Hello Folks!
I conducted my first public workshop on Bug Bounty on 15-03-2020. I with my team started with basics of bug bounty and ended with P4 level vulnerability (Will list down the topics I covered). My motto behind conducting a workshop was to develop a Cyber-sec Community in Vadodara. There were no club or community for cyber-sec enthusiasts which motivated me to start a community known as the "The Hacking Monks". As I started talking with participants, some of them were already looking for a community and platform to step in the world of cybersecurity! Frankly, One or Two of them were interested in the name of Bug bounty and the rest were starting up with this workshop.
I started the workshop by introducing the community that I started and I hope to push forward. After that series of topics were aligned such as:
1.Basics of Burpsuite: Participants learned about setting up burpsuite and basics functions like intercepting the request, use of intruder, spider, repeater, etc.
2.HTTP Header and INCORS: This topic was about the basics of HTTP Headers and vulnerable scenarios of INCORS vulnerability.
3.SPF Record: This session helped participants to know the importance of the SPF record and what could go wrong if there was no SPF Record.
4.Critical File Vuln. : Critical File vulnerability comes under sensitive data exposure. Participants had a hands-on experience of finding and reporting sensitive files on the domain.
5.CSRF: Participants performed a CSRF attack and got the gist on attack scenarios. Also, they got knowledge of attack scenarios.
6.No Rate Limiting: Here, Participants performed no rate limiting attack and got to know how can it lead to losing credibility of the company.
7. 2FA Bypass: This was the final and most interesting session where participants got an actual example of bypassing 2FA authentication.
This 6 hours workshop and we had little time left so I taught time WordPress vulnerability as well.
It was a pretty good workshop and I hope to do more workshops and develop a community in the field of Cybersecurity.
Special thanks to Sir Smit Bhanushali and Sir Ravi Rajput for all support and guidance.
Thank you for reading!