Penetration Testing & Bug Bounty Hunting
Become a bug bounty hunter! Pentest websites & web applications like black hat and secure them like experts – Penetration Testing & Bug Bounty Hunting.
Note: The contents of this course are not covered in any of my other courses except for some basics. Although website penetration is covered in one of my other courses, that course only covers the basics where this course dives much deeper in this topic covering more techniques, more vulnerabilities, advanced exploitation, advanced post exploitation, bypassing security and more!
Welcome to my this comprehensive course on Website penetration testing. In this course you’ll learn website / web applications Penetration & Bug Bounty hunting! This course assumes you have NO prior knowledge in Penetration, and by the end of it you’ll be at a high level, being able to Pentest & discover bugs in websites like black-hat and secure them like security experts!
This course is highly practical but it won’t neglect the theory, first you’ll learn how to install the needed software (on Windows, Linux and Mac OS X) and then we’ll start with websites basics, the different components that make a website, the technologies used, and then we’ll dive into website Penetration straight away. From here onwards you’ll learn everything by example, by discovering vulnerabilities and exploiting them to pentest into websites, so we’ll never have any dry boring theoretical lectures.
What you’ll learn
- Install lab & needed software (works on Windows, OS X and Linux).
- Discover, exploit and mitigate a number of dangerous vulnerabilities.
- Use advanced techniques to discover and exploit these vulnerabilities.
- Bypass security measurements and escalate privileges.
- Intercept requests using a proxy.
- Pentest all websites on same server.
- Bypass filters and client-side security
- Adopt SQL queries to discover and exploit SQL injections in secure pages
- Gain full control over target server using SQL injections
- Discover & exploit blind SQL injections
- Install Kali Linux – a penetration testing operating system
- Install windows & vulnerable operating systems as virtual machines for testing
- Learn linux commands and how to interact with the terminal
- Learn linux basics
- Understand how websites & web applications work
- Understand how browsers communicate with websites
- Gather sensitive information about websites
- Discover servers, technologies and services used on target website
- Discover emails and sensitive data associated with a specific website
- Find all subdomains associated with a website
- Discover unpublished directories and files associated with a target website
- Find all websites hosted on the same server as the target website
- Discover, exploit and fix file upload vulnerabilities
- Exploit advanced file upload vulnerabilities & gain full control over the target website
- Discover, exploit and fix code execution vulnerabilities
- Exploit advanced code execution vulnerabilities & gain full control over the target website
- Discover, exploit & fix local file inclusion vulnerabilities
- Exploit advanced local file inclusion vulnerabilities & gain full control over the target website
- Exploit advanced remote file inclusion vulnerabilities & gain full control over the target website
- Discover, fix, and exploit SQL injection vulnerabilities
- Bypass login forms and login as admin using SQL injections
- Writing SQL queries to find databases, tables and sensitive data such as usernames ad passwords using SQL injections
- Bypass filtering, and login as admin without password using SQL injections
- Bypass filtering and security measurements
- Read / Write files to the server using SQL injections
- Patch SQL injections quickly
- Learn the right way to write SQL queries to prevent SQL injections
- Discover basic & advanced reflected XSS vulnerabilities
- Discover basic & advanced stored XSS vulnerabilities
- Discover DOM-based XSS vulnerabilities
- How to use BeEF framwork
- Hook victims to BeEF using reflected, stored and DOM based XSS vulnerabilities
- Steal credentials from hooked victims
- Create an undetectable backdoor
- Introduction into hooked computers and gain full control over them
- Fix XSS vulnerabilities & protect yourself from them as a user
- What do we mean by brute force & wordlist attacks
- Create a wordlist or a dictionary
- Launch a wordlist attack and guess admin’s password
- Discover all of the above vulnerabilities automatically using a web proxy
- Run system commands on the target webserver
- Access the file system (navigate between directories, read/write files)
- Download, upload files
- Bypass security measurements
- Access all websites on the same webserver
- Connect to the database and execute SQL queries or download the whole database to the local machine
- Basic IT Skills
- No Linux, programming or Penetration knowledge required.
- Computer with a minimum of 4GB ram/memory
- Operating System: Windows / OS X / Linux
Who this course is for:
- Anybody who is interested in learning website & web application Pentesting / penetration testing
- Anybody who wants to learn how Black hat Pentest websites
- Anybody who wants to learn how to secure websites & web applications from black hat.
- Web developers so they can create secure web application & secure their existing ones
- Web admins so they can secure their websites