Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Bug Bounty Hunting Methodology - Jason Haddix from Bugcrowd's LevelUp

Bugcrowd via YouTube

Overview

Dive into advanced bug bounty hunting and web hacking techniques in this comprehensive conference talk from Bugcrowd's LevelUp 2017. Explore a wide range of topics, including subdomain enumeration with Sublist3r, port scanning, visual identification, platform identification, CVE searching, content discovery, and directory bruting. Learn about various attack vectors such as XSS (Cross-Site Scripting), including blind XSS and XSS polyglots, SSTI (Server-Side Template Injection), SSRF (Server-Side Request Forgery), and code injection. Discover tools like XSSHunter and Backslash Powered Scanner, and gain insights into subdomain takeovers and AWS misconfigurations. Enhance your bug hunting skills with this in-depth methodology presented by Jason Haddix, covering everything from initial reconnaissance to advanced exploitation techniques.

Syllabus

Intro
history && topics
light reading
Sublist3r
Sub Scraping (bespoke)
Sub Bruting
Acquisitions
Port Scanning
Visual Identification
Platform identification and CVE searching
Content Discovery/ Directory Bruting
Parameter Bruting?
XSS (not a lot)
Blind XSS
XSSHunter
XSS Polyglot #4
Jackmasa's
SSTI
SSRF (GET examples)
SSRF Resources
Code Injection.CMD
Backslash Powered Scanner
Subdomain takeover!
Robbing Misconfigured Sh** (AWS)

Taught by

Bugcrowd

Reviews

Start your review of Bug Bounty Hunting Methodology - Jason Haddix from Bugcrowd's LevelUp

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.