Ethical Hacking + Bug Bounty in IT Security

Course Curriculum

Chapter 1: Promo & Introduction

Lecture 1: Introduction To Course and Contents

Lecture 2: Legal Disclaimer

Chapter 2: Lab Setup Environment

Lecture 1: Installation Burpsuite on Windows

Lecture 2: Installation kali and BurpSuite

Lecture 3: Settingup Proxy Server

Lecture 4: Burpsuite Certificate

Lecture 5: bWAPP & DVWA Installation

Lecture 6: Installation OWASP (Open Web Application Security Project)

Chapter 3: Xml External Entities New 2017

Lecture 1: Introduction

Lecture 2: Simple XML External Entity injection and Validation

Lecture 3: XML Injection using Doc-type, Entities, Element

Lecture 4: XML Validator robot.txt and Passwd

Lecture 5: XML Getting Passwd

Lecture 6: XSS Injection using XML External Entities

Lecture 7: XSS Injection in Json Get Method

Lecture 8: XXE vulnerability Denial of Service

Lecture 9: XXE exposing file and directory contents

Lecture 10: XXE Blind XXE using Powerpoint File

Chapter 4: Authentication Session Mgt

Lecture 1: Introduction to auth and session mgnt

Lecture 2: Captcha works for Authentication part 2

Lecture 3: Captcha works for Authentication part 1

Lecture 4: Captcha works for Authentication part 3

Lecture 5: Session flaws in user login

Lecture 6: Bypass Authentication

Lecture 7: Bypass Authentication changing user name

Lecture 8: Bypass Authentication Burteforce

Lecture 9: Bypass Authentication users password

Chapter 5: Broken Access Control 2017 (New)

Lecture 1: Where you can Find?

Lecture 2: Broken Access Control Example

Lecture 3: Admin Panel Access without Authentication

Lecture 4: Introduction to broken access control

Lecture 5: Introduction to IDOR

Lecture 6: Bypass JavaScript and change user

Lecture 7: Price Manipulation at Payment Getaway

Lecture 8: Local file inclusion (LFI)

Lecture 9: Local file inclusion (LFI) part 2

Lecture 10: Modify users data

Lecture 11: Introduction to Missing function level access control

Lecture 12: Forgot to set the Secure flag for login (LIVE)

Chapter 6: Subdomain Discovery Vul

Lecture 1: Introduction to Subdomain Takeover

Lecture 2: Enumeration of Sub-domain

Lecture 3: Discovery of Sub-domain Alteration and Permutation

Lecture 4: Getting Sub-domains with Parallelism DNS Probes

Lecture 5: Finding a CName

Lecture 6: Found sub-domain service CNAME

Lecture 7: Bypassing wildcard DNS Subdomains

Chapter 7: Secure Mis-Configuration

Lecture 1: Accessing Files and Directories

Lecture 2: Misconfiguration of user details by SQL Injection

Lecture 3: Web Tampering in url Method

Lecture 4: Report of parameter tampering

Lecture 5: HTTP Parameter Pollution in URL

Lecture 6: SQL Injection Getting Access XML Details

Lecture 7: Password guessing of User Login

Chapter 8: SQL Injection for Web Application

Lecture 1: Union Based SQL Injection

Lecture 2: SQL Injection with login form Manually

Lecture 3: SQL Injection in HTTP Header

Lecture 4: SQL Injection for Jquery

Chapter 9: Sensitive Data Exposure (Unvalidated, Forwarding, Open Redirect URL)

Lecture 1: Where you can Find?

Lecture 2: Open Redirecting of URL

Lecture 3: Open Redirecting of URL Part 2

Lecture 4: Unvalidated Redirecting of URL

Lecture 5: Directory Path Traversal

Chapter 10: XSS – (Cross Site Scripting Vul)

Lecture 1: Live Example of XSS

Lecture 2: Simple XSS injection for Get and Post Method

Lecture 3: Header Information Injection

Lecture 4: Evaluation method function