THREAT CON 2021
Virtual Workshop and Conference
Workshop: September 8-9
Conference: September 10-11
Time: 10 AM - 5 PM (NPT, GMT+5:45)

Get Tickets

Diamond Sponsor

Virtual Workshop by Hussein Daher

September 8-9

Time: 10 AM - 5 PM (NPT, GMT+5:45)


Get Ticket



An Advanced Guide to Finding Good Bugs


Hussein Daher twitter


Bug bounties are evolving year after year and thousands of infosec enthusiasts are looking to join the boat. Having a great place on that boat requires dedication and investing a great amount of time of work. In fact, there are multiple types of vulnerabilities and mastering the most important of these can be a game changer. In this class, attendees will learn the "how" and "why" of vulnerabilities they are already aware of instead of sticking to what the vulnerability is in general. This class will be based on real-life scenarios to show how to think out of the box in different scenarios to bring in the maximum impact.

Key Takeaways

  1. Students will learn in-depth about a vulnerability exploitation
  2. Students will be able to approach a target effectively
  3. Students will learn think out of the box in different scenarios

Who Should Attend This Course

This course is intended for students with an interest in bug bounties, web vulnerability discovering and exploitation or general infosec enthusiast who wish to know more about the side of bug bounties. Students should be comfortable with the type of vulnerabilities mentioned because we are not going to cover from a total beginner's side.

What Students Will be Provided With

Students will be provided with the slides of the lessons along with write ups.

Course Outline:

During the session, students will have hands on excercises with:

  1. SQL Injection (SQLi)
  2. XML External Entity (XXE)
  3. Server Side Request Forgery (SSRF)
  4. RECON Out of the Box
  5. Remote Code Execution (RCE)
  6. Server Side Template Injection (SSTI)
  7. Directory Traversal
  8. Access Control Vulnerabilities
  9. Authentication Issues
  10. Cache Poisoning
  11. Insecure Deserialization
  12. Information Disclosure
  13. Business Logic Vulnerabilities
  14. Common Misconfigurations
  15. Race Conditions
  16. Plus many more...

Subscribe and get our news and updates.