CVE's for Ethical Hacking Bug Bounties & Penetration Testing

Requirements Basic IT Skills. No Linux, programming, or hacking skills required. This course covers web application hacking and how to get bug bounties through the exploitation of CVEs on bug bounty programs. You don't need to have hacking experience. You will be able perform web attacks, hunt bugs on live websites, and secure them.

This course is not like any other hacking or penetration test course. It does not contain outdated vulnerabilities and only lab attacks. This course includes maximum live websites to allow you to feel comfortable in the Live Hunting Environment.
This course will cover the basics of CVE Introduction, CVSS Score and Severity, Priority, and dive into advance exploitation of CVEs.
This course is extremely practical and is taught on Live websites. It will give you the exact environment you need to begin your bug hunting or penetrating testing journey.

We will begin with the basics of CVEs, How to set Burp Suite Proxy to intercept packets and then move on to the exploit of vulnerabilities that can lead to High Severity bugs on live websites.

This course is divided into several sections. Each section covers ethically hunting, exploiting, and reporting a vulnerability.

Once we have identified a vulnerability, we will exploit it to get the maximum severity.

This course will teach you how to start your journey on bug hunting platforms such as Bugcrowd, Hackerone, and Open Bug Bounty.
You will also be able report vulnerabilities to the NCIIPC Government of India as well as to private companies and their responsible disclosure programs.
You will also learn advanced techniques to bypass filters and the developers logic that are used for each type of vulnerability. I also shared my personal tips and tricks to each attack so you can quickly trick the application and find bugs.

This course also includes the Breakdown all Hackerone Reports that are submitted by hackers to better understand each technique.
This course also contains important interview questions and answers that will be useful in any job interview for penetration testing jobs.
Here's a detailed breakdown of the course content.
We will begin the basic principle of attack, exploit and reporting in all sections.

We will be covering the basics of setting up Environment and how to use our browser to identify vulnerabilities.

1. We will be discussing Bugcrowd VRT and its pros and cons, as well as how you can help the VRT. We will also be discussing CVSS Score, the parameters that determine severity, CIA Triad, and CVSS Calculator.

2. Shodan for Bug Bounties will teach us about Shodan Queries and Shodan GUI, which is very easy to understand. Shodan Images, Exploits, Report generation, and many other features will be available to help expand our ability to identify more assets.

3. Similar to Shodan's Censys for Bug Bounties, we will learn about Censys Queries and use Censys GUI, which is very easy and understandable, to increase our ability to identify more assets.

4. Certificate Transparency will teach us about crt[dot]sh wildcards and how to automate crt[dot]sh subdomains for a target.

5. Microweber CVEs will show you how to identify vulnerabilities in Apache-based CMS. We also exploit a High severity vulnerability that allows any unauthenticated attacker to access sensitive database details. These details include the username and password of the server, as well as more sensitive information.

6. JIRA CVE's will show you how to identify vulnerabilities in targets that use atlassian-based software configurations. Any unauthenticated attacker can exploit this vulnerability to gain sensitive information about the server, including Bugs filed, Custom SLA names and User enumeration. This could expose even more sensitive information.

7. We will be discussing Maracms CVEs and how to identify vulnerabilities in targets that are using an older version of maracms. This vulnerability is susceptible to reflected cross-site scripting vulnerability. Any unauthenticated attacker can exploit this vulnerability to launch XSS attacks that can expose more sensitive information.

8. We will be discussing Icewarp CVEs and how to identify vulnerabilities in targets that are using an older version of Icewarp, which is susceptible to the reflected cross-site scripting vulnerability. Any unauthenticated attacker can exploit this vulnerability to launch XSS attacks that can expose more sensitive information.

9. BigIP CVE's will teach us about the F5 Big IP Servers critical flaw and how an attacker can exploit it to gain maximum privileges. Remote code execution attacks can be performed by any unauthenticated attacker, which can expose more sensitive information.

10. Cisco CVE's will teach us about the critical vulnerability in Cisco Servers and how an attacker can exploit it to gain privileges. We will learn how to exploit the file read/file delete vulnerability. This vulnerability allows an unauthenticated attacker to read files from the server as well as delter files. This can be used to attack the server with Denial of Service attacks.

11. SAP CVE's will teach us about the critical vulnerability in SAP Servers and how an attacker can exploit it to gain root and user privileges on the server. Unauthenticated attackers can exploit this vulnerability to gain access to sensitive information about all users and perform sensitive actions on the target system.

12. Kubernetes CVEs will teach us about the Kubernetes Servers High Vulnerability and how an attacker can exploit it to access kubectl files on the server. Any unauthenticated attacker can exploit this vulnerability to gain access to sensitive information about the Kubectl servers.

13. We will be discussing Bug Bounty Roadmap and how you can sign up on them. This will allow you to begin your journey as security researcher and identify vulnerabilities. You will learn about platforms such as Bugcrowd and Hackerone, Synack and Open Bug Bounty.

13. Awesome Resources will teach us about Hackerone Hacktivity, which is a great resource for keeping up to date with the latest attack vectors and learning about publicly disclosed vulnerabilities of other hackers.

Additional BONUS sessions will be available, where I will share my personal approach to hunting bugs. The course will be continuously updated with the most recent high severity CVE's.
You can view all the videos on Live websites. This will allow you to understand the concepts and feel more comfortable working in a live setting. Interview Questions and Answers have been added for each attack. This will be useful for those who are preparing to apply for Internships or Job Interviews in the field Information Security.

Notes:
This course is educational only. All websites I have attacked are ethically reported to me and fixed.
Testing websites that don't have a Responsible Disclosure Policy violates the law and is unethical. The author also doesn't bear any responsibility.
Who is this course for?
Anyone who is interested in learning web application hacking/ penetration testing.
Any beginner who wants start with penetration testing Any beginner who wants start with bug bounty hunting Trainers who are willing to teach pentesting Any professional who works in Cyber Security and Pentesting. Any person working in Cyber Security Industry for Analyst Position, SOC person who is working in a corporate environment Developers who want to fix vulnerabilities and create secure applications