Overview
Syllabus
Bug bounty 101: CSRF can be easy.
Bug bounties 101: SSTI on tornado template engine.
Bug bounty 101: SSTI, playtime is over (server side template injection).
Bug Bounty Bits: find IDORs faster with automation (Insecure Direct Object Reference tutorial).
Bug bounties 101: The #1 skill every bounty hunter should have.
Hacking 101: single domain webapp recon with nmap, nikto and gobuster - #1.
Bug bounty's 101: What you need to know before hacking.
Bug bounty's 101: Picking a platform.
Bug bounty bits: File extension filter bypass technique.
Bug Bounties 101: how much can I earn?.
Bug bounty methodology: Google DORKs for content discovery (recon 2/3).
Bug bounty bits: Chrome developer console is gold!.
Bug bounty 101: whats an API and why should I care?.
Bug Bounty Bits: Importing H1 scope into burp (HackerOne).
LFI: Bug Bounty Bits.
The number 1 reason you are getting so many dupes in bug bounties.
How to get invited to private bug bounty programs.
How do i get private invites and bugs: YQA (Your Questions Answered).
What you NEED to know about XSS explained by 0xLupin.
IDOR on hidden functionality.
Taught by
The XSS rat