== SYLLABUS ==

1) Course Foundations & Mental Model

• What bug bounty is — and isn’t
• Building a mindset: curiosity, context, and real-world thinking
• Setting realistic goals: from $100/month to full-time
• How top hackers win: manual > automation > scanner noise

2) Browser, Burp, and the Real Web

• Using Firefox as a hacking tool
• Inspecting real requests with F12 → traffic, cookies, and endpoints
• Installing and configuring Burp Suite (with HTTPS proxying)
• The difference between GET/POST/PUT/PATCH/DELETE — and what that tells us

3) HTTP Status Codes, Cookies, and Headers

• Reading requests like a hacker
• Interpreting status codes (200 vs 403 vs 500 vs 429)
• Cookie scoping, session tracking, and CSRF markers
• How headers leak architecture, origin rules, and user state

4) Subdomain Recon, Liveliness Testing & GAU

• Discovering assets with gau, waybackurls, and passive tooling
• Checking “liveliness” and fingerprinting what’s running
• Why 403 ≠ useless (and why 404s can still teach you something)
• Common missteps in scoping: what “wildcard” really means

5) Authenticated Reconnaissance on Real Targets

• Creating test accounts on live platforms (Bugcrowd, Etsy, etc.)
• Understanding the “hacker portal” vs the real user experience
• How to safely explore features like avatar uploads and settings
• Building session context before touching Burp

6) Intercepting and Analyzing Auth Flows

• Cookie-based session vs. Authorization headers (Bearer/JWT)
• Live walkthrough: setting, breaking, and replaying session tokens
• Understanding JWT payloads: claims, roles, and expiry
• Common JWT mistakes that lead to full account takeover

7) Broken Access Control (BAC) and IDOR Testing

• Manual techniques to find IDOR in APIs and JSON responses
• Reading Burp traffic: how objects, parameters, and cookies all lie
• UserID vs. UUID vs. GUID — and what’s actually private
• Testing with no cookies, wrong cookies, or someone else’s session

8) Logging and Repeating Bug Payloads

• Using Burp Repeater for proper test structuring
• Making sense of JSON response objects: where data hides
• Replay vs resend: why tiny changes reveal deep flaws
• How to identify and isolate vulnerable endpoints in large apps

9) Exploring LIVE Targets Like [REDACTED] and [REDACTED]

• Real-time bug hunting examples: from product listings to payment APIs
• Why “safe” endpoints (stats, analytics, avatars) often leak data
• Turning user profile updates into bug chains
• Responsible testing: how to explore without harming real users

10) Advanced Observations

• Hidden APIs from JavaScript parsing and dev tools
• Using Notepad++ to extract routes, tokens, and endpoints
• Common developer mistakes: exposed loaders, bad filters, wrong cookies
• How to build recon habits that scale with every program