• Stars
    star
    2,600
  • Rank 17,623 (Top 0.4 %)
  • Language
  • License
    Creative Commons ...
  • Created over 6 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Open source education content for the researcher community

Bugcrowd University

Created by

Twitter Twitter

Contributors

Twitter Twitter Twitter Twitter

What is Bugcrowd University?

Bugcrowd University is a free and open source project to help level-up our security researchers. It includes content modules to help our researchers find the most critical and prevalent bugs that impact our customers. Each module will have slide content, videos, and labs for researchers to master the art of bug hunting. As time goes on we hope the community will help us curate BCU and create a new standard for security testing training!

Modules

Module Slides Video Lab Guide Authors
An Introduction to BCU Slides Video N/A Twitter, Twitter
How to Make a Good Submission Slides Video N/A Twitter
An Introduction to Burp Suite Slides Video N/A Twitter, Twitter
Broken Access Control Testing Slides Video Labs Twitter
Cross Site Scripting Slides Video Labs Twitter
Recon and Discovery Slides Video N/A Twitter
Server Side Request Forgery Slides Video N/A Twitter, Twitter
GitHub Recon and Sensitive Data Exposure Slides Video N/A Twitter
XML External Entity Injection Slides Video N/A Twitter
Burp Suite Advanced Slides Video N/A Twitter

Planned Modules

Module Slides Video Lab Guide Authors
To Be Determined Slides Video N/A N/A

Previous Work

Bugcrowd believes in empowering its crowd through education. Some portions of Bugcrowd University were inspired by the DEF CON 23 talk, How to Shot Web, as well as several iterations of The Bug Hunter's Methodology talks. Because these talks outgrew the standard conference slot, each topic is represented in Bugcrowd University here as an entire module. Below are those past talks archived for your viewing should you want to add them to your education. We have also added several other useful talks and presentations by Bugcrowd staff that we think highlights great learning opportunities for our researchers:

Topic Slides Video Authors
How to Shot Web (DEF CON 23) / The Bug Hunter's Methodology 1.0 Slides Video Twitter
The Bug Hunter's Methodology 2.1 (Nullcon) Slides Video for 2.0 Twitter
The Bug Hunter's Methodology 3(ish) (Bugcrowd LevelUp 0x02) Slides Video Twitter
Practical Tips For Running A Successful Bug Bounty Program (AppSecUSA 2016 & AppSecEU 2016) Slides Video 1 Video 2 Twitter, Twitter, Twitter
HUNT: Data Driven Web Hacking & Manual Testing (DEF CON 25 & AppSecUSA 2017) Slides Video 1 Video 2 Twitter, Twitter

Bugcrowd's LevelUp 0x03

Topic Video Authors
LevelUp 0x03 - Why humans suck at calculating risk and how it affects security Video Twitter
LevelUp 0x03 - Serverless Top 10 Vulnerabilities Video Twitter
LevelUp 0x03 - Profiling the Attacker - Using Offender Profiling In SOC Environments Video Twitter
LevelUp 0x03 - AEM hacker - approaching Adobe Experience Manager webapps Video Twitter
LevelUp 0x03 - Social Engineering 101 Video Twitter
LevelUp 0x03 - Finding Bugs with Binary Ninja Video Twitter
LevelUp 0x03 - API Security 101 Video Twitter
LevelUp 0x03 - Bad API, hAPI Hackers! Video Twitter
LevelUp 0x03 - What's in my hacking tool box? Video Twitter
LevelUp 0x03 - From CTF to CVE Video Twitter
LevelUp 0x03 - Behind the Curtain: Safe Harbor and Department of Defense Video Twitter,Twitter,Twitter
LevelUp 0x03 - What you reap, is what you sow Video Twitter
LevelUp 0x03 - From an IVI in a box to a CAR in a box Video Twitter
LevelUp 0x03 - IoT - Attacker Point of View Video Twitter
LevelUp 0x03 - Turbo Intruder: Abusing HTTP Misfeatures to Accelerate Attacks Video Twitter
LevelUp 0x03 - iPhone Baseband Research + Reversing Video Twitter
LevelUp 0x03 - The Law and You: Reducing the Cost of Free Speech Video Twitter
LevelUp 0x03 - Mach0 and the App Store Video Twitter

Bugcrowd's LevelUp and LevelUp 0x02

Bugcrowd also has run several community-driven and researcher testing based conferences. These presentations are full of great educational content for a bug hunter. These are highly recommended supplemental materials:

Topic Video Authors
LevelUp 0x02 - Intro & Bugcrowd Ambassador Program announcement Video Twitter
LevelUp 0x02 - Small Files And Big Bounties, Exploiting Sensitive Files Video Twitter, Twitter, Twitter
LevelUp 0x02 - Trickle Down PwnOnomics Video Twitter
LevelUp 0x02 - Meet a Bugcrowd Program Admin, Twitch Video Twitter
LevelUp 0x02 - Practical recon techniques for bug hunters & pen testers Video Twitter
LevelUp 0x02 - Back to Basics: Application Security Practices in Smart Contract Auditing Video Twitter
LevelUp 0x02 - Hardware Hacking 101 Video Twitter
LevelUp 0x02 - Hacking OAuth 2.0 For Fun And Profit Video Twitter
LevelUp 0x01 - Welcome to LevelUp 2017! Intro from Sam Houston Video Twitter
LevelUp 0x01 - Casey Ellis on the State of Bug Bounties & Ask Me Anything Video Twitter
LevelUp 0x01 - Targeting for Bug Bounty Research Video Twitter
LevelUp 0x01 - Giving Back to the Bug Bounty Community Video Twitter
LevelUp 0x01 - Finding Hidden Gems in Old Bug Bounty Programs Video Twitter
LevelUp 0x01 - How to Fail at Bug Bounty Hunting Video Twitter
LevelUp 0x01 - Esoteric sub-domain enumeration techniques Video Twitter
LevelUp 0x01 - MarkDoom: How I Hacked Every Major IDE in 2 Weeks Video Twitter
LevelUp 0x01 - How does unicode affect our security? Video Twitter
LevelUp 0x01 - Browser Exploitation for Fun and Profit Video Twitter
LevelUp 0x01 - Hidden in Plain Site: Disclosing Information via Your APIs Video Twitter
LevelUp 0x01 - Doing recon like a boss Video Twitter
LevelUp 0x01 - Identifying & Avoiding Android app Protections Video Twitter
LevelUp 0x01 - Hacking Internet of Things for Bug Bounties Video Twitter
LevelUp 0x01 - Advanced Android Bug Bounty skills Video Twitter
LevelUp 0x01 - Car Hacking 101 Video Twitter
LevelUp 0x01 - OWASP iGoat - Learning iOS App Penetration Testing & Defense Video Twitter
LevelUp 0x01 - Do you like fuzzing? Video Twitter, Twitter
LevelUp 0x01 - Reverse Engineering iOS Mobile Apps Video Emily Walls
LevelUp 0x01 - Breaking Mobile App Protection Mechanisms Video Twitter

License

CC-BY-4.0 - Creative Commons Attribution 4.0 International

More Repositories

1

HUNT

Python
2,152
star
2

vulnerability-rating-taxonomy

Bugcrowd’s baseline priority ratings for common security vulnerabilities
Python
427
star
3

tipjar

200
star
4

templates

Repository to house markdown templates for researchers
Ruby
189
star
5

disclosure-policy

Open Source Vulnerability Disclosure Framework. Maintained by Bugcrowd and Cipherlaw. Merged with https://github.com/disclose/dioterms.
128
star
6

test-summary-buildkite-plugin

Buildkite plugin to summarise all test failures as an annotation
Ruby
66
star
7

directory

20
star
8

ecs-deployment-monitor

Monitor an ECS Deployment
JavaScript
15
star
9

aws-iam-proxy

This proxy signs requests with AWS IAM credentials.
JavaScript
13
star
10

adama

Adama - Command and Invoker Pattern For Getting Things Done
Ruby
13
star
11

vrt-ruby

Ruby library for interacting with Bugcrowd's VRT
Ruby
13
star
12

ecs-service-image-updater

Update an ECS service to use a new Docker image
JavaScript
12
star
13

levelup

SCSS
10
star
14

ecs-task-runner

Run a Docker task on AWS ECS and stream logs back via AWS Cloudwatch Logs
JavaScript
10
star
15

double_red

API for collecting Double Red color sensor readings (Winter 2017 hackathon)
Elixir
7
star
16

hedge

Percy ↔️ GitHub integration
Elixir
6
star
17

ecs-task-definition-validator

Validates ECS Task Definitions with JSON Schema
JavaScript
5
star
18

methodology-taxonomy

The BMT explains the baselines for different types of testing on bugcrowd.com
Python
5
star
19

ecr-pusher

ECR Pusher assists pushing docker images to AWS Elastic Container Registries
Shell
4
star
20

homebrew-cartons

Homebrew tap for apps we release
Ruby
3
star
21

drpepper

Dr Pepper needs help with their new AWS infrastructure
2
star
22

rubocop-bugcrowd

Bugcrowd-specific Rubocop cops
Ruby
2
star
23

bmt-ruby

Rubygem for the Bugcrowd Methodology Taxonomy
Ruby
1
star