English | Size: 5.24 GB
Genre: eLearning
What you’ll learn
Learn Penetration Testing from scratch to become a bug bounty hunter and web security expert
Discover, exploit, and mitigate all types of web vulnerabilities. Secure any of your future applications using best practices
Setting up your Hacking Lab: Kali Linux and Virtual Machines (Works with Windows/Mac/Linux)
How to make money from Bug Bounty Hunting and make a career of it
Attacking Systems With Known Vulnerabilities
Website Enumeration & Information Gathering
Bug Hunter and the Burpsuite Tool
HTML Injections
Command Injection/Execution
Broken Authentication
Brutefroce Attacks
Broken Access Control
Security Misconfiguration
Cross Site Scripting – XSS
SQL Injection
XML, XPath Injection, XXE
Logging And Monitoring Best Practices
Web Fundamentals
Networking Fundamentals
Linux Terminal Fundamentals
Just updated with all modern Bug Bounty and Penetration Testing tools and best practices for 2022! Join a live online community of over 600,000+ students and a course taught by industry experts. This course will take you from absolute beginner, all the way to becoming a security expert and bug bounty hunter to improve security for your clients and any future web applications you may create!
This course is focused on learning by doing. We are going to teach you how penetration testing works, by actually practicing the techniques and methods used by bug bounty hunters today. We will start off by creating our virtual hacking lab to make sure we keep your computers safe throughout the course, as well as doing things legally, and having our computers set up for penetrations testing.
We dive into topics like:
1) Introduction To Bug Bounty:
Here we just touch on theory of what exactly is Bug Bounty and Penetration Testing
Quick example of one vulnerability that we will cover.
Pen Tester career path.
2) Our Virtual Lab Setup:
Create our virtual lab that we will use throughout the course (Kali Linux machine).
Install a vulnerable VM called OWASPBWA that we will attack.
Create an online account on TryHackMe platform.
With almost every vulnerability, we will cover an example on TryHackMe and also on our vulnerable Virtual Machine.
From here choose 2 different paths depending on the knowledge that you already have.
3) Website Enumeration & Information Gathering
This is where we start with the practical Bug Bounty/ Website Penetration Testing. We cover numerous tactics and tools that allow us to gather as much information about a certain website. For this, we use different tools like Dirb, Nikto, Nmap. We also use google hacking which is useful skill to have once tools are not available.
4) Introduction To Burpsuite
This is a very important tool for a Bug Hunter. Pretty much every Bug Hunter out there knows about this tool (and probably uses it). It has many different features that make hunting for bugs easier. Some of those features are crawling the webpage, intercepting and changing HTTP requests, brute-force attacks and more.
5) HTML Injection
This is our first bug. It’s also one of the easiest so we start with it. HTML injection is essentially just finding a vulnerable input on the webpage that allows HTML code to be injected. That code is later rendered out on the page as real HTML.
6) Command Injection/Execution
Our first dangerous bug. Injecting commands is possible when server runs our input through its system unfiltered. This could be something like a webpage that allows us to ping other websites but doesn’t check whether we inputed a different command other than the IP address that it needs. This allows us to run commands on the system, compromise system through a reverse shell and compromise accounts on that system (and all the data).
7) Broken Authentication
This is another vulnerability that occurs on websites. It essentially refers to weakness in 2 areas session management and credential management. It allows the attacker to impersonate legitimate users online. We show different examples through cookie values, HTTP requests, Forgot password page etc.
8) Brutefroce Attacks
This can be a problem even if the website is secure. If client has an easy and simple password set, then it will be also easy to guess it. We cover different tools used to send lots of password on the webpage in order to break into an account.
9) Sensitive Data Exposure
This isn’t a vulnerability in the system. Instead it’s when developers forget to remove important information during production that can be used to perform an attack. We cover an example where developer forgot to remove the entire database from being accessible to regular users.
10) Broken Access Control
Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification or destruction of all data, or performing a business function outside of the limits of the user. Here we cover a vulnerability called Insecure direct object reference. A simple example would be an application that has user IDs in the URL. If it doesn’t properly store and manage those IDs an attacker could potentially change the ID and access the information of another user.
11) Security Misconfiguration
We put this as a separate section, however all the previous vulnerabilities also belong to it. Here we show an example of a vulnerability where the admins of websites haven’t changed the default credentials for a certain application that runs on their server.
12) Cross Site Scripting – XSS
This is a big vulnerability and is very common in many websites out there. This vulnerability allows us to execute Javascript code on the webpage. This is due to user input not being well filtered and processing the input as javascript code. There are 3 main types of XSS which are Stored, Reflected and DOM based XSS. We cover these 3 plus some unusual ones.
13) SQL Injection
Another big vulnerability out there and a really dangerous one. Many websites communicate with the Database, whether it being a database that stores product information or user information. If the communication between the user and the database is not filtered and checked, it could allow the attacker to send an SQL query and communicate with the database itself, allowing them to extract the entire database or even delete it. There are couple of types of SQL injection such as Error based or Blind SQL injection.
14) XML, XPath Injection, XXE
XXE or XML External Entity is a vulnerability that allows an attacker to interfere with a website that processes XML data. It could allow the attacker to run a reverse shell or read files on the target system making it another severe vulnerability.
15) Components With Known Vulnerabilities
Even if the website might not be vulnerable, the server might be running some other components/applications that have a known vulnerability that hasn’t been patched yet. This could allow us to perform various types of attacks depending on what that vulnerability is.
16) Insufficient Logging And Monitoring
Logging and monitoring should always be done from security standpoint. Logging allows us to keep track of all the requests and information that goes through our application. This can help us determine whether a certain attack is taking place or if the attack already happened, it allows us to examine it a little deeper, see which attack it was, and then apply that knowledge to change the application so that the same attack doesn’t happen again.
17) Monetizing Bug Bounty Hunting
After practicing and covering all the vulnerabilities, it’s important to mention how we can monetize our knowledge. We mention different platforms that can be used to start your career as a bug hunter, and we also take one platform as an example to show how a bug bounty program looks like and what to pay attention to when applying.
18) Bonus – Web Developer Fundamentals
For anyone lacking some knowledge in Web Development or knowledge in how exactly websites work and are structured
19) Bonus – Linux Terminal
For anyone lacking some knowledge in simple usage of linux terminal as we will be using it throughout the course
20) Bonus – Networking
Fundamentals of networking and some basic terms used as Penetration Testers or Bug Bounty hunters.
Who this course is for:
Anybody interested in becoming a bug bounty hunter or penetration tester
Anybody interested in web security and how hackers take advantage of vulnerabilities
Anybody looking to go beyond a normal “beginner” tutorial that doesn’t give you a chance to practice
Any developer looking to secure their web applications and servers from hackers
nitro.download/view/D0C0F68837610BE/Web-Security-Bug-Bounty-Learn-Penetration-Testing-in-2022.18.2.part1.rar
nitro.download/view/1A70D95E916769D/Web-Security-Bug-Bounty-Learn-Penetration-Testing-in-2022.18.2.part2.rar
nitro.download/view/3437CE093043EB8/Web-Security-Bug-Bounty-Learn-Penetration-Testing-in-2022.18.2.part3.rar
nitro.download/view/78DB31F6856F0C5/Web-Security-Bug-Bounty-Learn-Penetration-Testing-in-2022.18.2.part4.rar
nitro.download/view/03C6D04915E6C50/Web-Security-Bug-Bounty-Learn-Penetration-Testing-in-2022.18.2.part5.rar
nitro.download/view/81D3F45D1CB1EE0/Web-Security-Bug-Bounty-Learn-Penetration-Testing-in-2022.18.2.part6.rar
rapidgator.net/file/3c7b9b10accb3031ed86d217e09d0a4a/Web-Security-Bug-Bounty-Learn-Penetration-Testing-in-2022.18.2.part1.rar.html
rapidgator.net/file/ad7c78739bf480ce73cf59d3cfa9d9fe/Web-Security-Bug-Bounty-Learn-Penetration-Testing-in-2022.18.2.part2.rar.html
rapidgator.net/file/6dc543500dea768ba86fcceede5cca55/Web-Security-Bug-Bounty-Learn-Penetration-Testing-in-2022.18.2.part3.rar.html
rapidgator.net/file/1842731c6f7904800bd4bd42640a25bf/Web-Security-Bug-Bounty-Learn-Penetration-Testing-in-2022.18.2.part4.rar.html
rapidgator.net/file/52c3ef70a9d426aeb13f8dd747cc67c0/Web-Security-Bug-Bounty-Learn-Penetration-Testing-in-2022.18.2.part5.rar.html
rapidgator.net/file/2bf9724f474bc77ee8df855e9ef5d1f4/Web-Security-Bug-Bounty-Learn-Penetration-Testing-in-2022.18.2.part6.rar.html
If any links die or problem unrar, send request to
forms.gle/e557HbjJ5vatekDV9