Well Come to DocxInfo
Best Seller Bug Bounty

Bug Bounty from Scratch

Learn to hunt for high-impact vulnerabilities and become a bug hunting pro, mastering bug bounties from recon to report!.

(1.2K reviews)
4.2K likes
2 hours Live Class

Bug Bounty

A bug bounty course trains participants in ethical hacking, covering web security, tools, techniques, case studies, legal aspects, and responsible disclosure to identify software vulnerabilities.

What you'll learn

  • Understanding Security Protocols.
  • Penetration Testing Techniques.
  • Bug Bounty Tools.
  • Incident Response and Reporting
  • Legal and Ethical Aspects

1.1: Kali Linux Overview

1.2: Installing VMWare / Kali Linux

1.3: Navigating the File System

1.4: Users and Privileges

1.5: Repositories & Settings

1.6: Common Network Commands

1.7: Viewing, Creating, and Editing Files

1.8: Starting and Stopping Services

1.9: Installing and Updating Tools

2.1: Networking Concepts

2.2: Networking Devices, Protocols and Services, and Tools

2.3: OSI Model & TCP/IP Model, IP & MAC Addresses. Static & Dynamic IP

2.4: Portforwarding & Protocols: DNS, SSH, FTP, TELNET, HTTP, SSL, POP, SMB, RDP

2.5: VPN & Proxies, IP Addresses, VPS Server

3.1: Working Websites, Databases, Servers

3.2: Domain and Subdomain, API, HTTP and HTTPS

3.3: Security Header, Request and Response

3.4: URL and Domain, Session, Cookies

3.5: Types of Users, User Roles

3.6: Misconfiguration, Policies

3.7: Authentication & Authorization

4.1: Public Information, Whois-Registrant, Credentials Leaks

4.2: GitHub Dorks, Google Dorks, Google Dorks (All)

4.3: Shodan, Git, Email Tools, Social Media, Metadata

5.1: Subdomains Finding, Port Scanning

5.2: Technologies, DNS Enumeration

5.3: Content Discovery, Links

5.4: Parameters, Fuzzing

5.5: HTTP and HTTPS, Enumerate File

5.6: JS File

5.7: Ports Enumeration

5.8: Bruteforcing

5.9: Hash Cracking

5.10: Crawling

6.1: OWASP ZAP, dirb, gobuster

6.2: Burp Suite, ffuf, httpx, subfinder

6.3: curl, wget, Nikto, W3af

7.1: Debug Information Exposure

7.2: Sensitive Configuration Files

7.3: Unintended Data Exposure

7.4: Exposed API Endpoints

8.1: Unencrypted Data Transmission

8.2: Weak Encryption Algorithms

8.3: Insecure Storage of Sensitive Data

8.4: Improper Key Management

9.1: Default Credentials

9.2: Unnecessary Services

9.3: Verbose Error Messages

9.4: Incomplete Setup

10.1: Workflow Manipulation

10.2: Misuse of Business Rules

10.3: Race Conditions

10.4: Fraudulent Transactions

11.1: Information Leakage

11.2: Stack Traces Exposure

11.3: Custom Error Pages

11.4: Verbose Error Messages

12.1: UI Redress Attack

12.2: Transparent Iframes

12.3: Frame Busting Bypass

12.4: Social Engineering Clickjacking

13.1: Unsecured Admin Panels

13.2: Lack of Authentication Controls

13.3: Default Admin URLs

13.4: Accessing Admin Functions Without Privileges

14.1: Time-of-Check to Time-of-Use (TOCTOU)

14.2: Concurrent Process Exploitation

14.3: Transaction Manipulation

14.4: Resource Contention

15.1: Volume-Based Attacks

15.2: Protocol Attacks

15.3: Application Layer Attacks

15.4: Resource Exhaustion Attacks

16.1: Overly Broad API Responses

16.2: Leaking User Data

16.3: Detailed Error Messages

16.4: Unrestricted Access to Resources

17.1: Unvalidated Redirects

17.2: URL Manipulation

17.3: Phishing Attacks via Redirects

17.4: Open URL Parameter Attacks

18.1: Directory Traversal

18.2: Symbolic Link Traversal

18.3: Command Execution via Path Traversal

18.4: Accessing Sensitive Files

19.1: Credentials Stuffing

19.2: Brute Force

19.3: Session Hijacking

19.4: Weak Password Recovery Mechanisms

20.1: Insecure Direct Object References (IDOR)

20.2: Privilege Escalation

20.3: Cross-Domain Access

20.4: Forceful Browsing

21.1: Parameter Manipulation

21.2: URL Manipulation

21.3: Accessing User Data

21.4: Accessing Administrative Functions

21.5: Exploiting API Endpoints

22.1: Template Injection via User Input

22.2: Injection of Malicious Templates

22.3: Cross-Site Scripting via Templates

22.4: Malicious Variable Manipulation

23.1: Stored XSS (Persistent XSS)

23.2: Reflected XSS (Non-Persistent XSS)

23.3: DOM-based XSS

23.4: Blind XSS

23.5: Mutated XSS

23.6: Self-XSS

24.1: In-band SQLi

24.2: Inferential SQLi

24.3: Out-of-band SQLi

25.1: State-changing Requests

25.2: Data Theft

25.3: Login CSRF

25.4: Session Riding

26.1: Command Injection

26.2: Code Injection

26.3: Malicious File Upload

26.4: Deserialization Attack

26.5: Remote File Inclusion (RFI)

26.6: Server Misconfiguration

27.1: Internal Network Scanning

27.2: Accessing Metadata Services

27.3: HTTP Host Header Attacks

27.4: Third-party Service Exploitation

27.5: Local File Inclusion via SSRF

27.6: Blind SSRF

28.1: Path Traversal

28.2: Remote File Inclusion (RFI)

28.3: Log File Injection

28.4: File Inclusion via Null Byte

29.1: Unrestricted File Upload

29.2: Malicious File Upload

29.3: File Type Bypass

29.4: Exploiting Metadata

30.1: URL Injection

30.2: Remote File Upload

30.3: File Inclusion via PHP Wrappers

30.4: Server Misconfiguration

31.1: Shell Injection

31.2: SQL Command Injection

31.3: OS Command Injection

Top