Web Hacking Secrets: How to Hack Legally and Earn Thousands of Dollars at HackerOne

Video description

Master web application security testing and become a successful bug hunter

About This Video

  • Master web application security testing
  • Learn how hackers earn thousands of dollars per one bug
  • Discover how to find these bugs step-by-step in practice (demos)

In Detail

HackerOne is your big opportunity. This is the platform where you can hack legally and at the same time you can make money. You can hack many different companies like Twitter, Yahoo, Uber, Coinbase, and a lot more. And you can get paid for your findings, for example $100, $1,000, or even $10,000 per one bug. It’s just amazing. All you need is Internet connection and knowledge. Yes - you need knowledge to go from zero to thousands of dollars at HackerOne, and in this online training I’m going to share my knowledge with you.

I’m one of the top hackers at HackerOne and I know quite a lot about hacking and making money that way. In this self-paced online training, I’ll present many award-winning bugs. The more you play with award-winning-bugs the more knowledge you get and the more knowledge you have, the more money you can make. I’ll also discuss a successful bug hunting strategy that I have been using in the recent years. What’s more, I’ll present a lot of demos, because I want you to see how all these things work in practice.

This self-paced online training is composed of 6 different courses:

  • Start Hacking and Making Money Today at HackerOne
  • Keep Hacking and Making Money at HackerOne
  • Case Studies of Award-Winning XSS Attacks: Part 1
  • Case Studies of Award-Winning XSS Attacks: Part 2
  • DOUBLE Your Web Hacking Rewards with Fuzzing
  • How Web Hackers Make BIG MONEY: Remote Code Execution

In the 1st course I will discuss the 5 bugs that I recommend you start with and I’ll introduce you to the strategy that I have been using successfully for a long time. In the 2nd course, you’ll master the strategy and you’ll play with the next 5 bugs. In the 3rd course I’ll demonstrate award-winning XSS attacks (cross-site scripting). It turns out, that you can get a 4-digit ($$$$) reward per single XSS, but to make it happen you need to learn about non-standard XSS attacks, and this is exactly what I’ll present to you. Next, in course No. 4 I’ll demonstrate more award-winning XSS attacks, because I want you to become a professional XSS hunter earning more and and more money. In course No. 5, I will present fuzzing, which is one of the most powerful vulnerability detection techniques, and I’ll show you how you can use this technique to double your web hacking rewards. And finally, I’ll tell you how to make big money with RCE, which stands for remote code execution. This is the most dangerous attack and companies are willing to give you a 5-digit reward ($$$$$) per single RCE, which is just awesome. What you need, to make this amount of money, is knowledge about non-standard RCE attacks and this is what I’ll present to you in course No. 6.

You can really go from zero to thousands of dollars at HackerOne. As one of the top hackers at HackerOne I know very well how it works and I want to share my knowledge with you. I want you to become the next successful web hacker and that’s the reason why I created "Web Hacking Secrets: How to Hack Legally and Earn Thousands of Dollars at Hackerone".

Table of contents

  1. Chapter 1 : Start Hacking and Making Money Today at HackerOne
    1. Overview of Course Bundle 00:03:46
    2. Introduction 00:10:16
    3. HackerOne: Your Big Opportunity 00:06:01
    4. Getting Started with 5 Bugs 00:08:06
    5. Automatic Leakage of Password Reset Link - Overview 00:05:12
    6. Automatic Leakage of Password Reset Link - Demo 00:05:52
    7. How to Get Access to the Account of the Logged-Out User - Overview 00:03:39
    8. How to Get Access to the Account of the Logged-Out User - Demo 00:05:57
    9. Insecure Processing of Credit Card Data - Overview 00:02:25
    10. Insecure Processing of Credit Card Data - Demo 00:05:03
    11. Disclosure of Authentication Cookie - Overview 00:03:35
    12. Disclosure of Authentication Cookie - Demo 00:07:04
    13. User Enumeration: Overview 00:03:30
    14. User Enumeration: Demo 00:04:21
    15. Summary 00:04:24
  2. Chapter 2 : Keep Hacking and Making Money at HackerOne
    1. Introduction 00:07:36
    2. How to Impersonate a User via Insecure Log In - Overview 00:03:55
    3. How to Impersonate a User via Insecure Log In - Demo 00:04:56
    4. Sensitive Information in Metadata - Overview 00:03:01
    5. Sensitive Information in Metadata - Demo 00:05:47
    6. Disclosure of Credentials - Overview 00:04:38
    7. Disclosure of Credentials - Demo 00:05:46
    8. Insecure Password Change - Overview 00:03:23
    9. Insecure Password Change - Demo 00:03:34
    10. Dictionary Attack - Overview 00:04:50
    11. Dictionary Attack - Demo 00:03:24
    12. Summary 00:04:03
  3. Chapter 3 : Case Studies of Award-Winning XSS Attacks: Part 1
    1. Introduction 00:10:54
    2. XSS via Image - Overview 00:04:10
    3. XSS via Image - Demo 00:06:00
    4. XSS via HTTP Response Splitting - Overview 00:04:35
    5. XSS via HTTP Response Splitting - Demo 00:10:40
    6. XSS via Cookie - Overview 00:07:49
    7. XSS via Cookie - Demo 00:09:29
    8. XSS via AngularJS Template Injection - Overview 00:05:12
    9. XSS via AngularJS Template Injection - Demo 00:04:35
    10. Summary 00:03:49
  4. Chapter 4 : Case Studies of Award-Winning XSS Attacks: Part 2
    1. Introduction 00:04:54
    2. XSS via XML - Overview 00:02:25
    3. XSS via XML - Demo 00:04:54
    4. XSS via Location.href - Overview 00:05:08
    5. XSS via Location.href - Demo 00:05:03
    6. XSS via Vbscript: - Overview 00:04:23
    7. XSS via Vbscript: - Demo 00:05:44
    8. From XSS to Remote Code Execution - Overview 00:04:49
    9. From XSS to Remote Code Execution - Demo 00:03:24
    10. Summary 00:02:49
  5. Chapter 5 : DOUBLE Your Web Hacking Rewards with Fuzzing
    1. Introduction 00:05:16
    2. The Basics of Fuzzing 00:04:25
    3. Fuzzing with Burp Suite Intruder - Overview 00:06:02
    4. Fuzzing for SQL Injection - Demo 00:17:53
    5. Fuzzing for Path Traversal - Demo 00:11:33
    6. Fuzzing with Burp Suite Intruder: Tips and Tricks 00:05:24
    7. Summary 00:03:43
  6. Chapter 6 : How Web Hackers Make BIG MONEY: Remote Code Execution
    1. Introduction 00:05:18
    2. From SQL Injection to Remote Code Execution - Overview 00:02:02
    3. From SQL Injection to Remote Code Execution - Demo 00:13:44
    4. From Disclosure of Software Version to Remote Code Execution - Overview 00:03:30
    5. From Disclosure of Software Version to Remote Code Execution - Demo 00:10:15
    6. Remote Code Execution via File Upload - Overview 00:08:03
    7. Remote Code Execution via File Upload - Demo 00:07:12
    8. Remote Code Execution via Deserialization - Overview 00:07:17
    9. Remote Code Execution via Deserialization - Demo 00:10:52
    10. Summary 00:05:24

Product information

  • Title: Web Hacking Secrets: How to Hack Legally and Earn Thousands of Dollars at HackerOne
  • Author(s): Dawid Czagan
  • Release date: September 2019
  • Publisher(s): Packt Publishing
  • ISBN: 9781839214684