Ethical Hacking/Pentesting & Bug Bounty Hunting v2 2025
Complete Practical Course on Ethical Hacking, Penetration Testing and Bug Bounty Hunting with Live Attacks 2025
Updated on Jun, 2025
Language - English
IT and Software ,Network and Security,Bug Bounty
Lectures -113
Resources -13
Duration -9.5 hours
Lifetime Access
Lifetime Access
30-days Money-Back Guarantee
Get your team access to 10000+ top Tutorials Point courses anytime, anywhere.
Course Description
Welcome to Ethical Hacking / Penetration Testing and Bug Bounty Hunting Course v2.0 . This course covers web application attacks and how to earn bug bounties. There is no prerequisite of prior hacking knowledge and you will be able to perform web attacks and hunt bugs on live websites and secure them.
This course is not like other hacking or penetration testing course with outdated vulnerabilities and only lab attacks. This contains maximum live websites to make you comfortable with the Live Hunting Environment.
This course will start from basic principles of each vulnerability and How to attack them using multiple bypass techniques, In addition to exploitation, you will also learn how to fix them.
This course is highly practical and is made on Live websites to give you the exact environment when you start your penetrating testing or bug hunting journey.
We will start from the basics of each vulnerability and move ahead to the advance level of exploitation and multiple edge case scenarios on live websites.
Here's a more detailed breakdown of the course content:
In all the sections we will start the fundamental principle of How the attack works, Exploitation and How to defend from those attacks.
1. In Subdomain Takeovers, we will cover all different types of cloud based scenarios like AWS, Github, Shopify, Tumblr and many more. In addition, we will learn Advance fingerprints and our newly made Can I take over all XYZ templates.
We will see all the types of Subdomain takeovers attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.
This course also includes a breakdown of all the Hackerone reports submitted by other hackers for Subdomain Takeovers type of vulnerability wherein we will see and practice all types of attacks in our course.
In the end, we will also cover mitigations to secure a website and prevent these types of attacks.
In the end, I have added Interview Questions and answers which be helpful for you when Subdomain Takeovers questions are asked in any job or internship.
2. In File Inclusion , we will cover all diff types of ways to attacks Linux and Windows based systems. We will cover Local and Remote File Inclusion Attacks.
We will see all the types of File inclusion bypass on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.
We will also cover different ways to perform File Inclusion Exploitation using different techniques. We will also leverage our file inclusion to Remote Code Execution on live targets.
3. In Server Side Request Forgery SSRF Attacks, we will check this vulnerability for different injection points, In addition, we will learn how to find these types of vulnerabilities in multiple targets.
We will see all the types of SSRF attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.
4. In Remote Code Execution (RCE) Attacks, we will check this vulnerability for different injection points, In addition, we will learn how to find these types of vulnerabilities can lead to execution of malicious code on the target server.
We will also cover different ways to perform code injection attacks on multiple targets to make you comfortable with different examples and test cases.
5. In SQL Injection, we will check this vulnerability for different injection points, In addition, we will learn how to find these types of vulnerabilities can lead to Database Dumping & Sensitive Data Disclosure of other users.
We will see all the types of SQLi attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.
We will also cover different ways to perform SQLi attacks and bypass SQLi protection on many live websites by using different WAF bypass payloads.
6. In HTML Injection, we will check this vulnerability for different injection points, In addition, we will learn how to find these types of vulnerabilities can lead to tricking users in visiting malicious websites and identify theft.
We will see all the types of HTML Injection attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.
7. In Clickjacking, we will check this vulnerability for different targets, In addition, we will learn how to find these types of vulnerabilities can lead to sensitive actions on target websites.
We will see all the types of Clickjacking attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.
8. In Broken Link Hijacking , we will check this vulnerability for different targets, In addition, we will learn how to find these types of vulnerabilities can lead to takeovers of files, accounts, media etc on target websites.
We will see all the types of BHL attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.
You will also get additional BONUS sessions, in which I m going to share my personal approach for hunting bugs. All the videos are recorded on Live websites so that you understand the concepts as well as you get comfortable to work on a live environment. I have also added Interview Questions and answers for each attack which will be helpful for those are preparing for Job Interviews and Internships in the field of Information Security.
Who this course is for:
This course is not like other hacking or penetration testing course with outdated vulnerabilities and only lab attacks. This contains maximum live websites to make you comfortable with the Live Hunting Environment.
This course will start from basic principles of each vulnerability and How to attack them using multiple bypass techniques, In addition to exploitation, you will also learn how to fix them.
This course is highly practical and is made on Live websites to give you the exact environment when you start your penetrating testing or bug hunting journey.
We will start from the basics of each vulnerability and move ahead to the advance level of exploitation and multiple edge case scenarios on live websites.
Here's a more detailed breakdown of the course content:
In all the sections we will start the fundamental principle of How the attack works, Exploitation and How to defend from those attacks.
1. In Subdomain Takeovers, we will cover all different types of cloud based scenarios like AWS, Github, Shopify, Tumblr and many more. In addition, we will learn Advance fingerprints and our newly made Can I take over all XYZ templates.
We will see all the types of Subdomain takeovers attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.
This course also includes a breakdown of all the Hackerone reports submitted by other hackers for Subdomain Takeovers type of vulnerability wherein we will see and practice all types of attacks in our course.
In the end, we will also cover mitigations to secure a website and prevent these types of attacks.
In the end, I have added Interview Questions and answers which be helpful for you when Subdomain Takeovers questions are asked in any job or internship.
2. In File Inclusion , we will cover all diff types of ways to attacks Linux and Windows based systems. We will cover Local and Remote File Inclusion Attacks.
We will see all the types of File inclusion bypass on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.
We will also cover different ways to perform File Inclusion Exploitation using different techniques. We will also leverage our file inclusion to Remote Code Execution on live targets.
3. In Server Side Request Forgery SSRF Attacks, we will check this vulnerability for different injection points, In addition, we will learn how to find these types of vulnerabilities in multiple targets.
We will see all the types of SSRF attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.
4. In Remote Code Execution (RCE) Attacks, we will check this vulnerability for different injection points, In addition, we will learn how to find these types of vulnerabilities can lead to execution of malicious code on the target server.
We will also cover different ways to perform code injection attacks on multiple targets to make you comfortable with different examples and test cases.
5. In SQL Injection, we will check this vulnerability for different injection points, In addition, we will learn how to find these types of vulnerabilities can lead to Database Dumping & Sensitive Data Disclosure of other users.
We will see all the types of SQLi attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.
We will also cover different ways to perform SQLi attacks and bypass SQLi protection on many live websites by using different WAF bypass payloads.
6. In HTML Injection, we will check this vulnerability for different injection points, In addition, we will learn how to find these types of vulnerabilities can lead to tricking users in visiting malicious websites and identify theft.
We will see all the types of HTML Injection attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.
7. In Clickjacking, we will check this vulnerability for different targets, In addition, we will learn how to find these types of vulnerabilities can lead to sensitive actions on target websites.
We will see all the types of Clickjacking attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.
8. In Broken Link Hijacking , we will check this vulnerability for different targets, In addition, we will learn how to find these types of vulnerabilities can lead to takeovers of files, accounts, media etc on target websites.
We will see all the types of BHL attacks on live websites which will give you a better understanding of the live environment when you will start your bug hunting journey.
You will also get additional BONUS sessions, in which I m going to share my personal approach for hunting bugs. All the videos are recorded on Live websites so that you understand the concepts as well as you get comfortable to work on a live environment. I have also added Interview Questions and answers for each attack which will be helpful for those are preparing for Job Interviews and Internships in the field of Information Security.
Who this course is for:
- Anybody interested in learning website & web application hacking / penetration testing.
- Any Beginner who wants to start with Penetration Testing
- Any Beginner who wants to start with Bug Bounty Hunting
- Trainer who are willing to start teaching Pentesting
- Any Professional who working in Cyber Security and Pentesting
- Ethical Hackers who wants to learn How OWASP Works
- Beginners in Cyber Security Industry for Analyst Position
- SOC person who is working into a corporate environment
- Developers who wants to fix vulnerabilities and build secure applications
Goals
- Bug Bounty Hunting - Live
- Tips and Tricks to hunt bugs
- BreakDown of Hackerone Reports for better understanding
- Interview Preparation Questions Answers and Approach
- Web Application Penetration Testing - Live
- Become a bug bounty hunters & Hunt on Live Websites
- Intercept requests using a Burpsuite proxy
- Gain full control over target server using SQL Injection Attacks
- Discover Vulnerabilities, technologies & services used on target website.
- Subdomain Takeovers
- SQLi Interview Questions and Answers
- Hunt Basic HTML Injection Vulnerabilities on Live Environments
- Hunt Basic ClickJacking Vulnerabilities on Live Environments
- Exploit and perform Local File Inclusion (LFI) on Live websites
- Exploit and perform RemoteFile Inclusion (RFI) on Live websites
- Exploit and perform Remote Code Execution (RCE) on Live websites
- Fix and Mitigations against SQLi Vulnerabilities
- Practical Tips and Tricks for hunting SQLi Live
- Broken Link Hijacking
- Fix and Mitigations against RCE Vulnerabilities
- Interview Questions and answers
- Bug Bounty - Roadmap for Hackerone
- Bug Bounty - Roadmap for Bugcrowd
- Bug Bounty - Roadmap for Open Bug Bounty
- Bug Bounty - Roadmap for NCIIPC (Govt of India)
- Bug Bounty - Roadmap for RVDP All Programs
- Reporting Templates
Prerequisites
- Basic IT Skills
- No Linux, programming or hacking knowledge required.
- Computer with a minimum of 4GB ram/memory & Internet Connection
- Operating System: Windows / OS X / Linux
Curriculum
Check out the detailed breakdown of what’s inside the course
Introduction
1 Lectures
-
Disclaimer
01:02
01:02
Future updates
1 Lectures
Setting up environment
1 Lectures
Subdomain takeovers
20 Lectures
HTML injection
6 Lectures
Click jacking
9 Lectures
File inclusion exploitation
7 Lectures
Broken link hijacking
11 Lectures
SQL injection
26 Lectures
SSRF
16 Lectures
Remote code execution
1 Lectures
How to start with bug bounty platforms and reporting
7 Lectures
Bug bounty/penetration testing reporting templates
1 Lectures
Snapshot
2 Lectures
Portswigger labs
1 Lectures
Mastering subdomain enumeration in penetration testing
3 Lectures
Instructor Details
Rohit Gautam
I am Rohit Gautam the CEO & Founder of Hacktify Cyber Security, I have a PhD in cyber security.
I have been awarded as Cyber Security Samurai of the year by Bsides Bangalore.
I am into Cyber Security Training for many years. Students have loved my courses and given 5 ★ Ratings and made Bestseller on Tutorialspoint
My students have been in the Top 15 Cyber Security Researchers of India twice in a Row.
Apart from training's, I'm a security researcher with special interest in network exploitation and web application security analysis and Red Teaming
I have worked for all the topmost banks of India in their VAPT Team.
I have worked with ICICI, Kotak, IDFC bank I have also experience working with NSDL and some financial organizations like Edelweiss
I have worked on many private projects with NTRO & Govt of India.
I was acknowledged with Swag, Hall of Fame, Letter Of Appreciation, and Monetary rewards by Google, Facebook, Conclusion, Seek, Trip Advisor, Riddlr, Hakon, Acorns, Faasos, and many more companies for finding out vulnerabilities in their organization and responsibly reporting it.
Course Certificate
Use your certificate to make a career change or to advance in your current career.
Our students work
with the Best
Related Video Courses
View MoreAnnual Membership
Become a valued member of Tutorials Point and enjoy unlimited access to our vast library of top-rated Video Courses
Subscribe now
Online Certifications
Master prominent technologies at full length and become a valued certified professional.
Explore Now