YoVDO

Bug Bounty Hunting Methodology - Jason Haddix from Bugcrowd's LevelUp

Offered By: Bugcrowd via YouTube

Tags

Bug Bounty Courses Cybersecurity Courses Cross-Site Scripting (XSS) Courses Server-Side Request Forgery (SSRF) Courses Port Scanning Courses Code Injection Courses

Course Description

Overview

Dive into advanced bug bounty hunting and web hacking techniques in this comprehensive conference talk from Bugcrowd's LevelUp 2017. Explore a wide range of topics, including subdomain enumeration with Sublist3r, port scanning, visual identification, platform identification, CVE searching, content discovery, and directory bruting. Learn about various attack vectors such as XSS (Cross-Site Scripting), including blind XSS and XSS polyglots, SSTI (Server-Side Template Injection), SSRF (Server-Side Request Forgery), and code injection. Discover tools like XSSHunter and Backslash Powered Scanner, and gain insights into subdomain takeovers and AWS misconfigurations. Enhance your bug hunting skills with this in-depth methodology presented by Jason Haddix, covering everything from initial reconnaissance to advanced exploitation techniques.

Syllabus

Intro
history && topics
light reading
Sublist3r
Sub Scraping (bespoke)
Sub Bruting
Acquisitions
Port Scanning
Visual Identification
Platform identification and CVE searching
Content Discovery/ Directory Bruting
Parameter Bruting?
XSS (not a lot)
Blind XSS
XSSHunter
XSS Polyglot #4
Jackmasa's
SSTI
SSRF (GET examples)
SSRF Resources
Code Injection.CMD
Backslash Powered Scanner
Subdomain takeover!
Robbing Misconfigured Sh** (AWS)


Taught by

Bugcrowd

Related Courses

Complete Website Ethical Hacking and Penetration Testing
Udemy Website Hacking / Penetration Testing
Udemy Bug Bounty - Web Application Penetration Testing B|WAPT
Udemy ASP.NET Core: Security
LinkedIn Learning Advanced Cyber Security Training: OWASP Top 10 and Web Application Fundamentals
EC-Council via FutureLearn