+- Softwarez.Info - Software's World! (https://softwarez.info)
+-- Forum: Library Zone (https://softwarez.info/Forum-Library-Zone)
+--- Forum: Video Tutorials (https://softwarez.info/Forum-Video-Tutorials)
+--- Thread: Ethical Hacking Penetesting & Bug Bounty Hunting 2025 (/Thread-Ethical-Hacking-Penetesting-Bug-Bounty-Hunting-2025)
Ethical Hacking Penetesting & Bug Bounty Hunting 2025 - OneDDL - 05-27-2025
![[Image: 887446ec12337d1765b4284cc8f7c2ad.avif]](https://i125.fastpic.org/big/2025/0527/ad/887446ec12337d1765b4284cc8f7c2ad.avif)
Free Download Ethical Hacking Penetesting & Bug Bounty Hunting 2025
Last updated 3/2025
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz
Language: English | Size: 6.33 GB | Duration: 11h 22m
Complete Practical Course on Ethical Hacking, Penetration Testing and Bug Bounty Hunting with Live Attacks 2025
What you'll learn
OWASP 10 and Fundamentals
OWASP Top 10 2013 vs 2017
Bug Bounty Hunting - Live
Tips and Tricks to hunt bugs
BreakDown of Hackerone Reports for better understanding
Interview Preparation Questions Answers and Approach
Web Application Penetration Testing - Live
Become a bug bounty hunters & Hunt on Live Websites
Intercept requests using a Burpsuite proxy
Gain full control over target server using Authentication Bypass Attacks
Gain full control over target server using Captcha Bypass Attacks
Gain full control over target server using OTP /2FA Bypass Attacks
Discover Vulnerabilities, technologies & services used on target website.
Authentication Bypass Interview Questions and Answers
Hunt Basic XSS Vulnerabilities on Live Environments
Exploit and perform Acccount Takeovers on Live websites
Authentication Bypass Mitigations and Fixes
Authentication Bypass Breakdown of Hackerone Reports
Breakdown of No-Rate Limit of all Hackerone Reports by Hackers
Hunt Advance XSS Vulnerabilities by Filter and WAF Bypass
Hunt Vulnerabilities and Bug Bounty using XSS vulnerabilities.
Fix and Mitigations against XSS Vulnerabilities
Authentication Bypass Bonus Tips and Tricks
Practical Tips and Tricks for hunting XSS Live
Breakdown of XSS of all Hackerone Reports by Hackers
Interview Questions and Answers for XSS Attacks
Gain full control over target server using CSRF Attacks
Hunt Vulnerabilities using Advance CSRF Techniques
Perform Complete Account Takeover using CSRF on Lab
Perform Complete Account Takeover using CSRF on Live
Hunt Advance CSRF Vulnerabilities by Filter Bypass
Fix and Mitigations against CSRF Vulnerabilities
Practical Tips and Tricks for hunting CSRF Live
Breakdown of CSRF of all Hackerone Reports by Hackers
Interview Questions and Answers for CSRF Attacks
Gain full control over target server using CORS Attacks
Hunt Vulnerabilities using Advance CORS Techniques
Exfiltrating Sensitive Information by CORS Vulnerabiltiy
Fix and Mitigations against CORS Vulnerabilities
Practical Tips and Tricks for hunting CORS Live
Breakdown of CORS of all Hackerone Reports by Hackers
Hunt Vulnerabilities using No Rate-Limit Techniques
Complete Account Takeover at by No Rate-Limit Vulnerability
Fix and Mitigations against No Rate-Limit Vulnerabilities
Practical Tips and Tricks for hunting No Rate-Limit Live
Interview Questions and answers of CORS
Bug Bounty - Roadmap for Hackerone
Bug Bounty - Roadmap for Bugcrowd
Bug Bounty - Roadmap for OpenBugBounty
Bug Bounty - Roadmap for NCIIPC (Govt of India)
Bug Bounty - Roadmap for RVDP All Programs
Reporting Templates
Live Shodan Hunting
Live CVE Hunting
Requirements
Basic IT Skills
No Linux, programming or hacking knowledge required.
Computer with a minimum of 4GB ram/memory & Internet Connection
Operating System: Windows / OS X / Linux
Description
Welcome to Ethical Hacking / Penetration Testing and Bug Bounty Hunting Course. This course covers web application attacks and how to earn bug bounties. There is no prerequisite of prior hacking knowledge and you will be able to perform web attacks and hunt bugs on live websites and secure them.This course is not like other hacking or penetration testing course with outdated vulnerabilities and only lab attacks. This contains maximum live websites to make you comfortable with the Live Hunting Environment.This course will start from basic principles of each vulnerability and How to attack them using multiple bypass techniques, In addition to exploitation, you will also learn how to fix them.This course is highly practical and is made on Live websites to give you the exact environment when you start your penetrating testing or bug hunting journey.We will start from the basics of OWASP to the exploitation of vulnerabilities leading to Account Takeover on live websites.This course is divided into a number of sections, each section covers how to hunt, exploit and mitigate a vulnerability in an ethical manner.After identification of a vulnerability, we will exploit to leverage the maximum severity out of it. We will also learn how to fix vulnerabilities which are commonly found on the websites on the internet.In this course, you will also learn How can you start your journey on many famous bug hunting platforms like Bugcrowd, Hackerone and Open Bug Bounty.Along with this, you will be able to hunt and report vulnerabilities to NCIIPC Government of India, also to private companies and to their responsible disclosure programs.You will also learn Advance techniques to bypass filters and the developers logic for each kind of vulnerability. I have also shared personal tips and tricks for each attacks where you can trick the application and find bugs quickly.This course also includes the Breakdown of all Hackerone Reports which are found and submitted by other hackers for better understanding as we will cover each type of technique in the course.This course also includes important interview questions and answers which will be helpful in any penetrating testing job interview.Here's a more detailed breakdown of the course content:In all the sections we will start the fundamental principle of How the attack works, Exploitation and How to defend from those attacks.In OWASP, We will cover what is OWASP and Top 10 vulnerabilities.We will also understand what is the difference between owasp 2013 vs 2017.1. In Cross site scripting XSS, we will cover all diff types of attacks like Reflected XSS, Stored XSS and DOM XSS. In addition, we will learn Advance Exploitation for Limited Inputs and Filter Bypass.We will see all the types of XSS attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.We will also cover different ways to perform XSS Exploitation using multiple types of payloads like Phishing, File Upload, Cookie Stealing and Redirection.We will also see the exploitation of Blind XSS which generally other researchers miss out.This course also includes a breakdown of all the Hackerone reports submitted by other hackers for XSS type of vulnerability wherein we will see and practice all types of attacks in our course.In the end, we will also cover mitigations to secure a website and prevent these types of attacks.In the end, I have added Interview Questions and answers which be helpful for you when XSS questions are asked in any job or internship.2. In Authentication Bypass, we will cover all diff types of ways to attack like OTP Bypass, 2FA Bypass, Captcha bypass, Email Verification Bypass etc. So we will perform all the ways to attack protection on websites.We will see all the types of Authentication bypass on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.We will also cover different ways to perform Auth Bypass Exploitation using different techniques.This course also includes a breakdown of all the Hackerone reports submitted by other hackers for Authentication Bypass type of vulnerability wherein we will see and practice all types of attacks in our course.In the end, we will also cover mitigations to secure a website and prevent these types of attacks.I have added Interview Questions and answers which be helpful for you when Auth Bypass questions are asked in any job or internship.3. In No Rate-Limit Attacks, we will check this vulnerability for different injection points, In addition, we will learn how to find these types of vulnerabilities in signup/creation of account or Login using password or verification of OTP or Tokens.We will see all the types of No Rate-Limit attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.We will also cover different ways to perform No RL Exploitation using multiple types by automated spoofing our IP address on each request the same way this bug was found on Instagram and was awarded $15000 bounty.We will also cover how to throttle our requests by changing the requests and giving delay between each simultaneous request to bypass IDS and RateLimit checkers on the server-side.We will also see the exploitation of No RL on various injection points which generally other researchers miss out.This course also includes a breakdown of all the Hackerone reports submitted by other hackers for No RL type of vulnerability wherein we will see and practice all types of attacks in our course.In the end, we will also cover mitigations to secure a website and prevent these types of attacks.4. In CSRF Attacks, we will check this vulnerability for different injection points, In addition, we will learn how to find these types of vulnerabilities can lead to Account Takeover by changing the email and password.We will see all the types of CSRF attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.We will also cover different ways to perform CSRF attacks and bypass CSRF protection on many live websites.This course also includes a breakdown of all the Hackerone reports submitted by other hackers for No RL type of vulnerability wherein we will see and practice all types of attacks in our course.In the end, we will also cover mitigations to secure a website and prevent these types of attacks.5. In CORS Attacks, we will check this vulnerability for different injection points, In addition, we will learn how to find these types of vulnerabilities can lead to Sensitive Data Disclosure of other users.We will see all the types of CORS attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.We will also cover different ways to perform CORS attacks and bypass CORS protection on many live websites by using suffix and prefix types tricks.This course also includes a breakdown of all the Hackerone reports submitted by other hackers for CORS type of vulnerability wherein we will see and practice all types of attacks in our course.In the end, we will also cover mitigations to secure a website and prevent these types of attacks.You will also get additional BONUS sessions, in which I m going to share my personal approach for hunting bugs. All the videos are recorded on Live websites so that you understand the concepts as well as you get comfortable to work on a live environment. I have also added Interview Questions and answers for each attack which will be helpful for those are preparing for Job Interviews and Internships in the field of Information Security.With this course, you get 24/7 support, so if you have any questions you can post them in the Q&A section and we'll respond to you as soon as possible.Notes:This course is created for educational purposes only and all the websites I have performed attacks are ethically reported and fixed.Testing any website which doesn't have a Responsible Disclosure Policy is unethical and against the law, the author doesn't hold any responsibility.
Overview
Section 1: Course Introduction
Lecture 1 Course FAQ
Lecture 2 Course Introduction
Lecture 3 Disclaimer
Lecture 4 Rules for asking Questions
Section 2: OWASP Top 10
Lecture 5 What is OWASP and Injection
Lecture 6 What is Broken Authentication
Lecture 7 What is Sensitive Data Exposure
Lecture 8 What is XML External Entities
Lecture 9 What is Broken Access Control
Lecture 10 What is Security Misconfiguration
Lecture 11 What is Cross Site Scripting (XSS)
Lecture 12 What is Insecure Deserialization
Lecture 13 What is Using Components with Known Vulnerabilities
Lecture 14 What is Insufficient Logging and Monitoring
Lecture 15 Revision of OWASP
Section 3: Burp Suite and Lab Setup
Lecture 16 Burp Suite Proxy Lab Setup
Lecture 17 Burpsuite Setup Revision
Section 4: Authentication Bypass
Lecture 18 Authentication Bypass Exploitation Live -1
Lecture 19 Authentication Bypass Exploitation Live -2
Lecture 20 Authentication Bypass Exploitation Live -3
Lecture 21 Authentication Bypass Exploitation Live -4
Lecture 22 Authentication Bypass Exploitation Live -5
Lecture 23 Authentication Bypass Exploitation Captcha
Lecture 24 Authentication Bypass to Account Takeover Live -1
Lecture 25 Authentication Bypass to Account Takeover Live -2
Lecture 26 Authentication Bypass due to OTP Exposure Live -1
Lecture 27 Authentication Bypass due to OTP Exposure Live -2
Lecture 28 Authentication Bypass 2FA Bypass Live
Lecture 29 Authentication Bypass - Email Takeover Live
Lecture 30 Authentication Bypass Mitigations
Lecture 31 Authentication Bypass Interview Questions and Answers
Lecture 32 Authentication Bypass Revision
Section 5: No Rate-Limit Attacks
Lecture 33 No Rate-Limit leads to Account Takeover Live Type-1
Lecture 34 NO RL Alternative Tools Introduction
Lecture 35 No Rate-Limit leads to Account Takeover Live Type -2
Lecture 36 No Rate-Limit leads to Account Takeover Live Type -3
Lecture 37 No Rate-Limit leads to Account Takeover Live Type -4
Lecture 38 No Rate-Limit leads to Account Takeover Live Type -5
Lecture 39 No Rate-Limit to Account Takeover Live - Type 6
Lecture 40 No Rate-Limit to Account Takeover Live - Type 7
Lecture 41 No Rate-Limit Instagram Report Breakdown
Lecture 42 No Rate-Limit Instagram Report Breakdown 2
Lecture 43 No Rate Limit Bypass Report Breakdown
Lecture 44 No Rate Limit Bypass Report Breakdown 2
Lecture 45 No Rate-Limit to Tool Fake IP Practical
Lecture 46 No Rate-Limit test on CloudFare
Lecture 47 No Rate-Limit Mitigations
Lecture 48 No Rate-Limit All Hackerone Reports Breakdown
Lecture 49 Burp Alternative : OWASP ZAP Proxy for No RL
Lecture 50 No Rate-Limit Revision
Section 6: Cross Site Scripting (XSS)
Lecture 51 How XSS Works
Lecture 52 Reflected XSS on Live 1
Lecture 53 Reflected XSS on Live 2
Lecture 54 Reflected XSS on Live Manual Balancing
Lecture 55 Reflected XSS on Live 3 Balanced
Lecture 56 XSS on Limited Inputs Live 1
Lecture 57 XSS on Limited Inputs Live 2
Lecture 58 XSS in Request Headers - Live
Lecture 59 Reflected XSS Useragent and Caching
Lecture 60 Reflected XSS Email Validator Live
Lecture 61 Reflected XSS Protection Bypass Live 1 - Base64
Lecture 62 Reflected XSS Protection Bypass Live -2
Lecture 63 XSS using Spider
Lecture 64 XSS Bypass Right Click Disabled
Lecture 65 Blind XSS Exploitation
Lecture 66 Stored XSS Exploitation Live
Lecture 67 DOM XSS Name
Lecture 68 DOM XSS Redirect
Lecture 69 DOM XSS Index
Lecture 70 DOM XSS Automated Scanner
Lecture 71 XSS on Live by Adding Parameters
Lecture 72 XSS Mouse on Lab
Lecture 73 XSS Mouse Live
Lecture 74 XSS Mouse Events All Types
Lecture 75 XSS Polyglots Live
Lecture 76 XSS Polyglots Breakdown
Lecture 77 XSS Exploitation - URL Redirection
Lecture 78 XSS Exploitation - Phishing
Lecture 79 XSS Exploitation Cookie Stealer Lab
Lecture 80 XSS Exploitation Cookie Stealer Live
Lecture 81 XSS Exploitation File Upload Type -2
Lecture 82 XSS Exploitation File Upload Type -3
Lecture 83 XSS Exploitation File Upload Type- 1
Lecture 84 XSS Mitigations
Lecture 85 XSS Bonus TIPS and TRICKS
Lecture 86 XSS Hackerone ALL Reports Breakdown
Lecture 87 XSS Interview Questions and Answers
Lecture 88 XSS Revision
Lecture 89 XSS Revision - 2
Section 7: Cross Site Request Forgery (CSRF)
Lecture 90 How CSRF Works
Lecture 91 CSRF Alternative Tools Introduction
Lecture 92 CSRF on LAB
Lecture 93 CSRF on LAB - 2
Lecture 94 CSRF on Live -1
Lecture 95 CSRF on Live -2
Lecture 96 CSRF Password Change Lab
Lecture 97 CSRF Funds Transfer Lab
Lecture 98 CSRF Request Methods Trick - Lab
Lecture 99 CSRF to Account Takeover Live -1
Lecture 100 CSRF to Account Takeover Live -2
Lecture 101 Chaining CSRF with XSS
Lecture 102 CSRF Mitigations
Lecture 103 CSRF BONUS Tips and Tricks
Lecture 104 CSRF ALL Hackerone Reports Breakdown
Lecture 105 CSRF Interview Questions and Answers
Lecture 106 Alternative to Burpsuite for CSRF : CSRF PoC Generator
Lecture 107 CSRF Revision
Section 8: Cross Origin Resource Sharing (CORS)
Lecture 108 How CORS Works
Lecture 109 CORS 3 Test Cases Fundamentals
Lecture 110 CORS Exploitation Live -1 Exfiltration of Account Details
Lecture 111 CORS Exploitation Live -2 Exfiltration of Account Details
Lecture 112 CORS Live Exploitation -3
Lecture 113 CORS Exploitation Facebook Live
Lecture 114 CORS Live Prefix Match
Lecture 115 CORS Live Suffix Match
Lecture 116 CORS Mitigations
Lecture 117 CORS Breakdown of ALL Hackerone Reports
Lecture 118 CORS Revision
Section 9: How to start with Bug Bounty Platforms and Reporting
Lecture 119 BugCrowd ROADMAP
Lecture 120 Hackerone ROADMAP
Lecture 121 Open Bug Bounty ROADMAP
Lecture 122 NCIIPC Govt of Inida ROADMAP
Lecture 123 RVDP All Websites ROADMAP
Lecture 124 Bug Bounty Platforms
Section 10: Bug Bounty Reporting Templates
Lecture 125 Reporting Templates
Section 11: Exploitation of CVE 2020-5902 Remote Code Execution
Lecture 126 Exploitation
Lecture 127 Assets & Resources
Lecture 128 Final Words
Section 12: Exploitation of CVE 2020-3452 File Read
Lecture 129 Exploitation of CVE 2020-3452 File Read
Section 13: Exploitation of CVE 2020-3187 File Delete
Lecture 130 Exploitation of CVE 2020-3187 File Delete
Section 14: Snapshot
Lecture 131 Snapshot of Burpsuite
Section 15: PortSwigger Labs
Lecture 132 XSS Portswigger Lab-1
Lecture 133 CSRF Portswigger Lab - 2
Section 16: OWASP top 10 2021
Lecture 134 Understanding OWASP 2021 and Broken Authentication
Lecture 135 Tips and Best Practices for IDOR
Lecture 136 How to approch IDOR vulnerability
Section 17: Learning Waybackurlsbash tool
Lecture 137 Tool :- Waybackurlbash
Section 18: XSS Automation
Lecture 138 Reflected XSS
Anybody interested in learning website & web application hacking / penetration testing.,Any Beginner who wants to start with Penetration Testing,Any Beginner who wants to start with Bug Bounty Hunting,Trainer who are willing to start teaching Pentesting,Any Professional who working in Cyber Security and Pentesting,Ethical Hackers who wants to learn How OWASP Works,Beginners in Cyber Security Industry for Analyst Position,SOC person who is working into a corporate environment,Developers who wants to fix vulnerabilities and build secure applications
Homepage
Recommend Download Link Hight Speed | Please Say Thanks Keep Topic Live
No Password - Links are Interchangeable