Thanks to visit codestin.com
Credit goes to www.scribd.com

0% found this document useful (0 votes)
19 views5 pages

Bug Hunting

The Bug Hunting Weekend Batch is an 8-week online course designed for individuals with basic web and network pentesting knowledge. It covers foundational concepts, common vulnerabilities, advanced techniques, and real-world exploits, including hands-on practice with tools like Burp Suite and SQLmap. The course culminates in a final challenge and provides career guidance for aspiring bug hunters.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
19 views5 pages

Bug Hunting

The Bug Hunting Weekend Batch is an 8-week online course designed for individuals with basic web and network pentesting knowledge. It covers foundational concepts, common vulnerabilities, advanced techniques, and real-world exploits, including hands-on practice with tools like Burp Suite and SQLmap. The course culminates in a final challenge and provides career guidance for aspiring bug hunters.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Bug Hunting - Weekend Batch

Duration: 8 Weeks (Weekends Only)​


Mode: Online​
Prerequisites: Basic Web & Network Pentesting, Knowledge of HTTP, Burp Suite

🗓️ Month 1: Foundations & Common Vulnerabilities


Week 1: Introduction to Bug Bounty & Reconnaissance

●​ Understanding Bug Bounty Platforms (HackerOne, Bugcrowd, Synack)​

●​ Setting Up Your Bug Hunting Environment (Kali Linux, Burp Suite, Automation Tools)​

●​ Reconnaissance Techniques:​

○​ Subdomain Enumeration (Subfinder, Assetfinder, Amass)​

○​ HTTP Probing (httprobe, httpx)​

○​ Screenshot Automation (Aquatone, Eyewitness)


○​ Osmedeus, reconftw, jeales ,nuclie​

●​ Hands-On: Recon on Public Bug Bounty Programs​


2

Week 2: Information Gathering & Target Profiling

●​ Identifying Technologies & Web Frameworks (Wappalyzer, BuiltWith)​

●​ Web Archive Analysis (Wayback Machine, gau, katana)​

●​ Extracting Sensitive Data (GitHub Dorking, Google Dorking)​

●​ Hands-On: Identifying Targets & Gathering Intel​

Week 3: Web Vulnerabilities (OWASP Top 10 - Part 1)

●​ Injection Attacks​

○​ SQL Injection (SQLmap, Manual Techniques)​

○​ NoSQL Injection & XML Injection​

●​ Authentication & Authorization Issues​

○​ Broken Authentication (JWT, OAuth Exploits)​

○​ Insecure Direct Object References (IDOR)​

●​ Hands-On: Testing & Exploiting OWASP Top 10 Issues on Bug Bounty Targets​

Week 4: Web Vulnerabilities (OWASP Top 10 - Part 2)


3

●​ Client-Side Vulnerabilities​

○​ Cross-Site Scripting (XSS) - Reflected, Stored, DOM-Based​

○​ Clickjacking & CSRF Exploitation​

●​ Server-Side Attacks​

○​ Server-Side Request Forgery (SSRF)​

○​ Remote Code Execution (RCE)​

●​ Hands-On: Bug Hunting in Real-World Applications​

🗓️ Month 2: Advanced Techniques & Real-World Exploits


Week 5: Business Logic & API Testing

●​ Identifying Business Logic Vulnerabilities​

●​ API Security Testing (Burp Suite, Postman)​

●​ GraphQL & REST API Exploits​

●​ Hands-On: API Bug Hunting on Public Targets​

Week 6: Advanced Bug Hunting Techniques


4

●​ Mass Vulnerability Scanning (nuclei, dalfox)​

●​ WAF Bypassing & Advanced Payloads​

●​ Race Conditions & Rate Limit Bypasses​

●​ Hands-On: Automating Bug Hunting with Custom Scripts​

Week 7: Mobile & Cloud Security Testing

●​ Mobile App Pentesting (Android & iOS) Basics​

○​ Reverse Engineering APKs (jadx, apktool)​

○​ Mobile API Testing (Burp Mobile Config)​

●​ Cloud Security Misconfigurations​

○​ S3 Bucket Enumeration & Exploitation​

○​ Firebase & Google Cloud Leaks​

●​ Hands-On: Testing Mobile & Cloud Targets​

Week 8: Reporting & Final CTF Challenge

●​ Writing High-Quality Bug Reports (PoC, Impact, Reproduction Steps)​


5

●​ Ethical Disclosure & Maximizing Bug Bounty Rewards​

●​ Final Capture The Flag (CTF) Challenge​

●​ Career Guidance & Next Steps in Bug Hunting​

🔧 Tools Covered:
🔹 Recon & OSINT: Amass, Subfinder, httpx, gau, katana​
🔹 Exploitation: Burp Suite, SQLmap, dalfox, ffuf​
🔹 Automation: Nuclei, GF Patterns, Custom Python Scripts​
🔹 Cloud & API: AWS CLI, Postman, GraphQL Explorer

You might also like