Shelled

CBBH Review

2023/07/28 8:39AM

Description

The Bug Bounty Hunter Job Role Path is for individuals who want to enter the world of Bug Bounty Hunting with little to no prior experience. This path covers core web application security assessment and bug bounty hunting concepts and provides a deep understanding of the attack tactics used during bug bounty hunting. Armed with the necessary theoretical background, multiple practical exercises, and a proven bug bounty hunting methodology, students will go through all bug bounty hunting stages, from reconnaissance and bug identification to exploitation, documentation, and communication to vendors/programs. Upon completing this job role path, you will have become proficient in the most common bug bounty hunting and attack techniques against web applications and be in the position of professionally reporting bugs to a vendor.

The course has 20 modules:

Web Requests
Introduction to Web Applications
Using Web Proxies
Information Gathering - Web Edition
Attacking Web Applications with Ffuf
JavaScript Deobfuscation
Cross-Site Scripting (XSS)
SQL Injection Fundamentals
SQLMap Essentials
Command Injections
File Upload Attacks
Server-side Attacks
Login Brute Forcing
Broken Authentication
Web Attacks
File Inclusion
Session Security
Web Service & API Attacks
Hacking WordPress
Bug Bounty Hunting Process

Motivation

Before taking this exam I had recently graduated with a bachelors degree in computer science and been actively doing bug bounty for about 8 months. In this time I had found and successfully reported 10 security vulnerabilities on HackerOne and had learned quite a bit from bug bounty writeups, YouTube videos, CTFs, university courses, and podcasts. The motivation for getting this certification was to bring my bug bounty skills to the next level.

Review

Due to having studied bug bounty previously I had already knew a lot of the information that the course provides. With that being said, I still learned a lot of tips/tricks and expanded/hardened my knowledge in web vulnerabilities. The most valuable part in taking the course is being able to read the information and then actively test the information on a vulnerable target.

The course is well structured, teaching you about the base knowledge first and then diving into the specific vulnerabilities. Something that I really appreciate from this course is that there isn't much fluff material, everything taught in the course is valuable as a bug bounty hunter. The exam is fair and if you know the material taught in the course then there won't be much struggle with the exam.

Tips

You will need to provide a well documented report at the end of the exam, make sure to take screenshots and notes as you work through the exam so you don't need to spend a lot of time re-exploiting the machine to get the screenshots.
Create a cheat sheet with the course material so it is easier to find the command needed to exploit the vulnerability or get a foothold on the machine.