News
Dimitris,
May 16
2022
It is a great moment for all hackers around: Hack The Box and HackerOne are teaming up to provide a new, innovative Bug Bounty Hunter education!
We take bug bounty education seriously as it is one of the ways in which we create a better and safer cyber world while providing a stable source of income to hackers all around the globe. Over the last year, the payout for a critical vulnerability increased to $3,650 and the average amount paid per vulnerability is $979. This is for sure a great time to become a hunter: find vulnerabilities, report them, get a reward!
As two communities that are gathering hundreds of thousands of cybersecurity enthusiasts and enabling people in making their passion an actual occupation, we now decided to work together, utilizing HTB’s education expertise and HackerOne’s bug bounty platform to provide the best in class bug bounty learning path that seamlessly connects graduates to real-world bug bounty opportunities.
That is how the HTB Academy Bug Bounty Hunter job-role path saw its creation!
The intention is to combine Hack The Box training with the HackerOne treasure map by creating an exciting HTB Academy job-role path focusing on bug bounty methodologies and web application hacking.
Firstly announced during HackerOne’s HacktivityCon 2021, the Bug Bounty Hunter job-role path is designed for individuals who want to enter this world with little to no prior experience. The path covers core web application security assessment and bug bounty hunting concepts and provides a deep understanding of the attack tactics used during bug bounty. Armed with the necessary theoretical background, multiple practical exercises, and a proven bug bounty hunting methodology, students will go through all bug bounty hunting stages, from reconnaissance and bug identification to exploitation, documentation, and communication to vendors/programs.
The entire job-role path consists of 20 different modules in scalable difficulty and logical order to enable a great learning experience: each module is accompanied by practical lab exercises and skills assessment exercises.
All the modules are entirely created by the HTB Academy team, led by the Training Director Dimitrios Bougioukas and the Head of Training Development Ben Rollin (aka mrb3n), with the outstanding support of subject matter experts as Zeyad AlMadani, Shaksam Jaiswal, Miroslav Stampar, Sandro Zaccarini, and Valentin Dobrykov.
Web Requests
Introduction to Web Applications
Using Web Proxies
Information Gathering
Attacking Web Applications with Ffuf
JavaScript Deobfuscation
Cross-Site Scripting (XSS)
SQL Injection Fundamentals
SQLMap Essentials
Command Injection
Login Brute Forcing
Broken Authentication
Other Web Attacks
File Inclusion / Directory Traversal
Hacking WordPress
Bug Bounty Hunting Methodology
File Upload Attacks
Session Security
Web Attacks
Server-Side Attacks
Upon completing the job-role path, students will have become proficient in the most common bug bounty hunting and attack techniques against web applications and be in the position of professionally reporting bugs and start gaining income from it.
Your progress will also be shown on both platforms. Bug bounty graduates will receive an exclusive custom badge on their HackerOne profiles too!
We are very excited to provide such content to both communities and anyone else willing to learn more about bug bounty out there. It is a unique opportunity to access high-quality education content powered by two great teams as Hack The Box and HackerOne while gaining access to the first-ever bug bounty certification in the market.
Oh, wait… Did we say certification? Well, yes!
Users completing the Bug Bounty Hunter job-role path will be able to purchase a voucher for the upcoming “HTB Certified Bug Bounty Hunter” exam (valid for two attempts).
Are you ready to hunt them all? Let’s put your skills on paper!
Blue Teaming
Odysseus (c4n0pus), Dec 20, 2024