• Post category:StudyBullet-7
  • Reading time:11 mins read


Learn the art of finding and automating the bugs

What you will learn

Web Fundamentals

Python Fundamentals

Automating Bug Hunting with Python

Different WebApp Vulnerabilities

Burp Suite Fundamentals

Injection Vulnerabilities

File Inclusion Vulnerabilities

OWASP TOP 10

Description

This course teaches you how to find bugs in web applications . This course also teaches you Python and also covers most of modules in automating with python . Having Programming skills became necessary in rapidly growing industry . Same applies to cybersecurity and bug hunting . Python helps in automating many things and saves you a ton of time . This course also covers OWASP Top 10 Vulnerabilities . This course can be a good starting point for your bug bounty journey . More and more content will be added from time to time just like my other courses . Modules upto Python Fundamentals were recorded year ago so they contain my bad english but from then onwards there will be no problem in watching videos .

This paragraph tells you essence of cybersecurity


Get Instant Notification of New Courses on our Telegram channel.


Use of cyberspace, i.e. computer, internet, cellphone, other technical devices, etc., to commit a crime by an individual or organized group is called cyber-crime. Cyber attackers use numerous software and codes in cyberspace to commit cybercrime. They exploit the weaknesses in the software and hardware design through the use of malware. Hacking is a common way of piercing the defenses of protected computer systems and interfering with their functioning. Identity theft is also common. Cybercrimes may occur directly i.e, targeting the computers directly by spreading computer viruses. Other forms include DoS attack. It is an attempt to make a machine or network resource unavailable to its intended users. It suspends services of a host connected to the internet which may be temporary or permanent.

Malware is a software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It usually appears in the form of code, scripts, active content, and other software. β€˜Malware’ refers to a variety of forms of hostile or intrusive software, for example, Trojan Horses, rootkits, worms, adware, etc.

English
language

Content

Why should you buy this course ?

Reason to buy this course

Web Fundamentals

HTML Basics
CSS Basics
JavaScript Basics
URL Explained
HTTP Requests
HTTP Responses
Proxy Explained
URL Encoding
Robots.txt Explained

Burpsuite Fundamentals

Installation
Foxyproxy
Manual Spidering
Intruder
Repeater
Decoder

Python Fundamentals

Installing Python
Setting Up Visual Studio Code
Variables
Operators
Strings
User Input
Lists
Tuples
Loops
Dictionaries
File I/O
Functions
Object Oriented Programming
Pip Installer
Sockets Introduction
Debugging
Modules
Exception Handling

SubDomain Enumeration

Enumerating Subdomains
Enumerating Virtual Hosts
Enumerating with Sublist3r
Automating with Python

Broken Authentication

Default Credentials
Burp , Hydra , Wfuzz , Python for Bruteforcing
Bypassing Rate Limit
Bruteforcing Usernames
Bruteforcing Usernames and Bypassing Rate Limit – Portswigger Labs
Username Enumeration via UI
Username Enumeration via SignUp
Bruteforcing Usernames via Timing Attack
Filtering wordlist according to Password Policy
Abusing Password Reset Functionality
Cookie Tampering
Bypassing IP Block , Account Locking and Rate Limit
2FA Bypass and Bruteforcing OTP

SQL Injection (SQLI)

Installing MySQL Workbench
MySQL Basics
Error Based SQL Injection – OR AND
Union Based SQL Injection
Fetching SQL Version and OS Information
Dumping All tables and data
Blind SQL Injection – Boolean Condition Responses
Blind SQL Injection – Conditional Errors
Blind SQL Injection – Time Delay Attack
HacktheBox – FALAFEL Walkthrough

File Inclusion

Local File Inclusion – Information Disclosure
Log Poisoning to RCE
Session Poisoning to RCE
Remote File Inclusion – Getting RCE
TryHackMe – Dogcat walkthrough

Command Injection

Basic Command Injection
Advanced Command Injection Bypass Techniques
Blind Command Injection – Time Delays & Output Redirection

HTTP Verb Tampering

Tampering HTTP Verbs

File Upload Vulnerability

Unprotected File Upload
Bypassing Client Side Filters
Bruteforcing Extensions
Content-Type and Magic Bytes

Insecure Direct Object Reference (IDOR)

Bruteforcing Parameters
Bruteforcing Encoded Parameters
Portswigger Lab
HacktheBox CAP Walkthrough

Information Disclosure

Error Messages
Debug Information
Backup Files
TRACE Method

Cross Site Scripting (XSS)

Reflected XSS
Stored XSS
Bruteforcing Valid Tags & Attributes to Bypass WAF
Cookie Stealing with XSS
TryHackMe XSS Walkthrough

Cross Site Request Forgery (CSRF)

CSRF Attack
Bypassing CSRF check by Tampering Verbs
Insecure Configurations
Duplicate Tokens

Server Side Request Forgery (SSRF)

SSRF Attack
Scanning Internal Systems with SSRF
Scanning Internal Ports with SSRF
Bypassing Blacklist Defenses
OpenRedirect with SSRF
Blind SSRF
TryHackMe SSRF Walkthrough

XML eXternal Entities (XXE)

XML and DTD Explained
XXE File Read
SSRF with XXE
Blind XXE
Data Exfiltration with Blind XXE
XXE via File Upload
HackTheBox – MARKUP Walkthrough

Pentesting WordPress

Installing WordPress
WordPress Directory Enumeration
Enumeration with WPScan
WordPress XMLRPC
Wpscan XMLRPC
Metasploit XMLRPC
Login Bruteforcing with Burp and Hydra
Exploiting themes to get reverse shell
Exploiting Plugins to get reverse shell
Metasploit shell upload
Hacking Drupal

Downloads Section

Tryhackme blog walkthrough