Bug Bounty Hunting Methodology - Jason Haddix from Bugcrowd's LevelUp
Offered By: Bugcrowd via YouTube
Course Description
Overview
Dive into advanced bug bounty hunting and web hacking techniques in this comprehensive conference talk from Bugcrowd's LevelUp 2017. Explore a wide range of topics, including subdomain enumeration with Sublist3r, port scanning, visual identification, platform identification, CVE searching, content discovery, and directory bruting. Learn about various attack vectors such as XSS (Cross-Site Scripting), including blind XSS and XSS polyglots, SSTI (Server-Side Template Injection), SSRF (Server-Side Request Forgery), and code injection. Discover tools like XSSHunter and Backslash Powered Scanner, and gain insights into subdomain takeovers and AWS misconfigurations. Enhance your bug hunting skills with this in-depth methodology presented by Jason Haddix, covering everything from initial reconnaissance to advanced exploitation techniques.
Syllabus
Intro
history && topics
light reading
Sublist3r
Sub Scraping (bespoke)
Sub Bruting
Acquisitions
Port Scanning
Visual Identification
Platform identification and CVE searching
Content Discovery/ Directory Bruting
Parameter Bruting?
XSS (not a lot)
Blind XSS
XSSHunter
XSS Polyglot #4
Jackmasa's
SSTI
SSRF (GET examples)
SSRF Resources
Code Injection.CMD
Backslash Powered Scanner
Subdomain takeover!
Robbing Misconfigured Sh** (AWS)
Taught by
Bugcrowd
Related Courses
OWASP Top 10 - A10:2021 - Server-Side Request Forgery (SSRF)Cybrary Popular Web Attacks - XSS, CSRF, SSRF, SQL Injection, MIME Sniffing, Smuggling and More
Hussein Nasser via YouTube API-Induced SSRF - How Apple Pay Scattered Vulnerabilities Across the Web
Black Hat via YouTube A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages
Black Hat via YouTube SSRF PWNs - New Techniques and Stories
Hack In The Box Security Conference via YouTube