LevelUp videos - Web Hacking

Throughout the year, Bugcrowd hosts free conferences for hackers as part of our LevelUp series. These conferences are hosted online, broadcast via YouTube.

Below are the past LevelUp talks about Web Hacking:

Bug Hunting Methodology v3 (great for beginners!):

Esoteric sub-domain enumeration techniques - Bharath, from Bugcrowd’s LevelUp 2017

How does unicode affect our security? - Christopher Bleckmann-Dreher, LevelUp 2017

Finding Hidden Gems in Old Bug Bounty Programs - Yappare, Bugcrowd’s LevelUp 2017

4 Likes

There is something I don’t quite get about web hacking after having viewed the “Bug Hunting Methodology” videos.

You are supposed to start with loads of discovery.
However, wouldn’t most of the scanning for the discovery violate most programs rules against “automated scans”, DOS or downgraded service?

I mean all.txt has like 40k entries, If I try and run that to find directories, wouldn’t that be against the programs rules??

Plzz tell me from where i start testing a website
First which vulnerability i started to found in website

DOS means actually Dos-ing the website using zombies services. Directory brute force did not consider as Dos if you dont use high threads (on some programs) and if program specifically told about directory brute forcing out of scope then dont try to attempt it.

The one about you have good knowledge.