Course curriculum

  • 1

    Introduction

    • Course Introduction

    • Disclaimer

    • Rules for asking Questions

    • How to Download a Certificate
  • 2

    OWASP Top 10

    • What is OWASP and Injection

    • What is Broken Authentication

    • What is Sensitive Data Exposure

    • What is XML External Entities

    • What is Broken Access Control

    • What is Security Misconfiguration

    • What is Cross Site Scripting (XSS)

    • What is Insecure Deserialization

    • What is Using Components with Known Vulnerabilities

    • What is Insufficient Logging and Monitoring

    • Revision of OWASP
  • 3

    Burp Suite and Lab Setup

    • Burp Suite Proxy Lab Setup

    • Burpsuite Setup Revision
  • 4

    Authentication Bypass

    • Authentication Bypass Exploitation Live -1

    • Authentication Bypass Exploitation Live -2

    • Authentication Bypass Exploitation Live -3

    • Authentication Bypass Exploitation Live -4

    • Authentication Bypass Exploitation Live -5

    • Authentication Bypass Exploitation Captcha

    • Authentication Bypass to Account Takeover Live -1

    • Authentication Bypass to Account Takeover Live -2

    • Authentication Bypass due to OTP Exposure Live -1

    • Authentication Bypass due to OTP Exposure Live -2

    • Authentication Bypass 2FA Bypass Live

    • Authentication Bypass - Email Takeover Live

    • Authentication Bypass Mitigations

    • Authentication Bypass Interview Questions and Answers

    • Authentication Bypass Revision
  • 5

    No Rate-Limit Attacks

    • No Rate-Limit leads to Account Takeover Live Type-1

    • NO RL Alternative Tools Introduction

    • No Rate-Limit leads to Account Takeover Live Type -2

    • No Rate-Limit leads to Account Takeover Live Type -3

    • No Rate-Limit leads to Account Takeover Live Type -4

    • No Rate-Limit leads to Account Takeover Live Type -5

    • No Rate-Limit to Account Takeover Live - Type 6

    • No Rate-Limit to Account Takeover Live - Type 7

    • No Rate-Limit Instagram Report Breakdown

    • No Rate-Limit Instagram Report Breakdown 2

    • No Rate Limit Bypass Report Breakdown

    • No Rate Limit Bypass Report Breakdown 2

    • No Rate-Limit to Tool Fake IP Practical

    • No Rate-Limit test on CloudFare

    • No Rate-Limit Mitigations

    • No Rate-Limit All Hackerone Reports Breakdown

    • Burp Alternative : OWASP ZAP Proxy for No RL

    • No Rate-Limit Revision
  • 6

    Cross Site Scripting (XSS)

    • How XSS Works

    • Reflected XSS on Live 1

    • Reflected XSS on Live 2

    • Reflected XSS on Live 3 Balanced

    • XSS on Limited Inputs Live 1

    • Reflected XSS on Live Manual Balancing

    • XSS on Limited Inputs Live 2

    • XSS in Request Headers - Live

    • Reflected XSS Useragent and Caching

    • Reflected XSS Email Validator Live

    • Reflected XSS Protection Bypass Live 1 - Base64

    • Reflected XSS Protection Bypass Live -2

    • XSS using Spider

    • XSS Bypass Right Click Disabled

    • Blind XSS Exploitation

    • Stored XSS Exploitation Live

    • DOM XSS Name

    • DOM XSS Redirect

    • DOM XSS Index

    • DOM XSS Automated Scanner

    • XSS on Live by Adding Parameters

    • XSS Mouse on Lab

    • XSS Mouse Live

    • XSS Mouse Events All Types

    • XSS Polyglots Live

    • XSS Polyglots Breakdown

    • XSS Exploitation - URL Redirection

    • XSS Exploitation - Phishing

    • XSS Exploitation Cookie Stealer Lab

    • XSS Exploitation Cookie Stealer Live

    • XSS Exploitation File Upload Type -2

    • XSS Exploitation File Upload Type -3

    • XSS Exploitation File Upload Type- 1

    • XSS Mitigations

    • XSS Bonus TIPS and TRICKS

    • XSS Hackerone ALL Reports Breakdown

    • XSS Interview Questions and Answers

    • XSS Revision

    • XSS Revision - 2
  • 7

    Cross Site Request Forgery (CSRF)

    • How CSRF Works

    • CSRF Alternative Tools Introduction

    • CSRF on LAB

    • CSRF on LAB - 2

    • CSRF on Live -1

    • CSRF on Live -2

    • CSRF Password Change Lab

    • CSRF Funds Transfer Lab

    • CSRF Request Methods Trick - Lab

    • CSRF to Account Takeover Live -1

    • CSRF to Account Takeover Live -2

    • Chaining CSRF with XSS

    • CSRF Mitigations

    • CSRF BONUS Tips and Tricks

    • CSRF ALL Hackerone Reports Breakdown

    • CSRF Interview Questions and Answers

    • Alternative to Burpsuite for CSRF : CSRF PoC Generator
  • 8

    Cross Origin Resource Sharing (CORS)

    • How CORS Works

    • CORS 3 Test Cases Fundamentals

    • CORS Exploitation Live -2 Exfiltration of Account Details

    • CORS Exploitation Live -3 Exfiltration of Account Details

    • CORS Live Exploitation -4

    • CORS Exploitation Facebook Live

    • CORS Live Prefix Match

    • CORS Live Suffix Match

    • CORS Mitigations

    • CORS Breakdown of ALL Hackerone Reports
  • 9

    How to start with Bug Bounty Platforms and Reporting

    • BugCrowd ROADMAP

    • Hackerone ROADMAP

    • Open Bug Bounty ROADMAP

    • NCIIPC Govt of Inida ROADMAP

    • RVDP All Websites ROADMAP
  • 10

    Bug Bounty Reporting Templates

    • Reporting Templates
  • 11

    Exploitation of CVE 2020-5902 Remote Code Execution

    • Exploitation

    • Assets & Resources

    • Final Words
  • 12

    Exploitation of CVE 2020-3452 File Read

    • Exploitation of CVE 2020-3452 File Read
  • 13

    Exploitation of CVE 2020-3187 File Delete

    • Exploitation of CVE 2020-3187 File Delete

Instructor(s)

Founder at Hacktify Cyber Security

Rohit Gautam

I am Rohit Gautam the CEO & Founder of Hacktify Cyber Security I am into Cyber Security Training for many years. Students have loved my courses and given 5 ★ Ratings and made Bestseller. My students have been in the Top 15 Cyber Security Researchers of India twice in a Row. Apart from training's, I'm a security researcher with special interest in network exploitation and web application security analysis and Red Teaming I have worked for all the topmost banks of India in their VAPT Team. I have worked with ICICI, Kotak, IDFC bank I have also experience working with NSDL and some financial organizations like Edelweiss I have worked on many private projects with NTRO & Govt of India. I was acknowledged with Swag, Hall of Fame, Letter Of Appreciation, and Monetary rewards by Google, Facebook, Conclusion, Seek, Trip Advisor, Riddlr, Hakon, Acorns, Faasos, and many more companies for finding out vulnerabilities in their organization and responsibly reporting it.

Founder at Hacktify Cyber Security

Shifa Cyclewala

I am Shifa Cyclewala the Founder of Hacktify Cyber Security I am into Cyber Security Training for many years. Students have loved our courses and given 5 ★ Ratings and made Bestseller across Mumbai My students have been in the Top 15 Cyber Security Researchers of India twice in a Row. Apart from training's, I'm a Security researcher and a Mobile Application Developer. I have worked for all the topmost international schools of India as a technical Instructor. I have worked with Software development Companies into their development team ZingHR was the last Organization i worked with. I am Working towards development of Women in Cyber security and • Presented Cyber security awareness sessions in many colleges across Mumbai • Trained more than 1000+ individuals in Cyber Security • Conducted more than 50 workshops panIndia • Invited as Keynote speaker at Rohidas Management Studies, A.E Khalsekar College, DY Patil College, Shah and Anchor Engineering College, KJ Somaiya etc.. • Invited as a Key Speaker at Women in Cyber Security (WCS) and Infosec Girls

Pricing options

The Pricing is for One time with Lifetime access to the courses

Some of our happy students

Placed at KPMG (Security Consultant)

Ronit Bhatt

One of THE BEST courses available to get started in bug bounty hunting. The live website practicals just makes it even more easier to learn and grasp the concepts. !!!! Very well explained and designed.

Placed at Progist (Threat Hunter)

Kartik Adak

One of the best courses for Pentesting & Bug Bounty Hunting, There was always constant support for any doubts and the in depth practicals on live targets made it more easier to understand the fundamentals.

Placed at Media.net (Security Consultant)

Pranav Bhandari

Amazing course on bug bounty and ethical hacking. No other course has come up with live practical attacks on Owasp's as I have seen. Yes recommended to other students,professional as well. Awesome :)

Placed at Progist (Security Consultant)

Jerry Nissan

Even a Zero experienced one can understand so clearly. Well and clearly explained. Recommend to a beginner and advance level too

FAQ

Frequently asked questions

  • Does the course come with Lifetime access?

    Yes, Absolutely you will have the access for lifetime

  • Does this course contain live practicals?

    Yes, we have curated the course content with live simulations of practicals which is 100% inclined practicals with industry standards.

  • Can I get a Internship/Hall of Fame/ Bounty with this course?

    Yes, most of our students who have enrolled the course has been successful and have been acknowledged with many HoF, Bounties, Internships & Jobs. Don't take our words check our Linkedin Handle for student reviews and their acknowledgements - linkedin.com/in/shifa