Learn Ethical Hacking

What is ethical hacking?

Course Overview

MODULE 1: Injection

Injection flaws, such as SQL, OS, XXE and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. Attackers send simple text-based attacks that exploit the syntax of the targeted interpreter. Injection can result in data loss or corruption, denial of access or lead to complete host takeover.

MODULE 2: Broken authentication

Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys or session tokens, or to exploit other implementation flaws to assume other users’ identities (temporarily or permanently). Once successful, the attacker can do anything the victim could do. Privileged accounts are frequently targeted.

MODULE 3: Sensitive data exposure

The most common flaw is simply not encrypting sensitive data. When crypto is employed, weak key generation and management, and weak algorithm usage is common, particularly weak password hashing techniques. Attackers typically don’t break crypto directly. They break something else, such as stealing keys, performing man-in-the-middle attacks, or stealing clear text data off the server, while in transit or from the user’s browser. Failure frequently compromises all data that should have been protected. Typically, this information includes sensitive data such as health records, credentials, personal data and credit cards.

MODULE 4: XML external entities (XXE)

By default, many older XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. Attackers can exploit vulnerable XML processors if they can upload XML or include hostile content in an XML document, exploiting vulnerable code, dependencies or integrations. These flaws can be used to extract data, execute a remote request from the server, scan internal systems, perform a denial-of-service attack, as well as execute other attacks.

MODULE 5: Broken access control

Applications and APIs don’t always verify the user is authorized for the target resource. This results in an access control flaw. Attackers, who are authorized users, simply change a parameter value to another resource they aren’t authorized for. Such flaws can compromise all the functionality or data that is accessible.

MODULE 6: Security misconfiguration

Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server and platform. Attackers access default accounts, unused pages, unpatched flaws, unprotected files and directories to gain unauthorized access to or knowledge of the system. Occasionally, such flaws result in a complete system compromise.

MODULE 7: Cross-site scripting (XSS)

XSS flaws occur when an application updates a web page with attacker controlled data without properly escaping that content or using a safe JavaScript API. Attackers can execute scripts in a victim’s browser to hijack user sessions, deface websites, insert hostile content, redirect users, hijack the user’s browser using malware and more.

MODULE 8: Insecure deserialization

Applications and APIs will be vulnerable if they deserialize hostile or tampered objects supplied by an attacker. This can result in object- and data-structure-related attacks or data-tampering attacks, such as access-control-related attacks where existing data structures are used but the content is changed. Exploitation of deserialization is somewhat difficult, as off-the-shelf exploits rarely work without changes or tweaks to the underlying exploit code. The impact of deserialization flaws cannot be overstated. These flaws can lead to remote code execution attacks, one of the most serious attacks possible.

MODULE 9: Using components with known vulnerabilities

Many applications and APIs have these issues because their development teams don’t focus on ensuring their components and libraries are up to date. In some cases, the developers don’t even know all the components they are using, never mind their versions. Attackers identify a weak component through scanning or manual analysis. They customize the exploit as needed and execute the attack. The impact could range from minimal to complete host takeover and data compromise.

MODULE 10: Insufficient logging & monitoring

Exploitation of insufficient logging and monitoring is the bedrock of nearly every major incident. Attackers rely on the lack of monitoring and timely response to achieve their goals without being detected. Most successful attacks start with vulnerability probing. Allowing such probes to continue can raise the likelihood of successful exploit to nearly 100%. One strategy for determining if you have sufficient monitoring is to examine the logs following penetration testing. The testers’ actions should be recorded sufficiently to understand what damages they may have inflicted.

Bug Bounties Course Modules

  • Course Introduction and Overview
  • Why you should take this
  • Teaser of Offensive Approach to Hunt Bugs
  • Step how to configure
  • How to work spider
  • How to work repeater
  • How to work intruder
  • How to work sequencer
  • How to pentest with burpsuit
  • How to change query perameter
  • Background concept about xss
  • Backround xss
  • Basic xss
  • Basic xss on lab
  • Manual building xss vector
  • Xss through filter bypass xss payload on lab
  • Xss on live website
  • Xss hunting
  • Xss through header perameter
  • Reflected xss vs stored xss
  • Exploitation of xss redirection
  • Exploitation of xss phishing
  • Exploitation of xss cookies stiling
  • Xss through file uploading
  • Xss through remote file Inclusion
  • Convert self xss to reflect xss
  • Walkthrough disscovered xss by pentester hackerone
  • Overview host header Injection
  • Host header attack open redirection
  • Host header attack password reset posioning
  • Host header attack xss through
  • Walkthrough disscovered Host header He by pentester hackerone
  • Background concept about url redirection
  • Url Redirection through Get Perameter
  • Url Redirection through path Fragment
  • POc of Url Redirection
  • walkthrough disscovered Url Redirection He by pentester hackerone
  • Background concept of parameter tempring
  • Type of perameter
  • Get perameter
  • Post perameter
  • Parameter modifiction
  • Parameter tempring exapmle
  • Poc of paremeter tempring
  • walkthrough disscovered perameter tempring by pentester hackerone
  • Background concept of html injection
  • Website Defacement
  • Examples
  • POC
  • Walkthrough disscovered Html Injection by pentester hackerone
  • Background concept of file inclusion
  • Lfi
  • Rfi
  • Lfi Vs Rfi
  • Direct page request
  • Path traversal
  • Uploaded file backdoor
  • Insecure extention file handling
  • Directory listing
  • File size
  • File type
  • Malware uploaded
  • Hunting of file inclusion
  • Exploitation of file inclusion
  • POC
  • >Walkthrough disscovered file Inclusion He by pentester hackerone
  • Backdoor concept
  • Testing Spf
  • Explotation Spf
  • Poc
  • walkthrough disscovered Spf Record by pentester hackerone
  • Background concept
  • Insecure CORS by Checking Response Header
  • Insecure CORS through Request Header
  • Exploitation of Insecure CORS
  • POc
  • walkthrough disscovered Cors by pentester hackerone
  • Backdoor concept
  • Ssrf Testing
  • Ssrf on Lab Web
  • Exploitation of ssrf attack
  • poc
  • walkthrough disscovered ssrf by pentester hackerone
  • Background concept about critical file found
  • Critical file found on live web
  • Critcal file found live 2
  • POC
  • Walkthrough disscovered critical file found by pentester hackerone
  • Background concept of source code Disclosure
  • Source code Disclosure on lab
  • POC
  • Walkthrough disscovered source code disclousure by pentester hackerone
  • Background concept about csrf
  • Injection point for csrf
  • Csrf on logout page
  • Csrf live
  • CSRF page on some critical Business Logic Page
  • POC
  • Walkthrough disscovered csrf by pentester hackerone
  • Background concept of subdomain takeover
  • How to takeover sub domain
  • Prevention technique
  • Hostile subdomain takeover live web
  • POV
  • Walkthrough disscovered subdomain takeover by pentester hackerone
  • Background concept of sql injection
  • SQL injection lab setup
  • Injection pointing for sql injection
  • Learn sql query fixing
  • Sqli get base
  • Exploitaion of get based
  • Sqli post base
  • Exploitaion of post base
  • Sqli header based
  • Exploitation of header base sqli
  • Sqli cookies base
  • Exploitaion of cookies base
  • Authentication bypass sqli
  • Authentication of sqli get based
  • Authentication of sqli post base
  • Automation of sqli
  • Sql on live web
  • POC
  • Walkthrough disscovered sql injection by pentester hackerone
  • Backdoor concept of command injection
  • How to acess systemm using coomand injection
  • Command injection on live web
  • POC
  • Walkthrough disscovered command injeciton by pentester hackerone
  • Background concept about file uploading
  • File uploading using lfi
  • File uploading using rfi
  • How to bpass file uploading security
  • How to bypass extention filtering
  • POC
  • Walkthrough disscovered file uploading by pentester hackerone
  • Background concept
  • How to work xml
  • How to create payload
  • How to exploit
  • How to bypass
  • POC
  • Walkthrough disscovered xml by pentester hackerone

Share this Page!