types of XSS (Reflected, Stored, Blind)
Bypassing XSS Filters (Tips & Tricks)
Content Security Policy (CSP) Bypasses
Real-World XSS Exploitation and Case Studies

Module 5 : Cross-Site Request Forgery (CSRF)


CSRF Explained (GET & POST requests)
Bypasses and Exploitation Tips
Escalating Self-XSS with CSRF

Module 6 : Server-Side Request Forgery (SSRF)


SSRF Explained & Hands-On Labs
Blacklisted/Whitelisted Resources Bypasses
SSRF with Open Redirects, HTML Injection, XSS, and XXE
Blind SSRF Exploitation

Module 7 : SQL Injection


Structured Query Language (SQL) Basics
Error-Based, Boolean-Based, and Blind SQL Injection
Exploiting SQLi for Data Enumeration and Exfiltration
Real-World SQLi Case Studies
Module 8 : File Upload Vulnerabilities
Exploiting File Uploads for XSS & Remote Code
Execution (RCE)
Understanding File Upload Security Measures and
Bypasses

Module 9 : Server-Side Vulnerabilities


Command Injection & Code Injection with RCE Labs
XXE Vulnerabilities and Exploitation

Module 10 : Authentication and Session Exploitation


JSON Web Tokens (JWT) and Weak Credential Exploitation
Username Enumeration Techniques
Brute Force Techniques & Tools
Exploiting One-Time Passwords (OTP)
Password Reset Token Bypass Methods
Forced Password Resets & Account
Takeover (IDOR, OAuth, Mass Assignment)

Module 11 : Advanced Exploitation Techniques


Bypassing API Authentication using X-Forwarded-For
Exploiting Single Sign-On (SSO) Mechanisms
OAuth Flows and Account Takeovers
Real-World Account Takeover Examples (XSS, Invite
Systems)
Module 12 : Advanced Recon Techniques
Google Dorking for Sensitive Information
Advanced Subdomain Discovery with Subfinder & Shodan
HTTPx for Information Gathering

Module 13 : Practical Labs & Hands-On Hacking


XSS Labs (multiple levels)
SSRF Labs (contextual exploitation)
SQL Injection Labs (error-based, blind)
Local File Read & File Upload Exploitation
Hands-on Labs for IDOR and CSRF
Real-World Recon Case Studies

Module 14 : Report Writing & Vulnerability Submission


How to Write Effective Bug Bounty Reports
Examples: Writing Reports for IDOR & XSS
Understanding CVSS Scoring for Vulnerability Severity
Bugcrowd’s Vulnerability Rating Taxonomy (VRT)
Explained

Module 15 : Bug Bounty Resources & Tools


Key Resources for Continuous Learning
Tools Overview: Caido, BurpSuite, Subfinder, Shodan,
HTTPx, etc.
Ongoing Development & Staying Updated in Bug
Bounties
PREVIOUS BUG BOUNTIES

Many More ...


CONNECT LINKS

www.thetechuniqueacademy.com

@Thetechunique Academy

@Thetechunique

@Thetechunique Academy

@thetechunique

Office - Nai Bazar Ali mirja road Muzaffarpur


+918235943260 ,Bihar 842001
[email protected]

You might also like