REGISTER
Cart

Offensive Bug Bounty (HKT)

3-day hands-on technical training in Phuket

Offensive Bug Bounty (HKT)

This course teaches you the complete offensive approach to hunt bugs, and covers most of the critical vulnerabilities in web & mobile applications. Some companies choose to reward a researcher with bounty, swag, or an entry in their hall-of-fame list. If you are interested in the potential of earning some bounty and bug creds, this is the course for you.

Categories , ,

$3,299.00

Duration

3-day

Delivery Method

In-Person

Level

beginner

Seats Available

20

ATTEND IN-PERSON: Onsite in Phuket

DATE: 21-23 August 2023

TIME: 09:00 to 17:00 ICT/GMT+7

Date Day Time Duration
21 Aug Monday 0900-17:00 ICT/GMT+7 8 Hours
22 Aug Tuesday 0900-17:00 ICT/GMT+7 8 Hours
23 Aug Wednesday 0900-17:00 ICT/GMT+7 8 Hours
Bug bounty Hunting is the act of finding security vulnerabilities or bugs in a website and responsibly disclosing it to that company’s security team in an ethical way.

Bug bounties, also known as responsible disclosure programs, are set up by companies to encourage people to report potential issues discovered on their sites. Some companies choose to reward a researcher with bounty, swag, or an entry in their hall-of-fame list. If you are interested in web application security, then they have a great place of honing your skills, with the potential of earning some bounty and credibility at the same time.

 

Agenda

 

Day 1 

  1. Introduction
  2. Information Gathering & Basic Terminologies 2: Recon For Bug Bounty Hunting
  3. Introduction of Burpsuite
  4. Host Header Injection
  5. URL Redirection
  6. Parameter Tampering
  7. HTML Injection
  8. File Inclusion
  9. Missing/insufficient SPF record
  10. Insecure CORS Configuration
  11. Server Side Request Forgery 13: Critical File Found
  12. Source Code Disclosure
  13. Cross Site Request Forgery 16: NO RATE LIMITING
  14. Long Password Dos Attack
  15. HSTS
  16. Insecure Direct Object Refernce

 

Day 2

  1. Comprehensive XSS
  2. Hostile Subdomain Takeover
  3. SQL Injection
  4. Command Injection
  5. File Uploading
  6. XML External Entity Injection 26: Account Lockout
  7. Advanced SQL Injection

 

Day 3

  1. Android App Dynamic Vulnerability Hunting 29: Ios App Dynamic Vulnerability Hunting
  2. Hostile Subdomain Takeover
  3. Buffer Overflow
  4. WordPress
  5. Joomla
  6. Drupal
  7. Cms Vulnerability Hunting 36: Session Fixation
  8. Conclusion

Why You Should Take This Course

This course teaches you the complete offensive approach to hunt bugs, and covers most of the critical vulnerabilities in web & mobile applications. Some companies choose to reward a researcher with bounty, swag, or an entry in their hall-of-fame list. If you are interested in the potential of earning some bounty and bug creds, this is the course for you.

Who Should Attend

  • Students,
  • Cyber Security Aspirants
  • Security Engineer
  • VAPT Employee

Prerequisite Knowledge

  • Basic of OWASP TOP 10

Hardware / Software Requirements

  • Burpsuite
  • Firefox

TRAINER

Himanshu Mehta

Head of Cyber Threat Intelligence

Hive Pro

Himanshu Mehta is currently working as the Head of Cyber Threat Intelligence at Hive Pro and is very passionate about Cyber Security and Threat Intelligence. He is the board member of the EC-Council’s Licensed Penetration Tester group and involved in several bug bounty & Capture the Flag programs around the globe. He has been invited as Chief Guest for several security events and presented his research at multiple international security conferences like RSAC USA, ICS Singapore, Hack In Paris, HITB (Amsterdam, Dubai, Abu Dhabi), SecurityFest (Sweden), InfoSecurity (London), Offzone (Moscow), NanoSec (Malaysia), DSCI, National Cyber Security Conference, Best of the world Conference & Hakon. He previously worked as a Senior Security Researcher at Darkmatter and led a global team of security intelligence at Symantec, which gave very good insight and increased his thirst into cyber-security that helped him eventually to emerge as a creative lead

Vikash Chaudhary

CEO and Founder / Director

HackersEra, India & Malaysia

Vikash Chaudhary is a Pillar of the Indian Ethical Hackers community and is responsible for a whole new generation of rising ethical hackers, a lot of whom successfully contribute to platforms like HackerOne & Bugcrowd. He’s looking to expand his mentorship for the new generation to come in this field i.e. Cyber Security, which he thinks could be a great resource to help grow the security talent pool worldwide.

He is also the author of multiple security courses:

1. “Offensive Approach to Hunt Bugs” A manual Hands-on Bug Bounty Course.

2. “Offensive Bug Bounty – Hunter 2.0”

3. “SDR Exploitation” Hands-On Penetration testing up in the air.

Recently, his name was enlisted in the “Top 100 Security Researcher of Microsoft” and his rank is 51 among top 100 security researchers around the globe.

SUPPORTING ORGANIZATION

COMMSEC TRACK SPONSOR

CTF & CTF PRIZE SPONSOR

TCP/IP RECEPTION SPONSOR

SPEAKERS DINNER BY

POST CONFERENCE RECEPTION SPONSOR

EXHIBITOR

CRESTnew-logo-2

VILLAGES

RRG-Logo.png
hardwareninja.png

FRIENDS OF HITB

HACK IN THE BOX PTE LTD

Level 36, Menara Maxis,

Kuala Lumpur City Center,

50088 Kuala Lumpur,

Malaysia

Facebook Twitter Youtube