|
Introduction
|
|
|
|
Know Your Trainer
2:00
|
|
|
Cache Control Misconfiguration
|
|
|
|
Theory Lecture : Cache Misconfiguration
|
|
|
|
Cache Control Live Exploitation -1
|
|
|
|
Cache Control Live Exploitation -2
|
|
|
|
Cache Control Live Exploitation -3
|
|
|
|
Cache Control Live Exploitation -4
|
|
|
Cryptographic Flaws
|
|
|
|
Theory Lecture 1 : What is Cryptography and Weak Password reset implementation
8:00
|
|
|
|
Weak Password Reset Bug Live Exploit-1
1:00
|
|
|
|
Weak Password Reset Bug Live Exploit-2
1:00
|
|
|
|
Theory Lecture 2 : What is Cryptography and Weak User Registration Implementation (Case 2)
2:00
|
|
|
|
Weak User Registration Implementation Bug Live Exploit-1
3:00
|
|
|
Lack Of Password Confirmation
|
|
|
|
Theory Lecture 1 : Lack Of Password Confirmation
7:00
|
|
|
|
Lack Of Password Confirmation Bug Live Exploit-1
|
|
|
|
Lack Of Password Confirmation Bug Live Exploit-2
|
|
|
|
Lack Of Password Confirmation Bug Live Exploit-3
|
|
|
|
Lack Of Password Confirmation Bug Live Exploit-4
|
|
|
|
Lack Of Password Confirmation Bug Live Exploit-5
1:00
|
|
|
Password Token Not Expire
|
|
|
|
Theory Lecture 1 : Password Reset Token Not Expire
5:00
|
|
|
|
Password Reset Token Not Expire Bug Live Exploit-1
2:00
|
|
|
Sensitive Token Leak Through Referer
|
|
|
|
Theory Lecture 1 : Sensitive Token Leak Through Referer
10:00
|
|
|
|
Sensitive Token Leak Through Referer Live Exploit
2:00
|
|
|
Weak Password Policy
|
|
|
|
Theory Lecture 1 :Weak Password Policy Implementation during Registration (Case 1)
3:00
|
|
|
|
Weak Password Policy Implementation during Registration Live Exploit
1:00
|
|
|
|
Theory Lecture 2 :Weak Password Policy Implementation on Password Reset Function (Case 2)
1:00
|
|
|
|
Weak Password Policy Implementation on Password Reset Function Live Exploit
2:00
|
|
|
|
Recommended Policy
2:00
|
|
|
Getting Started with Burp Suite
|
|
|
|
Burp Suite Introduction and Configuration
10:00
|
|
|
No Rate Limit
|
|
|
|
Theory Lecture 1 : What is Rate Limit and What is No Rate Limit Vulnerability (Case 1)
13:00
|
|
|
|
No Rate Limit Live Exploit-1
1:00
|
|
|
|
No Rate Limit Live Exploit-2
3:00
|
|
|
|
No Rate Limit Live Exploit-3
3:00
|
|
|
|
Theory Lecture 2 : No Rate Limit Vulnerability on Password Change Request (Case 2)
5:00
|
|
|
|
No Rate Limit Password Change Functionality Live Exploit-1
5:00
|
|
|
|
Theory Lecture 3 : No Rate Limit Vulnerability (Bonus Cases)
12:00
|
|
|
Session Management Issues
|
|
|
|
Theory Lecture 1 : What is Session and Failure to Invalidate Session Type of Bug (Case 1)
15:00
|
|
|
|
Failure to Invalidate Session Case 1 Live Exploitation -1
1:00
|
|
|
|
Failure to Invalidate Session Case 1 Live Exploitation -2
3:00
|
|
|
|
Failure to Invalidate Session Case 1 Live Exploitation -3
5:00
|
|
|
|
Failure to Invalidate Session Case 1 Live Exploitation -4
1:00
|
|
|
|
Failure to Invalidate Session Case 1 Live Exploitation -5
2:00
|
|
|
|
Failure to Invalidate Session Case 1 Live Exploitation -6
3:00
|
|
|
|
Failure to Invalidate Session Case 1 Live Exploitation -8
2:00
|
|
|
|
Failure to Invalidate Session Case 1 Live Exploitation -7
2:00
|
|
|
|
Theory Lecture 2 : Failure to Invalidate Session Type of Bug on Log Out (Case 2)
2:00
|
|
|
|
Failure to Invalidate Session Case 2 Live Exploitation-1
1:00
|
|
|
|
Failure to Invalidate Session Case 2 Live Exploitation-2
4:00
|
|
|
|
Theory Lecture 3 : Failure to Invalidate Session Stealing (Case 3)
1:00
|
|
|
|
Failure to Invalidate Session Case 3 Live Exploitation-1
3:00
|
|
|
|
Failure to Invalidate Session Case 3 Live Exploitation-2
2:00
|
|
|
OAuth Misconfiguration
|
|
|
|
Theory Lecture 1 : What is OAuth Misconfiguration ?
5:00
|
|
|
|
Case 1- OAuth Misconfiguration- Account Takeover Theory
4:00
|
|
|
|
Case 1: OAuth Misconfiguration Leads to Account Takeover Live Exploit
5:00
|
|
|
|
Case 2- OAuth Misconfiguration- Account Takeover Theory
3:00
|
|
|
|
Case 2: OAuth Misconfiguration Live Exploit-1
5:00
|
|
|
|
Case 2: OAuth Misconfiguration Live Exploit -2
3:00
|
|
|
|
Case 3- OAuth Misconfiguration Leads to 2 Factor Authentication (2FA) Bypass Theory
4:00
|
|
|
|
Case 3: OAuth Misconfiguration Leads to 2 Factor Authentication (2FA) Bypass Live Exploit
1:00
|
|
|
Mail Server Misconfiguration
|
|
|
|
Theory Lecture 1 : DMARC, SPF and DKIM
9:00
|
|
|
|
Case 1: DMARC policy not enabled Live Exploit-1
3:00
|
|
|
|
Case 1: DMARC policy not enabled Live Exploit-2
1:00
|
|
|
|
DMARC policy not enabled : How hacker will exploit this bug?
3:00
|
|
|
Some Bonus Bugs
|
|
|
|
Theory Lecture 1 : Captcha Bypass
2:00
|
|
|
|
Captcha Bypass Live Exploit
3:00
|
|
|
|
Theory Lecture 2 : Account Takeover Through Password Reset Link
2:00
|
|
|
|
Account Takeover Through Password Reset Link Live Exploit
1:00
|
|
|
|
Theory Lecture 3 : Sensitive Data Exposure : EXIF
5:00
|
|
|
|
Sensitive Data Exposure : EXIF Live Exploit
1:00
|
|
|
Bug Bounty Hunter Methodology and Reporting
|
|
|
|
Theory Lecture 1 : Bug Hunter’s Methodology to find targets
|
|
|
|
How to Start in Bugcrowd?
17:00
|
|
|
|
How to Start at Hackerone Platform?
12:00
|
|
|
|
How to Start in Responsible Vulnerability Disclosure Programs (RVDP)?
8:00
|
|
|
|
How to Start in NCCIPC Government of India?
4:00
|
|
|
|
Google Hacking
11:00
|
|
|
Clickjacking [To be added soon]
|
|
|
URL Redirect [To be added soon]
|
|