Bug Bounty - An Advanced Guide to Finding Good Bugs

Sauron said:

​

---

Bug bounties are evolving year after year and thousands of infosec enthuasiasts are looking to join the boat. Having a great place on that boat requires dedication and investing a great amount of time of work. In fact, there are multiple types of vulnerabilities and mastering the most important of these can be a game changer. In this class, attendees will learn the "how" and "why" of vulnerabilities they are already aware of instead of sticking to what the vulnerability is in general. This class will be based on real-life scenarios to show how to think out of the box in different scenarios to bring in the maximum impact.

During the session, students will have hands on excercises with:​

1. SQL Injection​
2. XXE​
3. SSRF​
4. RECON out of the box​
5. RCE​
6. SSTI​
7. Directory Traversal​
8. Access Control Vulns​
9. Authentication Issues​
10. Cache Poisoning​
11. Info Disclosure​
12. More subjects to be treated​

Who Should Attend This Course
This course is intended for students with an interest in bug bounties, web vulnerability discovering and exploitation, or general infosec enthusiast who whish to know more about the side of bug bounties. Students should be comfortable with the type of vulnerabilities mentionned because we are not going to cover from a totaly beginner's side.

Key Takeaways​

1. Students will learn in-depth about a vulnerability exploitation​
2. Students will be able to approach a target effectively​
3. Students will learn thinking out of the box in different scenarios​

Who this course is for:​

• Bug bounty hunters and anyone interested into web application security​
• Pentesters​
• Hackers​

  ---

  
  
  
  [Hidden content]​

Click to expand...

Sauron said:

​

---

Bug bounties are evolving year after year and thousands of infosec enthuasiasts are looking to join the boat. Having a great place on that boat requires dedication and investing a great amount of time of work. In fact, there are multiple types of vulnerabilities and mastering the most important of these can be a game changer. In this class, attendees will learn the "how" and "why" of vulnerabilities they are already aware of instead of sticking to what the vulnerability is in general. This class will be based on real-life scenarios to show how to think out of the box in different scenarios to bring in the maximum impact.

During the session, students will have hands on excercises with:​

1. SQL Injection​
2. XXE​
3. SSRF​
4. RECON out of the box​
5. RCE​
6. SSTI​
7. Directory Traversal​
8. Access Control Vulns​
9. Authentication Issues​
10. Cache Poisoning​
11. Info Disclosure​
12. More subjects to be treated​

Who Should Attend This Course
This course is intended for students with an interest in bug bounties, web vulnerability discovering and exploitation, or general infosec enthusiast who whish to know more about the side of bug bounties. Students should be comfortable with the type of vulnerabilities mentionned because we are not going to cover from a totaly beginner's side.

Key Takeaways​

1. Students will learn in-depth about a vulnerability exploitation​
2. Students will be able to approach a target effectively​
3. Students will learn thinking out of the box in different scenarios​

Who this course is for:​

• Bug bounty hunters and anyone interested into web application security​
• Pentesters​
• Hackers​

  ---

  
  
  
  [Hidden content]​

Click to expand...

Sauron said:

​

---

Bug bounties are evolving year after year and thousands of infosec enthuasiasts are looking to join the boat. Having a great place on that boat requires dedication and investing a great amount of time of work. In fact, there are multiple types of vulnerabilities and mastering the most important of these can be a game changer. In this class, attendees will learn the "how" and "why" of vulnerabilities they are already aware of instead of sticking to what the vulnerability is in general. This class will be based on real-life scenarios to show how to think out of the box in different scenarios to bring in the maximum impact.

During the session, students will have hands on excercises with:​

1. SQL Injection​
2. XXE​
3. SSRF​
4. RECON out of the box​
5. RCE​
6. SSTI​
7. Directory Traversal​
8. Access Control Vulns​
9. Authentication Issues​
10. Cache Poisoning​
11. Info Disclosure​
12. More subjects to be treated​

Who Should Attend This Course
This course is intended for students with an interest in bug bounties, web vulnerability discovering and exploitation, or general infosec enthusiast who whish to know more about the side of bug bounties. Students should be comfortable with the type of vulnerabilities mentionned because we are not going to cover from a totaly beginner's side.

Key Takeaways​

1. Students will learn in-depth about a vulnerability exploitation​
2. Students will be able to approach a target effectively​
3. Students will learn thinking out of the box in different scenarios​

Who this course is for:​

• Bug bounty hunters and anyone interested into web application security​
• Pentesters​
• Hackers​

  ---

  
  
  
  [Hidden content]​

Click to expand...

Sauron said:

​

---

Bug bounties are evolving year after year and thousands of infosec enthuasiasts are looking to join the boat. Having a great place on that boat requires dedication and investing a great amount of time of work. In fact, there are multiple types of vulnerabilities and mastering the most important of these can be a game changer. In this class, attendees will learn the "how" and "why" of vulnerabilities they are already aware of instead of sticking to what the vulnerability is in general. This class will be based on real-life scenarios to show how to think out of the box in different scenarios to bring in the maximum impact.

During the session, students will have hands on excercises with:​

1. SQL Injection​
2. XXE​
3. SSRF​
4. RECON out of the box​
5. RCE​
6. SSTI​
7. Directory Traversal​
8. Access Control Vulns​
9. Authentication Issues​
10. Cache Poisoning​
11. Info Disclosure​
12. More subjects to be treated​

Who Should Attend This Course
This course is intended for students with an interest in bug bounties, web vulnerability discovering and exploitation, or general infosec enthusiast who whish to know more about the side of bug bounties. Students should be comfortable with the type of vulnerabilities mentionned because we are not going to cover from a totaly beginner's side.

Key Takeaways​

1. Students will learn in-depth about a vulnerability exploitation​
2. Students will be able to approach a target effectively​
3. Students will learn thinking out of the box in different scenarios​

Who this course is for:​

• Bug bounty hunters and anyone interested into web application security​
• Pentesters​
• Hackers​

  ---

  
  
  
  [Hidden content]​

Click to expand...

Sauron said:

​

---

Bug bounties are evolving year after year and thousands of infosec enthuasiasts are looking to join the boat. Having a great place on that boat requires dedication and investing a great amount of time of work. In fact, there are multiple types of vulnerabilities and mastering the most important of these can be a game changer. In this class, attendees will learn the "how" and "why" of vulnerabilities they are already aware of instead of sticking to what the vulnerability is in general. This class will be based on real-life scenarios to show how to think out of the box in different scenarios to bring in the maximum impact.

During the session, students will have hands on excercises with:​

1. SQL Injection​
2. XXE​
3. SSRF​
4. RECON out of the box​
5. RCE​
6. SSTI​
7. Directory Traversal​
8. Access Control Vulns​
9. Authentication Issues​
10. Cache Poisoning​
11. Info Disclosure​
12. More subjects to be treated​

Who Should Attend This Course
This course is intended for students with an interest in bug bounties, web vulnerability discovering and exploitation, or general infosec enthusiast who whish to know more about the side of bug bounties. Students should be comfortable with the type of vulnerabilities mentionned because we are not going to cover from a totaly beginner's side.

Key Takeaways​

1. Students will learn in-depth about a vulnerability exploitation​
2. Students will be able to approach a target effectively​
3. Students will learn thinking out of the box in different scenarios​

Who this course is for:​

• Bug bounty hunters and anyone interested into web application security​
• Pentesters​
• Hackers​

  ---

  
  
  
  [Hidden content]​

Click to expand...

Sauron said:

​

---

تتطور مكافآت اكتشاف الأخطاء الأمنية عامًا بعد عام، ويتطلع آلاف من خبراء أمن المعلومات للانضمام إلى هذا البرنامج. يتطلب تحقيق مكانة مرموقة في هذا البرنامج تفانيًا وجهدًا كبيرًا. في الواقع، هناك أنواع متعددة من الثغرات الأمنية، وإتقان أهمها قد يُحدث نقلة نوعية. في هذه الدورة، سيتعلم المشاركون "كيف" و"لماذا" تُكتشف الثغرات الأمنية التي يعرفونها بالفعل، بدلًا من الاكتفاء بتعريفها بشكل عام. ستستند هذه الدورة إلى سيناريوهات واقعية لتوضيح كيفية التفكير بطريقة مبتكرة في مختلف السيناريوهات لتحقيق أقصى استفادة.

خلال الجلسة، سيحصل الطلاب على تمارين عملية مع:​

1. حقن SQL​
2. XXE​
3. صندوق أبحاث العلوم الاجتماعية​
4. RECON خارج الصندوق​
5. ار سي اي​
6. إس إس تي آي​
7. عبور الدليل​
8. ثغرات التحكم في الوصول​
9. مشاكل المصادقة​
10. تسميم ذاكرة التخزين المؤقت​
11. الإفصاح عن المعلومات​
12. هناك المزيد من المواضيع التي يجب معالجتها​

من ينبغي أن يحضر هذه الدورة؟
هذه الدورة مُخصصة للطلاب المهتمين بمكافآت الأخطاء، واكتشاف ثغرات الويب واستغلالها، أو المهتمين بأمن المعلومات بشكل عام والراغبين في معرفة المزيد عن مكافآت الأخطاء. يجب أن يكون الطلاب مُلِمّين بنوع الثغرات المذكورة، لأننا لن نُغطيها من منظور المبتدئين تمامًا.

النقاط الرئيسية​

1. سيتعلم الطلاب بعمق عن استغلال الثغرات الأمنية​
2. سيكون الطلاب قادرين على التعامل مع الهدف بشكل فعال​
3. سيتعلم الطلاب التفكير خارج الصندوق في سيناريوهات مختلفة​

لمن هذه الدورة:​

• صائدو مكافآت الأخطاء وأي شخص مهتم بأمن تطبيقات الويب​
• مختبرو الاختراق​
• المتسللين​

  ---

  
  
  
  [المحتوى المخفي]​

Click to expand...