This summary of the video was created by an AI. It might contain some inaccuracies.
00:00:00 – 00:11:08
The video discusses the Certified Bug Bounty Hunter (CBBH) certification offered by Hack the Box. The speaker details the comprehensive course structure which includes 20 modules focusing on core web security topics such as HTTP, web architecture, proxies, information gathering, various attacks, and bug bounty reporting. Emphasizing the mandatory completion of the entire course before attempting the exam, the speaker shares their timeline, dedicating daily hours over a couple of weeks to finish it.
They then explain the interactive assignments within the course, available via personal or provided VMs. Pricing options, including student and non-student subscriptions, are covered. The exam itself spans seven days, requiring candidates to find vulnerabilities in multiple websites and write a detailed report, with an 85-point pass requirement achieved through administrative access or remote code execution.
The process of creating this report is broken down into specifics like scope definition, vulnerability details, and an appendix of flags and methods used. The speaker shares that the report creation is straightforward, taking roughly half a day. If a candidate fails, they can retake the exam within 14 days using the same network. Exam costs and the possibility of retakes are also discussed.
Lastly, exam preparation tips are provided: exploring various network websites, leveraging course resources on Hack the Box, starting early on a weekend, and meticulously documenting the exam process to facilitate report writing. The video ends with a thank-you message and a call to action for viewers to engage with the content.
00:00:00
In this part of the video, the speaker discusses their experience with Hack the Box’s certification, the Certified Bug Bounty Hunter (CBBH). They detail the course structure, which consists of 20 modules covering various topics such as HTTP, web application architecture, web proxies, information gathering, fuzzing attacks, various injection attacks, login brute forcing, session security, web services and API attacks, WordPress hacking, and bug bounty reporting. The speaker highlights that 11 modules overlap with Hack the Box’s newer CPTS course. They also note that completing 100% of the course is mandatory before taking the exam, which they believe is unnecessary for those with prior web pen-testing experience. The speaker outlines their study timeline: starting on April 1st, 2022, and finishing on April 15th, spending around four hours daily, and more on weekends, while Hack the Box estimates the course duration to be 18 days at eight hours per day.
00:03:00
In this part of the video, the speaker discusses the interactive assignments involved in the course, where learners can use either their own machine, a virtual machine (VM), or Hack the Box’s browser-accessible Parrot OS VM to carry out taught attacks. Pricing details are mentioned, with 1410 cubes required for the Bug Bounty Hunter path. For financing, a student subscription at seven euros per month offers access to all modules, while non-students may consider a two-month Platinum subscription for 2000 cubes. The exam portion of the certification involves attacking multiple websites over seven days, finding vulnerabilities, and writing a report. A passing grade requires 85 points, with flags varying in point value, and administrative access or remote code execution needed to secure them. The exam is designed to mirror a typical web app security assessment, and the speaker, an experienced professional, shared their personal experience of completing the exam in two and a half days.
00:06:00
In this part of the video, the speaker explains the process of writing a report detailing the vulnerabilities found on websites during a pen test. They show a heavily censored version of their 21-page report, now truncated to 11 pages. Key elements of the report include defining the scope of the pen test, listing IP addresses and URLs, writing a management summary, and detailing each vulnerability with its CWE ID, CVSS score, security impact, affected hosts, remediation steps, and external references. The appendix contains all flags found and a description of the methods used. The speaker emphasizes the simplicity of creating the report, noting it took about half a day. They also discuss receiving feedback from the exam grader whether you pass or fail, with the possibility of retaking the exam using the same network within 14 days if needed. The cost of the exam voucher is 180 Euros (or 216 with VAT), and additional vouchers are required if further retakes are necessary. Finally, the speaker hints at providing some exam tips.
00:09:00
In this part of the video, the speaker provides several exam preparation tips for hacking certification exams. First, they recommend trying different websites within the network if you get stuck, as some sites may provide clues or information useful for others. Second, they suggest using the search feature on Hack The Box to find techniques taught in the course that are likely applicable in the exam, due to the same authorship. Third, starting the exam early on a Saturday is advised to make the most of uninterrupted time over the weekend. Lastly, they emphasize taking screenshots and documenting attack steps during the exam to ease the report-writing process and handle any potential exam environment resets efficiently. The segment concludes with a thank you message and a prompt to subscribe, like, and comment for further interactions.