Become a Smart Bug Bounty Hunter (W47) - Pentestmag

DURATION: 3 hours

CPE POINTS: On completion you get a certificate granting you 3 CPE points. 

Course launch date: March 6th, 2023

Hello and welcome to the Offensive Security Approach. This course will cover the majority of the OWASP TOP 10 vulnerabilities as well as Web Application Penetration Testing. You will begin as a newbie with no previous experience in bug bounty hunting or penetration testing.

After completing this training, you will be a smart Bug Bounty Hunter. The act of discovering security vulnerabilities or bugs in a website and responsibly exposing them to that company's security team in an ethical manner is known as bug bounty hunting. Companies set up bug bounties, also known as responsible disclosure programs, to encourage individuals to report possible bugs found on their websites. Some firms will award a researcher with a bounty, swag, or inclusion in their hall of fame. If you are interested in online application security, they provide an excellent area for you to hone your talents while possibly earning some rewards and enhancing your reputation.

Who is this course for?

  • Bug bounty hunters
  • Ethical hackers 
  • Penetration testers
  • Security analysts
  • Developers
  • CISO - Chief information security officer
  • Security administrators 
  • SOC Analysts - Security operations center
  • Ethical hacking enthusiast

Why take it NOW?

Offensive security skills are in high demand in the job market, making it a valuable area of expertise for those interested in a career in information security.

Why this course?

There are several reasons why studying offensive security is important. First, understanding how attackers think and operate can help organizations better protect their systems and data. By learning about common attack methods and vulnerabilities, organizations can identify and remediate potential weaknesses before they are exploited. Additionally, with the increasing reliance on technology in all aspects of life, the number and sophistication of cyberattacks are on the rise, making it even more critical for individuals and organizations to understand and defend against them.

Course benefits:

What skills will you gain?​​ ​​​ ​​ ​ ​​​​​

  • Web security testing 
  • Automated security testing
  • Manual security testing
  • Bug hunting skills
  • Think outside of the box 
  • Vulnerability assessment
  • Hacker mindset

What tools will you use?

  • Kali Linux
  • Burp Suite community edition

Course general information: 

Course format: 

  • Self-paced
  • Pre-recorded
  • Accessible even after you finish the course
  • No preset deadlines
  • Materials are video, labs, and text
  • All videos captioned

What will you need?

  • A computer system with 40GB of storage and min 8GB of RAM
  • Internet connectivity
  • Kali Linux
  • Burp Suite community edition  
  • Virtual Box or VMWARE workstation

What should you know before you join?

  • Virtual box or VMWARE skills  
  • Linux 
  • Familiar with web languages

YOUR INSTRUCTOR - Youssef Khaoulaj

Youssef is a security researcher specialized in finding web applications, cloud, blockchain and smart contract vulnerabilities. He has more than 8 years of experience in the field of information security that varies from Web Application Security, Incident Handling, Cloud Security, Network Security, Blockchain and Smart Contract Security. Youssef has more than 3 years of experience in the field of Blockchain and Smart Contract with a good knowledge in Decentralized Applications Development. He has spoken at numerous conferences and published many papers and reports in the area of hacking and smart contract auditing. 

He has received many recommendations from EX-Pentagon cybersecurity engineers, IT security trainers in Australia and his supervisor System administrator USA.


Module 0

Before the course

An overview of OWASP Top 10 and introduction to Bug Bounty Hunting.

Module 1

Information Gathering

The initial phase in the pentesting procedure is reconnaissance or information collecting. A pentester can find possible security flaws that an attacker could exploit by performing recon in a methodical manner. In pentesting, the pen analyzer serves as a malicious pariah and reenacts an attack to detect security flaws.  

Module 1 covered topics: 

  • Nmap
  • Burp Suite 
  • Directory listing
  • Fingerprinting 
  • Metasploit 
  • Brute force

Module 1 exercises:

  • Hands-on exercises testing your understanding of the module.

Module 2

SQL Injection

SQL injection is a type of cyber-attack in which an attacker inserts malicious SQL code into a web form input field to gain unauthorized access to a database. This can allow the attacker to view, modify, or delete sensitive data in the database.

Module 2 covered topics:

  • Burp Suite 
  • Fingerprinting 
  • Brute force
  • SQL injection

Module 2 exercises:

  • Hands-on exercises testing your understanding of the module.

Module 3

Unauthenticated Remote Code Execution

Unauthenticated Remote Code Execution (RCE) is a type of vulnerability that allows an attacker to execute arbitrary code on a remote system without any authentication. This can be achieved by exploiting a flaw in the software that is running on the system. Unauthenticated RCE can be particularly dangerous because it does not require the attacker to have any valid credentials, and it can allow them to gain full control over the affected system.

Module 3 covered topics:

  • Burp Suite 
  • Fingerprinting 
  • Unauthenticated RCE
  • SSH

Module 3 exercises:

  • Hands-on exercises testing your understanding of the module.

Module 4

Code review

Code review is a process in which one or more pen testers examine source code to check for errors, bugs, and best practices. This can be done manually or with the help of automated tools. The goal of code review is to identify and fix problems before the code is deployed, and to improve the overall quality, security and maintainability of the codebase.

Module 4 covered topics:

  • Burp Suite 
  • Code review 
  • SSH
  • Directory listing

Module 4 exercises:

  • Hands-on exercises testing your understanding of the module.


Questions? Reach out to us at [email protected].

Course Reviews


2 ratings
  • 5 stars1
  • 4 stars1
  • 3 stars0
  • 2 stars0
  • 1 stars0
  1. i like that course


    good course

  2. Super satisfied


    Wanna rock in Bug Bounty ?! Maan .. this course is Hellaa helpful !

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023