1. Exploitation | The Course Tree

Autoplay
Autocomplete

Previous Lesson Complete and Continue

Ethical Hacking Penetration Testing & Bug Bounty Hunting

1. Course Introduction

1. Course Introduction (4:07)
2. Disclaimer (1:02)

2. OWASP Top 10

1. What is OWASP and Injection (9:55)
2. What is Broken Authentication (2:57)
3. What is Sensitive Data Exposure (5:33)
4. What is XML External Entities (2:43)
5. What is Broken Access Control (4:11)
6. What is Security Misconfiguration (2:24)
7. What is Cross Site Scripting (XSS) (3:52)
8. What is Insecure Deserialization (2:07)
9. What is Using Components with Known Vulnerabilities (2:11)
10. What is Insufficient Logging and Monitoring (3:03)

3. Burp Suite and Lab Setup

1. Burp Suite Proxy Lab Setup (17:11)

4. Authentication Bypass

1. Authentication Bypass Exploitation Live -1 (5:46)
2. Authentication Bypass Exploitation Live -2 (4:23)
3. Authentication Bypass Exploitation Live -3 (2:51)
4. Authentication Bypass Exploitation Live -4 (3:40)
5. Authentication Bypass Exploitation Live -5 (4:33)
6. Authentication Bypass Exploitation Captcha (2:48)
7. Authentication Bypass to Account Takeover Live -1 (5:35)
8. Authentication Bypass to Account Takeover Live -2 (3:52)
9. Authentication Bypass due to OTP Exposure Live -1 (4:10)
10. Authentication Bypass due to OTP Exposure Live -2 (3:14)
11. Authentication Bypass 2FA Bypass Live (3:40)
12. Authentication Bypass - Email Takeover Live (5:58)
13. Authentication Bypass Mitigations (1:58)
14. Authentication Bypass Interview Questions and Answers (4:16)

5. No Rate-Limit Attacks

1. No Rate-Limit leads to Account Takeover Live Type-1 (12:30)
2. NO RL Alternative Tools Introduction (1:57)
3. No Rate-Limit leads to Account Takeover Live Type -2 (9:53)
4. No Rate-Limit leads to Account Takeover Live Type -3 (5:34)
5. No Rate-Limit leads to Account Takeover Live Type -4 (5:15)
6. No Rate-Limit leads to Account Takeover Live Type -5 (5:26)
7. No Rate-Limit to Account Takeover Live - Type 6 (6:58)
8. No Rate-Limit to Account Takeover Live - Type 7 (6:10)
9. No Rate-Limit Instagram Report Breakdown (0:55)
10. No Rate-Limit Instagram Report Breakdown 2 (4:15)
11. No Rate Limit Bypass Report Breakdown (5:29)
12. No Rate Limit Bypass Report Breakdown 2 (5:21)
13. No Rate-Limit to Tool Fake IP Practical (4:02)
14. No Rate-Limit test on CloudFare (4:08)
15. No Rate-Limit Mitigations (2:03)
16. No Rate-Limit All Hackerone Reports Breakdown (5:15)
17. Burp Alternative OWASP ZAP Proxy for No RL (12:23)

6. Cross Site Scripting (XSS)

1. How XSS Works (6:15)
2. Reflected XSS on Live 1 (3:12)
3. Reflected XSS on Live 2 (1:36)
4. Reflected XSS on Live Manual Balancing (9:52)
5. Reflected XSS on Live 3 Balanced (3:40)
6. XSS on Limited Inputs Live 1 (3:20)
7. XSS on Limited Inputs Live 2 (2:51)
8. XSS in Request Headers - Live (3:47)
9. Reflected XSS Useragent and Caching (6:41)
10. Reflected XSS Email Validator Live (4:49)
11. Reflected XSS Protection Bypass Live 1 - Base64 (5:36)
12. Reflected XSS Protection Bypass Live -2 (5:18)
13. XSS using Spider (6:30)
14. XSS Bypass Right Click Disabled (4:16)
15. Blind XSS Exploitation (5:54)
16. Stored XSS Exploitation Live (9:19)
17. DOM XSS Name (6:11)
18. DOM XSS Redirect (2:20)
19. DOM XSS Index (2:50)
20. DOM XSS Automated Scanner (12:05)
21. XSS on Live by Adding Parameters (3:22)
22. XSS Mouse on Lab (2:54)
23. XSS Mouse Live (1:44)
24. XSS Mouse Events All Types (3:25)
25. XSS Polyglots Live (6:54)
26. XSS Polyglots Breakdown (2:17)
27. XSS Exploitation - URL Redirection (4:38)
28. XSS Exploitation - Phishing (4:05)
29. XSS Exploitation Cookie Stealer Lab (10:14)
30. XSS Exploitation Cookie Stealer Live (8:35)
31. XSS Exploitation File Upload Type -2 (3:08)
32. XSS Exploitation File Upload Type -3 (6:32)
33. XSS Exploitation File Upload Type- 1 (3:23)
34. XSS Mitigations (2:19)
35. XSS Bonus TIPS and TRICKS (5:13)
36. XSS Hackerone ALL Reports Breakdown (8:31)
37. XSS Interview Questions and Answers (7:46)

7. Cross Site Request Forgery (CSRF)

1. How CSRF Works (4:53)
2. CSRF Alternative Tools Introduction (2:17)
3. CSRF on LAB (2:54)
4. CSRF on LAB - 2 (9:09)
5. CSRF on Live -1 (1:30)
6. CSRF on Live -2 (10:12)
7. CSRF Password Change Lab (3:28)
8. CSRF Funds Transfer Lab (3:05)
9. CSRF Request Methods Trick - Lab (3:32)
10. CSRF to Account Takeover Live -1 (7:12)
11. CSRF to Account Takeover Live -2 (7:38)
12. Chaining CSRF with XSS (2:27)
13. CSRF Mitigations (3:26)
14. CSRF BONUS Tips and Tricks (2:11)
15. CSRF ALL Hackerone Reports Breakdown (13:17)
16. CSRF Interview Questions and Answers (6:06)
17. Alternative to Burpsuite for CSRF CSRF PoC Generator (13:01)

8. Cross Origin Resource Sharing (CORS)

1. How CORS Works (3:16)
2. CORS 3 Test Cases Fundamentals (8:51)
3. CORS Exploitation Live -2 Exfiltration of Account Details (2:31)
4. CORS Exploitation Live -3 Exfiltration of Account Details (4:59)
5. CORS Live Exploitation -4 (1:45)
6. CORS Exploitation Facebook Live (2:04)
7. CORS Live Prefix Match (4:00)
8. CORS Live Suffix Match (4:11)
9. CORS Mitigations (2:13)
10. CORS Breakdown of ALL Hackerone Reports (10:55)

9. How to start with Bug Bounty Platforms and Reporting

1. BugCrowd ROADMAP (17:41)
2. Hackerone ROADMAP (8:57)
3. Open Bug Bounty ROADMAP (8:00)
4. NCIIPC Govt of Inida ROADMAP (8:27)
5. RVDP All Websites ROADMAP (6:25)

10. Exploitation of CVE 2020-5902 Remote Code Execution

1. Exploitation (10:36)
2. Assets & Resources (9:24)
3. Final Words (3:30)

11. Exploitation of CVE 2020-3452 File Read

1. Exploitation of CVE 2020-3452 File Read (19:23)

12. Exploitation of CVE 2020-3187 File Delete

1. Exploitation of CVE 2020-3187 File Delete (8:44)

Teach online with

1. Exploitation

Lesson content locked

If you're already enrolled, you'll need to login.

Enroll in Course to Unlock