Bug-Bounty Video Collection PDF
Bug-Bounty Video Collection PDF
Bug-Bounty Video Collection PDF
Youtube.com/IndianAnonS
T.me/DarkCoderSS
2. Basic concepts of web applications, how they work and the HTTP protocol - https://www.youtube.com/watch?v=RsQ1tFLwldY&t=7s
3. HTML basics part 1 - https://www.youtube.com/watch?v=p6fRBGI_BY0
4. HTML basics part 2 - https://www.youtube.com/watch?v=Zs6lzuBVK2w
5. Difference between static and dynamic website - https://www.youtube.com/watch?v=hlg6q6OFoxQ
6. HTTP protocol Understanding - https://www.youtube.com/watch?v=JFZMyhRTVt0
7. Parts of HTTP Request -https://www.youtube.com/watch?v=pHFWGN-upGM
8. Parts of HTTP Response - https://www.youtube.com/watch?v=c9sMNc2PrMU
9. Various HTTP Methods - https://www.youtube.com/watch?v=PO7D20HsFsY
10. Understanding URLS - https://www.youtube.com/watch?v=5Jr-_Za5yQM
11. Intro to REST - https://www.youtube.com/watch?v=YCcAE2SCQ6k
12. HTTP Request & Response Headers - https://www.youtube.com/watch?v=vAuZwirKjWs
13. What is a cookie - https://www.youtube.com/watch?v=I01XMRo2ESg
14. HTTP Status codes - https://www.youtube.com/watch?v=VLH3FMQ5BIQ
15. HTTP Proxy - https://www.youtube.com/watch?v=qU0PVSJCKcs
16. Authentication with HTTP - https://www.youtube.com/watch?v=GxiFXUFKo1M
17. HTTP basic and digest authentication - https://www.youtube.com/watch?v=GOnhCbDhMzk
18. What is “Server-Side” - https://www.youtube.com/watch?v=JnCLmLO9LhA
19. Server and client side with example - https://www.youtube.com/watch?v=DcBB2Fp8WNI
20. What is a session - https://www.youtube.com/watch?v=WV4DJ6b0jhg&t=202s
21. Introduction to UTF-8 and Unicode - https://www.youtube.com/watch?v=sqPTR_v4qFA
22. URL encoding - https://www.youtube.com/watch?v=Z3udiqgW1VA
23. HTML encoding - https://www.youtube.com/watch?v=IiAfCLWpgII&t=109s
24. Base64 encoding - https://www.youtube.com/watch?v=8qkxeZmKmOY
25. Hex encoding & ASCII - https://www.youtube.com/watch?v=WW2SaCMnHdU
Phase 3 – Setting up the lab with BurpSuite and bWAPP
MANISH AGRAWAL
IBM
F5 CENTRAL
LUKE BRINER
126. Attacking login panel with bad password - Guess username password for the website and try different combinations
127. Brute-force login panel - https://www.youtube.com/watch?v=25cazx5D_vw
128. Username enumeration - https://www.youtube.com/watch?v=WCO7LnSlskE
129. Username enumeration with bruteforce password attack - https://www.youtube.com/watch?v=zf3-pYJU1c4
130. Authentication over insecure HTTP protocol - https://www.youtube.com/watch?v=ueSG7TUqoxk
131. Authentication over insecure HTTP protocol - https://www.youtube.com/watch?v=_WQe36pZ3mA
132. Forgot password vulnerability - case 1 - https://www.youtube.com/watch?v=FEUidWWnZwU
133. Forgot password vulnerability - case 2 - https://www.youtube.com/watch?v=j7-8YyYdWL4
134. Login page autocomplete feature enabled - https://www.youtube.com/watch?v=XNjUfwDmHGc&t=33s
135. Testing for weak password policy - https://www.owasp.org/index.php/Testing_for_Weak_password_policy_(OTG-AUTHN-007)
136. Insecure distribution of credentials - When you register in any website or you request for a password reset using forgot password feature, if the
website sends your username and password over the email in cleartext without sending the password reset link, then it is a vulnerability.
137. Test for credentials transportation using SSL/TLS certificate - https://www.youtube.com/watch?v=21_IYz4npRs
138. Basics of MySQL - https://www.youtube.com/watch?v=yPu6qV5byu4
139. Testing browser cache - https://www.youtube.com/watch?v=2T_Xz3Humdc
140. Bypassing login panel -case 1 - https://www.youtube.com/watch?v=TSqXkkOt6oM
141. Bypass login panel - case 2 - https://www.youtube.com/watch?v=J6v_W-LFK1c
Phase 9 - Attacking access controls (IDOR, Priv esc, hidden files and directories)
Privilege escalation
148. What is privilege escalation - https://www.youtube.com/watch?v=80RzLSrczmc
149. Privilege escalation - Hackme bank - case 1 - https://www.youtube.com/watch?v=g3lv__87cWM
150. Privilege escalation - case 2 - https://www.youtube.com/watch?v=-i4O_hjc87Y
SQL injection
NoSQL injection
200. Introduction to NoSQL injection - https://www.youtube.com/watch?v=h0h37-Dwd_A
201. Introduction to SQL vs NoSQL - Difference between MySQL and MongoDB with tutorial - https://www.youtube.com/watch?v=QwevGzVu_zk
202. Abusing NoSQL databases - https://www.youtube.com/watch?v=lcO1BTNh8r8
203. Making cry - attacking NoSQL for pentesters - https://www.youtube.com/watch?v=NgsesuLpyOg
LDAP injection
213. Introduction and practical 1 - https://www.youtube.com/watch?v=-TXFlg7S9ks
214. Practical 2 - https://www.youtube.com/watch?v=wtahzm_R8e4
OS command injection
215. OS command injection in bWAPP - https://www.youtube.com/watch?v=qLIkGJrMY9k
216. bWAAP- OS command injection with Commiux (All levels) - https://www.youtube.com/watch?v=5-1QLbVa8YE
HTTP splitting/smuggling
223. Detailed introduction - https://www.youtube.com/watch?v=bVaZWHrfiPw
224. Demo 1 - https://www.youtube.com/watch?v=mOf4H1aLiiE
225. Generating normal error codes by visiting files that may not exist on the server - for example visit chintan.php or chintan.aspx file on any website
and it may redirect you to 404.php or 404.aspx or their customer error page. Check if an error page is generated by default web server or application
framework or a custom page is displayed which does not display any sensitive information.
226. Use BurpSuite fuzzing techniques to generate stack trace error codes - https://www.youtube.com/watch?v=LDF6OkcvBzM
Youtube.com/IndianAnonS
T.me/DarkCoderSS