Course curriculum

  • 01

    Section 1: Introduction

    • 1. Introduction

    • 2. What you need to know about bug bounties

    • 3. A look at bug bounties from all perspectives

  • 02

    Section 2: The Intricacies of Bug Bounties

    • 5. The Intricacies of bug bounties

    • Quiz 1: The Intricacies of bug bounties

    • Quiz 2: Let's pick a target

  • 03

    Section 3: Main App Methodology

    • 6. Main app methodology - Video

    • 7. Main app methodology

    • 8. Main app methodology demonstration on the owasp juice shop

    • 9. Main app methodology - Demonstrated

    • Quiz 3: Main app methodology

  • 04

    Section 4: Broad Scope Methodology

    • 10. Broad scope manual methodology

    • 11. Broad scope manual methodology

    • Quiz 4: Manual broad scope methodology

    • 12. Broad scope automated methodology

    • 13. Birdseye view of broad scope methodology

    • 14. Extra video: Quickly identify a target from a list of subdomains

    • Quiz 5: Broad scope automated methodology

  • 05

    Section 5: Attack Techniques: CSRF

    • 15. What exactly is CSRF and how does it happen?

    • 16. Attack techniques: CSRF

    • 17. Attack techniques: CSRF demonstration

    • 18. Attack techniques: CSRF

    • 19. Labs: CSRF basic labs

    • 20. Lab: CSRF on impactful functionality

    • 21. Solutions: CSRF on impactful functionality

    • 22. Video solution CSRF lab 5 - server does not check anything

    • Quiz 6: CSRF

  • 06

    Section 6: Attack Technique: Open Redirect

    • 23. Open redirects: What are they and how abuse them

    • 24. Open redirects: What are they and how to abuse them

    • 25. Labs: Open Redirect

  • 07

    Section 7: Attack Technique: Intro to JWT

    • 26. JWT tokens explained

    • 27. Labs: JWT Attack techniques

    • 28. JWT Extra resources

  • 08

    Section 8: Attack Techniques: CAPTCHA Bypass

    • 29. Captcha bypass

    • 30. Labs: Captcha bypass

    • 31. Labs: Instructions

    • 32. Extra resources

  • 09

    Section 9: Attack Techniques - Broken Access Control

    • 33. Attack techniques - Broken Access Control

    • 34. Attack techniques - Broken Access Control

    • 35. Attack techniques - Broken Access Control - Overview

    • 36. Lab: Broken Access Control

    • 37. Solutions: Broken Access Control

    • 38. Extra resources

    • Quiz 7: Broken Access Control

  • 10

    Section 10: Attack Techniques: IDOR by Uncle Rat

    • 39. Attack techniques - IDOR By Uncle Rat

    • 40. Attack techniques - IDOR By Uncle Rat

    • Quiz 8: IDOR

    • 41. Labs: Attack techniques - IDOR By Uncle Rat

    • 42. Solutions: Attack techniques - IDOR By Uncle Rat

  • 11

    Section 11: Attack Techniques - Business Logic flaws

    • 43. Video: Attack techniques - Business logic flaws

    • 44. Article: The origin of Business logic flaws

    • 45. Attack techniques - Business logic flaws

    • 46. The origin of Business logic flaws

    • Quiz 9: Business logic flaws

    • 47. Labs: Attack techniques - Business logic flaws

    • 48. Solutions: Attack techniques - Business logic flaws

    • Assignment 1: Getting the webshop to pay you

    • 49. Extra resources

  • 12

    Section 12: Attack Techniques- File Inclusions by PinkDraconian

    • 50. 0 Introduction

    • 51. 1 What are File Inclusions

    • 52. 2 Finding a target

    • 53. 3 Is The Target Vulnerable

    • 54. 4 File Inclusion to RCE

    • 55. 5 Wrapper Magic

    • 56. 6 Tools Wordlists Exercises

    • 57. Excercises: Dogcat

    • 58. Excercises: Sniper

    • 59. Excercises: SKFLFI2

    • 60. Excercises: Book

    • 61. Extra resources

  • 13

    Section 13: Attack Techniques - SQLi by PinkDraconian

    • 62. 0 Intro

    • 63. 1 What are SQLi

    • 64. 2 Detecting SQLi

    • 65. 3 Types of SQLi

    • 66. 4 WAF Bypasses

    • 67. 5 SQLMap

    • 68. 6 References & Exercises

    • 69. Excercises: 1 Portswigger Simple Login Bypass

    • 70. Excercises: 2 Union Based SQLi To RCE!

    • 71. Excercises: 3 MSSQL injection to RCE

    • 72. Excercises: 4 Boolean Based SQLi

    • 73. Excercises: 5 SQLi WAF Bypass

    • 74. Excercises: 6 SQLi, XSS and XXE all in one payload

    • 75. Extra resources

  • 14

    Section 14: Attack Techniques - XXE

    • 76. Video: Attack techniques - XXE

    • 77. Attack techniques - XXE

    • Quiz 10: XXE

    • 78. Labs: XXE

    • 79. Solution to the labs

    • 80. XXE Extra resources

  • 15

    Section 15: XXE According to OWASP (optional)

    • 81. 0 Intro

    • 82. 1 What is XXE

    • 83. 2 Finding XXE attack vectors

    • 84. 3 Exploiting XXEs

    • 85. 4 WAFs and Filters

    • 86. 5 Tools and Mitigations

  • 16

    Section 16: Attack Techniques - Xpath Injection

    • 87. What is XPATH injection and how to test for it

    • 88. Labs: XPath injection

  • 17

    Section 17: Attack Techniques - Template Injections

    • 89. Video: Attack techniques - Template injections - SSTI

    • 90. Attack techniques - Template injections - SSTI

    • 91. SSTI overview

    • 92. Attack techniques - Template injections - CSTI

    • 93. Attack techniques - Template injections - CSTI

    • Quiz 11: Template Injections

  • 18

    Section 18: Attack Techniques - XSS

    • 94. What you NEED to know about XSS

    • 95. Ultimate beginner XSS guide

    • 96. Analyzing JS files

    • 97. Analyzing JS files

    • Quiz 12: Analyzing JS files

    • 98. Advanced XSS Testing

    • 99. How to test for reflected XSS

    • 100. How to test for stored XSS

    • 101. What is DOM XSS

    • 102. Labs: Reflected XSS

    • 103. Solutions: Reflected XSS

    • 104. Lab: Stored XSS

    • 105. Solutions: Stored XSS

    • 106. Cheat sheet: XSS

    • 107. Labs: User submitted reflected XSS

  • 19

    Section 19: Attack Techniques: Insecure Deserilisation

    • 108. Lecture: Insecure deserilisation is not as hard as you may think

    • 109. Insecure deserilisation

    • Quiz 13: insecure deserilisation

  • 20

    Section 20: CSP - Content security protection AKA why is my JS not executing?

    • 110. What is CSP?

    • 111. CSP Labs

    • 112. Solutions: CSP Labs

    • Assignment 2: Let's build some CSP

  • 21

    Section 21: Attack Techniques - SSRF

    • 113. Attack techniques - SSRF

    • 114. SSRF

    • 115. Extra video: Blind SSRF, what is it and how to exploit it

    • Quiz 14: SSRF

  • 22

    Section 22: Attach Techniques - OS command Injection

    • 116. Attack techniques - OS Command injection

    • 117. Attack techniques - OS Command injection

  • 23

    Section 23: Attack Techniques - WAF Evasion Technique

    • 118. Video: Attack techniques - WAF evasion techniques

  • 24

    Section 24: Attack Techniques - HTTP Parameter Pollution

    • 119. HTTP Parameter pollution

  • 25

    Section 25: Using Postman to Hack APIs

    • 120. API hacking with postman Part 1 - getting the basics down

    • 121. API hacking with postman Part 2 - importing the API description

    • 122. API hacking with postman Part 3 Pre-request scripts, tests and console

    • 123. API hacking with postman Part 4 - Getting dirty with data sources

  • 26

    Section 26: Practice: Let's Build Some APIs to hack

    • 124. Let's build some APIs that we can hack!

    • 125. Let's build an API to hack - Part 1: The basics

    • 126. Let's build an API to hack - Part 2: Faking it before breaking it

    • 127. Let's build an API to hack - Part 3: Information disclosure

  • 27

    Section 27: Tools

    • 128. Full guide on How Burp Suite works

    • 129. Burp suite zero to hero

    • 130. My Top 10 Burp Suite extensions

    • 131. Authorize for automating IDORs and BAC

    • 132. The truth about XSS scanners ... do they work or not?

  • 28

    Section 28: Burp Suite Practical Examples

    • 133. Testing for SQLi with burp suite

    • 134. Testing for IDORs with Burp Suite

    • 135. Testing websockets in burp

    • 136. Testing a 2FA bypass in burp

  • 29

    Section 29: Reporting

    • 137. Reporting

  • 30

    Section 30: What Now?

    • 138. Next steps

    • 139. Uncle Rat's Recommended public bug bounty targets

  • 31

    Section 31: CheesyLabs

    • 140. There are 5 issues in here, can you find them all? - easy

    • 141. CheesyLabs solutions

  • 32

    Section 32: Master Labs

    • 142. How to enter the master labs