Practical Bug Bounty Hunting Fundamentals [Bengali Language] — Training | Knight Squad Academy

What you'll learn

This course takes you from beginner to bug bounty–ready with a clear, hands-on workflow you can use on real programs. You’ll learn how bug bounty platforms work, how to set up a proper testing environment, and the core web, networking, and Linux fundamentals needed to hunt effectively.

Across 30 total hours—including 10 hours of guided live hunting—you’ll practice the full process: reconnaissance, request analysis, using industry-standard tooling, spotting common vulnerability patterns, validating findings safely, and communicating impact. The live hunting sessions focus on methodology and decision-making (what to test, how to prioritize, and how to verify) rather than promising specific bug types. You’ll finish with the skills to choose targets confidently and write clear, professional reports that increase your chances of acceptance.

Who is it for

This course is designed for beginners and early-intermediate learners who want a structured entry into bug bounty hunting and web application security. It’s ideal for students, developers, and IT professionals with basic computer knowledge but little or no prior hacking experience, as well as security enthusiasts who want to build practical, real-world skills.

It’s also a strong fit for junior bug bounty hunters who want a clear learning path with hands-on practice, guided methodology, and support in real-world hunting and writing professional reports.

Prerequisites

Basic computer literacy and a willingness to learn are all you need. No prior bug bounty or hacking experience is required. Familiarity with basic internet usage and a general idea of how websites work is helpful, but not mandatory. Everything else—including Linux, core web technologies, and essential security concepts—is taught step by step from the ground up.

Syllabus

Module 1 : Bug Bounty Kickoff & Setup

Introduction to bug bounty
Introduction to BugBounty Platforms (HackerOne, Bugcrowd, Intigriti)
Setting Up Kali Linux

Module 2 : Web, Networking & Linux Essentials

Web & Networking Basics
Introduction to HTML & Javascript
Introduction to Linux command line interface

Module 3 : OWASP Top 10 Overview, Burp Suite & Lab Setup

Basics overview of OWASP TOP 10
Introduction to BurpSuite
Setting up LAB

Module 4 : Client-Side to Server Takeover

Cross Site Scripting (XSS)
Remote Code Execution (RCE)
Local File Inclusion (LFI)

Module 5 : Injection & Cache Poisoning Masterclass

Web cache poisoning
Server Side Template Injection (SSTI)
SQL Injection

Module 6 : API Hacking Basics

Introduction to API’s
Insecure Direct Object Reference (IDOR)
Access Control Related Vulnerabilities

Module 7 : Request Forgery Attacks & Subdomain Takeover

Cross Site Request Forgery (CSRF)
Server Side Request Forgery (SSRF)
Sub-domain Takeover

Module 8 : Auth & Token Attacks, Targeting Strategy & Hunter Setup

Authentication
Open Redirect
JWT related vulnerabilities
How to select a target
Setting up Cloud VPS for automation

Module 9 : Live Hunt I

Reconnaissance
What to do after recon
Automation

Module 10 : Live Hunt I I

Writing a report

Instructors

Saif Abdullah Khan Mahi

Networking & Offensive Security Specialist

Saif is a founding member of the Knight Squad community with a background in network engineering, hands-on web security testing, CTFs, and security research. He focuses on responsible vulnerability discovery and practical, real-world bug hunting workflows. Since 2023, he has been involved with the Yogosha Strike Force and has responsibly reported security findings to major organizations including Apple and Microsoft. He also contributes to the community by creating CTF challenges for competitions such as KnightCTF and BDSec CTF.

Ready to level up?

Join the training today or contact us to clarify anything you’re unsure about.

Enroll Contact