Overview What You Will Learn Curriculum Instructor

Course Overview

Welcome to the Ethical Hacking / Penetration Testing and Bug Bounty Hunting course. This course covers web application attacks and how to earn bug bounties. There is no prerequisite of prior hacking knowledge, and you will be able to perform web attacks and hunt bugs on live websites and secure them. This course is not like other hacking or penetration testing course with outdated vulnerabilities and only lab attacks. This contains maximum live websites to make you comfortable with the Live Hunting Environment. 

This course will start with the basic principles of each vulnerability and how to attack them using multiple bypass techniques. In addition to exploitation, you will also learn how to fix them. This course is highly practical and is made on Live websites to give you the exact environment when you start your penetrating testing or bug-hunting journey. This course will begin with the basics of OWASP to the exploitation of vulnerabilities leading to Account Takeover on live websites. This course is divided into a number of sections, each section covers how to hunt, exploit and mitigate a vulnerability in an ethical manner. After the identification of a vulnerability, you will learn how to exploit it to leverage its maximum severity. We will also learn how to fix vulnerabilities that are commonly found on websites on the internet. In this course, you will also learn how can you start your journey on many famous bug-hunting platforms like BugCrowd, HackerOne, and Open Bug Bounty. Along with this, you will be able to hunt and report vulnerabilities to the NCIIPC Government of India, also to private companies, and to their responsible disclosure programs. You will also learn advanced techniques to bypass filters and the developer's logic for each kind of vulnerability. I have also shared personal tips and tricks for each attack where you can trick the application and find bugs quickly. This course also includes the Breakdown of all HackerOne Reports which are found and submitted by other hackers for better understanding as we will cover each type of technique in the course. 

This course also includes important interview questions and answers which will be helpful in any penetrating testing job interview. 

What You Will Learn

  • Tips and Tricks to hunt bugs
  • BreakDown of HackerOne Reports for better understanding
  • Interview Preparation Questions Answers and Approach
  • Intercepting requests using a BurpSuite proxy
  • Gaining full control over target server using Authentication Bypass Attacks
  • Gaining full control over target server using Captcha Bypass Attacks
  • Discovering Vulnerabilities
  • technologies & services used on target website.
  • Hunting basic XSS Vulnerabilities on Live Environments
  • Exploiting and performing Account Takeovers on Live websites
  • Perform Complete Account Takeover using CSRF on Lab

Program Curriculum

  • Course Introduction
  • Disclaimer
  • $7 Million Cybersecurity Scholarship by EC-Council

  • What is OWASP and Injection?
  • What is Broken Authentication?
  • What is Sensitive Data Exposure?
  • What is XML External Entities?
  • What is Broken Access Control?
  • What is Security Misconfiguration?
  • What is Cross Site Scripting (XSS)?
  • What is Insecure Deserialization?
  • What is Using Components with Known Vulnerabilities?
  • What is Insufficient Logging and Monitoring?
  • Chapter 2 Quiz

Burp Suite Proxy Lab Setup

  • Authentication Bypass Exploitation Live - 1
  • Authentication Bypass Exploitation Live - 2
  • Authentication Bypass Exploitation Live - 3
  • Authentication Bypass Exploitation Live - 4
  • Authentication Bypass Exploitation Live - 5
  • Authentication Bypass Exploitation Captcha
  • Authentication Bypass to Account Takeover Live - 1
  • Authentication Bypass to Account Takeover Live - 2
  • Authentication Bypass Due to OTP Exposure Live - 1
  • Authentication Bypass Due to OTP Exposure Live - 2
  • Authentication Bypass 2FA Bypass Live
  • Authentication Bypass - Email Takeover Live
  • Authentication Bypass Mitigations
  • Authentication Bypass Interview Questions and Answers
  • Chapter 4 Quiz

  • No Rate-Limit Leads to Account Takeover Live Type - 1
  • NO RL Alternative Tools Introduction 2
  • No Rate-Limit Leads to Account Takeover Live Type - 2
  • No Rate-Limit Leads to Account Takeover Live Type - 3
  • No Rate-Limit Leads to Account Takeover Live Type - 4
  • No Rate-Limit Leads to Account Takeover Live Type - 5
  • No Rate-Limit to Account Takeover Live - Type 6
  • No Rate-Limit to Account Takeover Live - Type 7
  • No Rate-Limit Instagram Report Breakdown
  • No Rate-Limit Instagram Report Breakdown 2
  • No Rate-Limit Bypass Report Breakdown
  • No Rate-Limit Bypass Report Breakdown 2
  • No Rate-Limit to Tool Fake IP Practical
  • No Rate-Limit Test on CloudFare
  • No Rate-Limit Mitigations
  • No Rate-Limit All HackerOne Reports Breakdown
  • Burp Alternative: OWASP ZAP Proxy for No RL
  • Chapter 5 Quiz

  • How XSS Works?
  • Reflected XSS on Live 1
  • Reflected XSS on Live 2
  • Reflected XSS on Live Manual Balancing
  • Reflected XSS on Live 3 Balanced
  • XSS on Limited Inputs Live 1
  • XSS on Limited Inputs Live 2
  • XSS in Request Headers - Live
  • Reflected XSS Useragent and Caching
  • Reflected XSS Email Validator Live
  • Reflected XSS Protection Bypass Live - 1 - Base64
  • Reflected XSS Protection Bypass Live - 2
  • XSS Using Spider
  • XSS Bypass Right Click Disabled
  • Blind XSS Exploitation
  • Stored XSS Exploitation Live
  • DOM XSS Name
  • DOM XSS Redirect
  • DOM XSS Index
  • DOM XSS Automated Scanner
  • XSS on Live by Adding Parameters
  • XSS Mouse on Lab
  • XSS Mouse Live
  • XSS Mouse Events All Types
  • XSS Polyglots Live
  • XSS Polyglots Breakdown
  • XSS Exploitation - URL Redirection
  • XSS Exploitation - Phishing
  • XSS Exploitation Cookie Stealer Lab
  • XSS Exploitation Cookie Stealer Live
  • XSS Exploitation File Upload Type - 1
  • XSS Exploitation File Upload Type - 2
  • XSS Exploitation File Upload Type - 3
  • XSS Mitigations
  • XSS Bonus TIPS and TRICKS
  • XSS HackerOne ALL Reports Breakdown
  • XSS Interview Questions and Answers
  • Chapter 6 Quiz

  • How CSRF Works?
  • CSRF Alternative Tools Introduction
  • CSRF on LAB
  • CSRF on LAB - 2
  • CSRF on Live - 1
  • CSRF on Live - 2
  • CSRF Password Change Lab
  • CSRF Funds Transfer Lab
  • CSRF Request Methods Trick - Lab
  • CSRF to Account Takeover Live - 1
  • CSRF to Account Takeover Live - 2
  • Chaining CSRF with XSS
  • CSRF Mitigations
  • CSRF BONUS Tips and Tricks
  • CSRF ALL HackerOne Reports Breakdown
  • CSRF Interview Questions and Answers
  • Alternative to Burp Suite for CSRF: CSRF PoC Generator
  • Chapter 7 Quiz

  • How CORS Works?
  • CORS 3 Test Cases Fundamentals
  • CORS Exploitation Live - 1 Exfiltration of Account Details
  • CORS Exploitation Live - 2 Exfiltration of Account Details
  • CORS Live Exploitation - 3
  • CORS Exploitation Facebook Live
  • CORS Live Prefix Match
  • CORS Live Suffix Match
  • CORS Mitigations
  • CORS Breakdown of ALL HackerOne Reports
  • Chapter 8 Quiz

  • BugCrowd ROADMAP
  • HackerOne ROADMAP
  • Open Bug Bounty ROADMAP
  • NCIIPC Govt of India ROADMAP
  • RVDP All Websites ROADMAP

  • Exploitation
  • Assets & Resources
  • Final Words

  • Exploitation of CVE 2020-3452 File Read
  • Exploitation of CVE 2020-3187 File Delete
  • Chapter 11 Quiz

  • Exploitation of CVE 2020-3187 File Delete
  • Chapter 12 Quiz
Load more modules

Instructor

RLBC

Founded in 2019, RLBC is a content production consulting company based in Versailles, France. RLBC works with a team of SME professionals in the fields of Fintech, IT, and content marketing. The company produces digital education content for on-trend SME topics. For the NFT data science subject matter the team, better known as the NFT Guys, includes George, an IT industry veteran leading and managing engineering teams in the cybersecurity-critical sector from Brussels, who is well-versed in creating NFTs, and Robert, a veteran Fintech lecturer and maître conferencier in finance & accounting from New York. Robert is the author of Fashion and Art Coins published on pages 115 – 120 of Edmunds, John C., Editor (2020) Rogue Money and the Underground Economy, An Encyclopedia of Alternative and Cryptocurrencies, Greenwood: ABC – CLIO.

Join over 1 Million professionals from the most renowned Companies in the world!

certificate

Empower Your Learning with Our Flexible Plans

Invest in your future with our flexible subscription plans. Whether you're just starting out or looking to enhance your expertise, there's a plan tailored to meet your needs. Gain access to in-demand skills and courses for your continuous learning needs.

Monthly Plans
Annual Plans
Save 20% with our annual plans!

Pro

Ideal for continuous learning, offering extensive resources with 600+ courses and diverse Learning Paths to enhance your skills.

$ 499.00
Billed annually or $59.00 billed monthly
Get Started Now
Start your 7-day trial for $1

What is included

  • 700+ Premium Short Courses
  • 50+ Structured Learning Paths
  • Validation of Completion with all courses and learning paths
  • New Courses added every month
Early Access Offer

Pro +

Experience immersive learning with Practice Labs, CTF Challenges, and exclusive EC-Council certifications for comprehensive skill-building.

$ 599.00
Billed annually or $69.00 billed monthly
Get Started Now
Start your 7-day trial for $1

Everything in Pro and

  • 800+ Practice Lab exercises with guided instructions
  • 150+ CTF Challenges with detailed walkthroughs
  • New Practice Labs and Challenges added every month
  • 3 Official EC-Council Essentials Certifications¹ (retails at $897!)
    Exclusive Bonus with Annual Plans

¹This plan includes Digital Forensics Essentials (DFE), Ethical Hacking Essentials (EHE), and Network Defense Essentials (NDE) certifications. No other EC-Council certifications are included.

Related Courses

  • 15 Must Have Tools for Pentesters

    15 Must Have Tools for Pentesters

    Short Course

    15 Must Have Tools for Pentesters

    Vulnerability Assessment and Pentesting

    Upgrade your penetration testing skillset by adopting the bes...

    $59.99

    Intermediate

    9 hr 15 m

  • Kali for Penetration Testers

    Kali for Penetration Testers

    Short Course

    Kali for Penetration Testers

    Vulnerability Assessment and Pentesting

    Ethical Hacking with Kali Linux

    $69.99

    Beginner

    6 hr 49 m

  • Hacking WEP/WPA/WPA2 Wi-Fi Networks Using Kali Linux 2

    Hacking WEP/WPA/WPA2 Wi-Fi Networks Using Kali Linux 2

    Short Course

    Hacking WEP/WPA/WPA2 Wi-Fi Networks Using Kali Linux 2

    Vulnerability Assessment and Pentesting

    The comprehensive course to secure & crack WEP/WPA/WPA2 k...

    $69.99

    Intermediate

    5 hr 12 m

  • Getting Started with Bug Bounty Hunting

    Getting Started with Bug Bounty Hunting

    Short Course

    Getting Started with Bug Bounty Hunting

    Vulnerability Assessment and Pentesting

    Perfect Guide for Making You a Noob to Pro Bug Hunter

    $79.99

    Beginner

    2 hr 45 m

  • Web Hacker’s Toolbox: Tools Used by Successful Hackers

    Web Hacker’s Toolbox: Tools Used by Successful Hackers

    Short Course

    Web Hacker’s Toolbox: Tools Used by Successful Hackers

    Vulnerability Assessment and Pentesting

    Discover the Tools Used by Successful Hackers and Learn How t...

    $59.99

    Intermediate

    3 hr 4 m

  • Full-Stack Attacks on Modern Web Applications

    Full-Stack Attacks on Modern Web Applications

    Short Course

    Full-Stack Attacks on Modern Web Applications

    Vulnerability Assessment and Pentesting

    Learn About HTTP Parameter Pollution, Subdomain Takeover, and...

    $59.99

    Intermediate

    0 hr 59 m

  • Learn Hacking Using Raspberry Pi from Scratch

    Learn Hacking Using Raspberry Pi from Scratch

    Short Course

    Learn Hacking Using Raspberry Pi from Scratch

    Vulnerability Assessment and Pentesting

    Improve your Ethical Hacking Skills by using your portable Ra...

    $69.99

    Beginner

    8 hr 20 m

  • Digital Forensics for Pentesters - Hands-on Learning

    Digital Forensics for Pentesters - Hands-on Learning

    Short Course

    Digital Forensics for Pentesters - Hands-on Learning

    Vulnerability Assessment and Pentesting

    Detect and backtrack cyber criminals and hackers with digital...

    $69.99

    Beginner

    5 hr 10 m

1 8