NetworkChuck Premium

access this course and more with

What you'll learn

  • Learn 10+ different vulnerability types

  • Basics of Reconnaissance

  • Understand how bug bounties work

  • Includes practical hands on labs to practice your skills

  • Ability to exploit basic web application vulnerabilities

  • How to approach a target

  • Write better bug bounty reports

  • Hack Websites for Ethical Hacking

Requirements

  • Basic understanding of web technology
  • Linux basics
  • Reliable internet connection.

Description

Welcome to Intro to Bug Bounty Hunting and Web Application Hacking, your introductory course into practical bug bounty hunting. Learn ethical hacking principles with your guide and instructor Ben Sadeghipour (@NahamSec). During the day, Ben works as the head of Hacker Education at HackerOne. During his free time, Ben produces content on Twitch and YouTube for other hackers, bug bounty hunters, and security researchers. This course serves as a comprehensive guide and answers the number one question he receives, "how do I get started?"




This course will feature:


An overview of 10+ vulnerability types and how to find them.


Hands-on labs for each vulnerability type where Ben will walk you through how each bug works and how they can be further exploited.


A practical lab where students will be attacking a fake organization to test out their newly acquired skills.


An introduction to recon including asset discovery and content discovery.


You will learn the tools of the trade and how to set up your hacking lab


Introduction to bug bounty programs, how to read the scope, how to write a report a good report, and how to get your first invitation to a private bug bounty program!


This course will be updated based on changing bug types, recon tactics, and your feedback! Purchase of the course gets you lifetime access to all information and updates.




Notes & Disclaimer


This course will be updated regularly as new information becomes available. Ben is committed to providing as much assistance as possible and will be answering relevant questions within 48 hours. Please don't be discouraged if you don't immediately find a bug, this field is for resilient people committed to learning and figuring things out without much direction. Google will be your friend, and we encourage you to try things before immediately asking for a solution.


This course is meant for educational purposes only. This information is not to be used for black hat exploitation and should only be used on targets you have permission to attack.

Course curriculum

  • 01

    Section 1: Into to Bug Hunting - Course Overview

    • 01. Intro To Bug Hunting

  • 02

    Section 2: HTTP Basics

    • 02. HTTP Slides

    • 03. HTTP Lab

  • 03

    Section 3: Open Redirect

    • 04. Open Redirect Slides

    • 05. Open Redirect Lab

  • 04

    Section 4: Cross-Site Scripting (XXS)

    • 06. XSS Slides

    • 07. XSS Lab 01

    • 08. XSS Lab 02

    • 09. XSS Lab 03

    • 10. XSS Lab 04

    • 11. XSS Recap

  • 05

    Section 5: Cross-Site Request Forgery (CSRF)

    • 12. CSRF Slides

    • 13. CSRF Recap

  • 06

    Section 6: Insecure Direct Object Reference (IDOR)

    • 14. IDOR Slides

    • 15. IDOR Lab

    • 16. IDOR Recap

  • 07

    Section 7: Local File Disclosure (LFD)

    • 17. LFD Slides

    • 18. LFD Lab

    • 19. LFD Recap

  • 08

    Section 8: SQL Injection

    • 20. SQL Injection Slides

    • 21. SQL Injection Slides 02

    • 22. SQL Injection Lab 01 - Error Based

    • 23. SQL Injection Lab 02- Blind

    • 24. SQL Injection Lab 03 - SQLMap Demo

    • 25. SQL Injection Recap

  • 09

    Section 9: Server Side Request Forgery (SSRF)

    • 26. SSRF Slides

    • 27. SSRF Lab 01 - Netcat

    • 28. SSRF Lab 02 - Burp Collaborator

    • 29. SSRF Lab 03 - Whitelisting

    • 30. SSRF Lab 04 - Blind SSRF

    • 31. SSRF Lab 05 - Blacklisting

    • 32. SSRF Recap

  • 10

    Section 10: XML External Entity (XXE)

    • 33. XXE Slides

    • 34. XXE Lab 01

    • 35.XXE Lab 02

    • 36. XXE Recap

  • 11

    Section 11: Remote Command Execution (RCE)

    • 37. RCE Slides

    • 38. RCE Lab 01 - Command Injection

    • 39. RCE Lab 02 - Remote Code Injection

    • 40. RCE Lab 03 - ?

    • 41. RCE Recap

  • 12

    Section 12: Testing File Uploaders

    • 42. File Uploads Slides

    • 43. File Uploads Lab 01 - XSS

    • 44. File Uploads Lab 02 - RCE

    • 45. File Uploads Recap

  • 13

    Section 13: Recon

    • 46. Recon Slides

    • 47. Recon Lab 01 - Google Dorking

    • 48. Recon Lab 02 - Certificate Transparency

    • 49. Recon Lab 03 - Censys

    • 50. Recon Lab 04 - Shodan

    • 51. Recon Lab 05 - Example Automation

    • 52. Recon Recap

  • 14

    Section 14: How to Setup Your Lab (Installing and Demos)

    • 53. Getting Your VPS'

    • 54. Go Language

    • 55. Burp Suite

    • 56. FFUF

    • 57. nmap

    • 58. nmap demo

    • 59. Sublister & Pip

    • 60. Amass

    • 61. Aquatone

    • 62. HTTP Probe

  • 15

    Section 15: Hands On Hacking

    • 63. Intro

    • 64. Hands on Hacking LFD

    • 65. Hands on Hacking XSS 01

    • 66. Hands on Hacking Labs XSS 02

    • 67. Hands on Hacking Labs XSS 03

    • 68. IDOR Exploitation Thought Process

    • 69. Hands on Recon - Content Discovery (nmap and FFUF)

    • 70. Hands on Recon - Aquatone Demo

    • 71. Dnsgen

    • 72. Hands on Recon Dnsgen Demo

    • 73. Content Discovery 02 - API

  • 16

    Section 16: Next Steps & Outro

    • 74. How to Write a Good Report

    • 75. Example Report & CVSS: IDOR

    • 76. HackerOne Hacktivity Intro

    • 77. Picking Your First Target

    • 78. HackerOne Invites

    • 79. HackerOne Directory and Dashboard

    • 80. Receiving Your First HackerOne Private Program Invitation

    • 81. How to Read Policies

  • 17

    Section 17: Resources

    • 82. Additional Resources