Total Duration
12 Weeks | 3 Months
Total Modules
12 Modules | 48 Topics
Lab Environments
Local OVA & Wolf Hosting Labs
Certification
Cyber Wolf VDP & Bug Bounty Pro
Target Audience
Security Researchers, Pentesters
Lab Type Legend:
OVA Lab – Downloadable Virtual Machine (Local)
Wolf Lab – Cyber Wolf Hosted Online Lab
OVA + Wolf – Both Available
Theory – Lecture / No Lab
Month 1 — Web Security Foundations & Reconnaissance
Week 1 — Web Application Security Fundamentals
| # |
Topic |
Description |
Duration |
Lab Type |
Lab Name |
| 1.1 |
Course Introduction & Setup |
Course overview, VDP vs Bug Bounty fundamentals, setting up Kali Linux, Burp Suite, and lab environment. |
2 hrs |
OVA Lab |
CW-Lab-01 |
| 1.2 |
HTTP/HTTPS Protocol Deep Dive |
Understanding requests, responses, headers, cookies, sessions, REST APIs, HTTP methods (GET, POST, PUT, DELETE, PATCH). |
3 hrs |
OVA + Wolf |
CW-Lab-02 |
| 1.3 |
Burp Suite Mastery |
Proxy setup, Repeater, Intruder, Scanner, Decoder, Sequencer, Extensions (Autorize, Logger++, Hackvertor). |
4 hrs |
Wolf Lab |
CW-Lab-03 |
| 1.4 |
Browser DevTools for Security |
Network tab, Storage inspector, JavaScript console, Source tab analysis for bug hunting. |
2 hrs |
Theory |
— |
Week 2 — Reconnaissance & Information Gathering
| # |
Topic |
Description |
Duration |
Lab Type |
Lab Name |
| 2.1 |
Passive Reconnaissance |
OSINT techniques, WHOIS, Google Dorks, Shodan, Censys, VirusTotal, Wayback Machine, Certificate Transparency. |
3 hrs |
OVA + Wolf |
CW-Lab-04 |
| 2.2 |
Subdomain Enumeration |
Subfinder, Amass, Assetfinder, DNSx, MassDNS, permutation tools, passive vs active enumeration strategies. |
4 hrs |
Wolf Lab |
CW-Lab-05 |
| 2.3 |
Active Reconnaissance |
Nmap scanning, port discovery, service enumeration, fingerprinting, WAF detection (wafw00f), tech detection (Wappalyzer, Whatweb). |
4 hrs |
OVA Lab |
CW-Lab-06 |
| 2.4 |
Content Discovery & Fuzzing |
Gobuster, ffuf, feroxbuster, directory/file brute-forcing, parameter discovery, custom wordlists (SecLists). |
4 hrs |
OVA + Wolf |
CW-Lab-07 |
Week 3 — OWASP Top 10 (Part 1): Injection & Access Control
| # |
Topic |
Description |
Duration |
Lab Type |
Lab Name |
| 3.1 |
SQL Injection Fundamentals |
Error-based, Union-based, Blind Boolean, Time-based Blind SQLi. Manual exploitation and SQLMap automation. |
5 hrs |
OVA + Wolf |
CW-Lab-08 |
| 3.2 |
NoSQL Injection |
MongoDB injection, operator injection ($gt, $ne, $where), authentication bypass, data exfiltration from NoSQL databases. |
3 hrs |
Wolf Lab |
CW-Lab-09 |
| 3.3 |
Broken Access Control |
IDOR (Insecure Direct Object References), horizontal & vertical privilege escalation, forced browsing, BOLA/BFLA for APIs. |
4 hrs |
OVA + Wolf |
CW-Lab-10 |
| 3.4 |
Command Injection & RCE |
OS command injection, blind command injection, RCE via various injection points, chaining vulnerabilities for maximum impact. |
4 hrs |
OVA Lab |
CW-Lab-11 |
Week 4 — OWASP Top 10 (Part 2): XSS, CSRF & Misconfigurations
| # |
Topic |
Description |
Duration |
Lab Type |
Lab Name |
| 4.1 |
Cross-Site Scripting (XSS) |
Reflected, Stored, DOM-based XSS. Filter bypass techniques, polyglots, context-based payloads, cookie stealing, keylogging. |
5 hrs |
OVA + Wolf |
CW-Lab-12 |
| 4.2 |
CSRF & Clickjacking |
Cross-Site Request Forgery attacks, token bypass, SameSite cookie abuse, Clickjacking via iframes, X-Frame-Options bypass. |
3 hrs |
Wolf Lab |
CW-Lab-13 |
| 4.3 |
Security Misconfigurations |
Exposed admin panels, default credentials, verbose errors, directory listing, cloud storage misconfigurations (S3, GCS, Azure Blob). |
4 hrs |
OVA + Wolf |
CW-Lab-14 |
| 4.4 |
Month 1 — Capture the Flag Challenge |
Hands-on CTF challenge integrating all Month 1 topics. Students hunt for multiple vulnerabilities in a simulated real-world application. |
4 hrs |
OVA + Wolf |
CW-CTF-M1 |
Month 2 — Advanced Exploitation & API Security
Week 5 — Advanced Web Vulnerabilities
| # |
Topic |
Description |
Duration |
Lab Type |
Lab Name |
| 5.1 |
Server-Side Request Forgery (SSRF) |
SSRF basics, blind SSRF, cloud metadata exploitation (AWS IMDSv1/v2, GCP, Azure), SSRF to RCE, DNS rebinding, filter bypass techniques. |
5 hrs |
OVA + Wolf |
CW-Lab-15 |
| 5.2 |
XML External Entity (XXE) |
Classic XXE, blind XXE, XXE via file uploads, SVG/DOCX injection, XXE to SSRF pivoting, OOB data exfiltration. |
4 hrs |
Wolf Lab |
CW-Lab-16 |
| 5.3 |
File Upload Vulnerabilities |
Unrestricted file upload, MIME type bypass, extension bypass, polyglot files, ImageMagick exploits, path traversal via upload. |
4 hrs |
OVA Lab |
CW-Lab-17 |
| 5.4 |
Path Traversal & LFI/RFI |
Directory traversal, Local/Remote File Inclusion, log poisoning, PHP wrappers, LFI to RCE chaining techniques. |
4 hrs |
OVA + Wolf |
CW-Lab-18 |
Week 6 — Authentication & Session Management Attacks
| # |
Topic |
Description |
Duration |
Lab Type |
Lab Name |
| 6.1 |
JWT Attacks |
JWT structure, none algorithm attack, weak secret brute-force, algorithm confusion (RS256→HS256), kid injection, JWK injection, JWT cracking with hashcat. |
5 hrs |
OVA + Wolf |
CW-Lab-19 |
| 6.2 |
OAuth 2.0 Vulnerabilities |
OAuth flow analysis, open redirect abuse, state parameter bypass, CSRF in OAuth, token leakage, account takeover via OAuth misconfig. |
5 hrs |
Wolf Lab |
CW-Lab-20 |
| 6.3 |
Session Hijacking & Fixation |
Session prediction, session fixation attacks, cookie theft via XSS, HttpOnly/Secure flags analysis, SameSite bypass. |
3 hrs |
OVA Lab |
CW-Lab-21 |
| 6.4 |
Password Reset Flaws |
Insecure reset token generation, host header injection in reset emails, token reuse, race conditions in reset flows, account takeover chains. |
4 hrs |
OVA + Wolf |
CW-Lab-22 |
Week 7 — API Security Testing
| # |
Topic |
Description |
Duration |
Lab Type |
Lab Name |
| 7.1 |
REST API Security |
API enumeration, endpoint discovery, Postman/Insomnia usage, OWASP API Top 10, mass assignment, improper asset management. |
5 hrs |
Wolf Lab |
CW-Lab-23 |
| 7.2 |
GraphQL Security Testing |
GraphQL introspection, query depth attacks, batching attacks, IDOR in GraphQL, field suggestions abuse, authorization bypass. |
4 hrs |
OVA + Wolf |
CW-Lab-24 |
| 7.3 |
BOLA & Broken Function Level Auth |
Broken Object Level Authorization (BOLA/IDOR in APIs), function-level privilege escalation, mass assignment vulnerabilities in JSON APIs. |
4 hrs |
Wolf Lab |
CW-Lab-25 |
| 7.4 |
Mobile API Interception |
Android/iOS app traffic interception, SSL pinning bypass (Frida, objection), API key extraction from APK, Jadx usage. |
4 hrs |
OVA Lab |
CW-Lab-26 |
Week 8 — Business Logic & Race Condition Attacks
| # |
Topic |
Description |
Duration |
Lab Type |
Lab Name |
| 8.1 |
Business Logic Vulnerabilities |
Price manipulation, quantity tampering, workflow bypass, coupon abuse, negative values, multi-step process exploitation. |
5 hrs |
Wolf Lab |
CW-Lab-27 |
| 8.2 |
Race Conditions & TOCTOU |
Time-of-check to time-of-use, concurrent request exploitation using Turbo Intruder, Burp Suite, race condition in payments/credits. |
4 hrs |
OVA + Wolf |
CW-Lab-28 |
| 8.3 |
HTTP Request Smuggling |
CL.TE and TE.CL smuggling, detecting via timing, exploiting to bypass security controls, cache poisoning via smuggling. |
4 hrs |
Wolf Lab |
CW-Lab-29 |
| 8.4 |
Month 2 — CTF Challenge |
Advanced CTF covering API security, JWT attacks, business logic, and SSRF. Simulate real-world private program scope. |
4 hrs |
OVA + Wolf |
CW-CTF-M2 |
Month 3 — VDP Programs, Bug Bounty Mastery & Reporting
Week 9 — Advanced Exploitation Techniques
| # |
Topic |
Description |
Duration |
Lab Type |
Lab Name |
| 9.1 |
Subdomain Takeover |
Identifying dangling DNS records, takeover via GitHub Pages, Heroku, Shopify, S3 buckets, fingerprinting vulnerable services. |
4 hrs |
OVA + Wolf |
CW-Lab-30 |
| 9.2 |
Cache Poisoning & Deception |
Web cache poisoning via unkeyed headers, cache deception attacks, CDN exploitation, Vary header abuse. |
4 hrs |
Wolf Lab |
CW-Lab-31 |
| 9.3 |
SSTI (Server-Side Template Injection) |
Identifying template engines (Jinja2, Twig, FreeMarker), SSTI to RCE payloads, sandbox escapes, filter bypass techniques. |
4 hrs |
OVA Lab |
CW-Lab-32 |
| 9.4 |
CORS Misconfiguration |
Origin reflection, null origin bypass, trust of subdomains, exploiting CORS for data exfiltration, CORS with credentials. |
3 hrs |
Wolf Lab |
CW-Lab-33 |
Week 10 — Cloud Security & Infrastructure Bugs
| # |
Topic |
Description |
Duration |
Lab Type |
Lab Name |
| 10.1 |
AWS Security Testing |
IAM misconfigurations, S3 bucket enumeration, metadata service exploitation (IMDSv1), AWS CLI abuse, Lambda security testing. |
5 hrs |
Wolf Lab |
CW-Lab-34 |
| 10.2 |
GCP & Azure Security |
Google Cloud metadata exploitation, Azure SAS token abuse, GCS bucket misconfiguration, service account key exposure. |
4 hrs |
Wolf Lab |
CW-Lab-35 |
| 10.3 |
Docker & Kubernetes Security |
Container escape techniques, privileged container abuse, exposed Docker API, K8s RBAC misconfiguration, secrets in environment variables. |
4 hrs |
OVA Lab |
CW-Lab-36 |
| 10.4 |
Exposed Services & Sensitive Data |
Exposed .git directories, .env files, API keys in JS, GitHub dorking, hardcoded credentials, sensitive data in Wayback Machine. |
3 hrs |
OVA + Wolf |
CW-Lab-37 |
Week 11 — VDP Programs & Bug Bounty Platforms
| # |
Topic |
Description |
Duration |
Lab Type |
Lab Name |
| 11.1 |
Understanding VDP Programs |
VDP vs Bug Bounty differences, responsible disclosure ethics, safe harbor clauses, CVE process, coordinated disclosure timelines. |
3 hrs |
Theory |
— |
| 11.2 |
HackerOne & Bugcrowd Platforms |
Platform navigation, selecting programs, reading scope carefully, program policies, triage process, reputation building, Hall of Fame. |
3 hrs |
Wolf Lab |
CW-Lab-38 |
| 11.3 |
Intigriti, Synack & Private Programs |
EU platform usage, invitation-only programs, managed platforms, getting into private programs, building reputation on public programs. |
3 hrs |
Theory |
— |
| 11.4 |
Bug Bounty Methodology & Automation |
Building recon automation pipelines (Nuclei, httpx, gau, waybackurls), mass scanning responsibly, alerting systems, continuous monitoring. |
5 hrs |
OVA + Wolf |
CW-Lab-39 |
Week 12 — Report Writing, Impact Analysis & Final Assessment
| # |
Topic |
Description |
Duration |
Lab Type |
Lab Name |
| 12.1 |
Vulnerability Report Writing |
Writing high-quality bug reports, CVSS scoring (v3.1), impact analysis, PoC (Proof of Concept) crafting, reproducible steps, screenshots & videos. |
4 hrs |
Theory |
— |
| 12.2 |
Chaining Vulnerabilities for High Impact |
Combining low/medium bugs into critical chains: XSS + CSRF + IDOR, SSRF + CORS + auth bypass, escalating severity through chaining. |
5 hrs |
OVA + Wolf |
CW-Lab-40 |
| 12.3 |
Legal & Ethical Boundaries |
Staying within scope, legal protections for researchers, Computer Fraud and Abuse Act (CFAA), GDPR implications, handling sensitive data found. |
2 hrs |
Theory |
— |
| 12.4 |
Final Capstone CTF & Assessment |
Full-scope simulated Bug Bounty program with 10+ hidden vulnerabilities. Report submission, triage simulation, and Cyber Wolf certification exam. |
6 hrs |
OVA + Wolf |
CW-CTF-FINAL |
Lab Environments
Available Lab Environments
Local OVA Labs (Downloadable)
- Format: .OVA Virtual Machine (VirtualBox / VMware)
- OS: Kali Linux Attacker VM + Vulnerable Target VMs
- Offline Access: Fully functional without internet
- Included Apps: DVWA, WebGoat, Juice Shop, VulnHub machines, custom Cyber Wolf targets
- RAM Required: Minimum 8 GB (16 GB recommended)
- Storage: ~15 GB per lab set
- Distribution: Downloadable via course portal
- Support: Setup guide + video walkthrough included
Wolf Hosting Labs (Cloud-Based)
- Format: Browser-accessible cloud lab environment
- Access: No installation required — runs in browser
- Infrastructure: Hosted on Cyber Wolf secure servers
- Availability: 24/7 access during course duration
- Features: Pre-configured attack + target environments
- Tools Included: Burp Suite, Nmap, ffuf, Nuclei, SQLMap, Metasploit
- Reset Anytime: One-click lab reset functionality
- Support: Live lab assistant + Discord community
Lab Summary by Module
| Month |
Week |
Lab ID |
Lab Name |
Type |
Vulnerability Focus |
| Month 1 | Week 1 | CW-Lab-01 | Environment Setup Lab | OVA Lab | Kali Linux, Burp Suite, VM setup |
| Month 1 | Week 1 | CW-Lab-02 | HTTP Protocol Lab | OVA + Wolf | HTTP methods, headers, cookies |
| Month 1 | Week 1 | CW-Lab-03 | Burp Suite Mastery Lab | Wolf Lab | Proxy, Intruder, Repeater |
| Month 1 | Week 2 | CW-Lab-04 | OSINT & Passive Recon Lab | OVA + Wolf | Google Dorks, Shodan, WHOIS |
| Month 1 | Week 2 | CW-Lab-05 | Subdomain Enum Lab | Wolf Lab | Subfinder, Amass, DNSx |
| Month 1 | Week 2 | CW-Lab-06 | Active Recon Lab | OVA Lab | Nmap, Whatweb, wafw00f |
| Month 1 | Week 2 | CW-Lab-07 | Content Discovery Lab | OVA + Wolf | ffuf, Gobuster, SecLists |
| Month 1 | Week 3 | CW-Lab-08 | SQL Injection Lab | OVA + Wolf | Error, Union, Blind, Time-based SQLi |
| Month 1 | Week 3 | CW-Lab-09 | NoSQL Injection Lab | Wolf Lab | MongoDB, operator injection |
| Month 1 | Week 3 | CW-Lab-10 | IDOR & Access Control Lab | OVA + Wolf | Broken Access Control, IDOR |
| Month 1 | Week 3 | CW-Lab-11 | Command Injection Lab | OVA Lab | OS Command Injection, RCE |
| Month 1 | Week 4 | CW-Lab-12 | XSS Lab | OVA + Wolf | Reflected, Stored, DOM XSS |
| Month 1 | Week 4 | CW-Lab-13 | CSRF & Clickjacking Lab | Wolf Lab | CSRF bypass, iframe attacks |
| Month 1 | Week 4 | CW-Lab-14 | Misconfiguration Lab | OVA + Wolf | Admin panels, S3 buckets |
| Month 1 | Week 4 | CW-CTF-M1 | Month 1 CTF Challenge | OVA + Wolf | All Month 1 Topics |
| Month 2 | Week 5 | CW-Lab-15 | SSRF Lab | OVA + Wolf | SSRF, Cloud Metadata, Blind SSRF |
| Month 2 | Week 5 | CW-Lab-16 | XXE Injection Lab | Wolf Lab | XXE, OOB, SVG injection |
| Month 2 | Week 5 | CW-Lab-17 | File Upload Lab | OVA Lab | Unrestricted upload, polyglot |
| Month 2 | Week 5 | CW-Lab-18 | LFI/RFI & Path Traversal Lab | OVA + Wolf | LFI to RCE, PHP wrappers |
| Month 2 | Week 6 | CW-Lab-19 | JWT Attacks Lab | OVA + Wolf | None alg, alg confusion, weak secret |
| Month 2 | Week 6 | CW-Lab-20 | OAuth 2.0 Lab | Wolf Lab | OAuth misconfig, ATO |
| Month 2 | Week 6 | CW-Lab-21 | Session Hijacking Lab | OVA Lab | Session fixation, cookie theft |
| Month 2 | Week 6 | CW-Lab-22 | Password Reset Flaws Lab | OVA + Wolf | Host header injection, token reuse |
| Month 2 | Week 7 | CW-Lab-23 | REST API Security Lab | Wolf Lab | OWASP API Top 10 |
| Month 2 | Week 7 | CW-Lab-24 | GraphQL Security Lab | OVA + Wolf | Introspection, query attacks |
| Month 2 | Week 7 | CW-Lab-25 | BOLA & API Auth Lab | Wolf Lab | BOLA, function-level auth |
| Month 2 | Week 7 | CW-Lab-26 | Mobile API Lab | OVA Lab | SSL pinning bypass, APK analysis |
| Month 2 | Week 8 | CW-Lab-27 | Business Logic Lab | Wolf Lab | Price manipulation, workflow bypass |
| Month 2 | Week 8 | CW-Lab-28 | Race Conditions Lab | OVA + Wolf | Turbo Intruder, TOCTOU |
| Month 2 | Week 8 | CW-Lab-29 | HTTP Smuggling Lab | Wolf Lab | CL.TE, TE.CL smuggling |
| Month 2 | Week 8 | CW-CTF-M2 | Month 2 CTF Challenge | OVA + Wolf | All Month 2 Topics |
| Month 3 | Week 9 | CW-Lab-30 | Subdomain Takeover Lab | OVA + Wolf | DNS takeover, dangling records |
| Month 3 | Week 9 | CW-Lab-31 | Cache Poisoning Lab | Wolf Lab | Unkeyed headers, CDN abuse |
| Month 3 | Week 9 | CW-Lab-32 | SSTI Lab | OVA Lab | Jinja2, Twig SSTI to RCE |
| Month 3 | Week 9 | CW-Lab-33 | CORS Lab | Wolf Lab | Origin reflection, null bypass |
| Month 3 | Week 10 | CW-Lab-34 | AWS Security Lab | Wolf Lab | IAM, S3, Lambda security |
| Month 3 | Week 10 | CW-Lab-35 | GCP & Azure Lab | Wolf Lab | Cloud metadata, SAS token abuse |
| Month 3 | Week 10 | CW-Lab-36 | Docker & K8s Lab | OVA Lab | Container escape, RBAC misconfig |
| Month 3 | Week 10 | CW-Lab-37 | Sensitive Data Exposure Lab | OVA + Wolf | .git, .env, API keys, GitHub dorking |
| Month 3 | Week 11 | CW-Lab-38 | Bug Bounty Platforms Lab | Wolf Lab | HackerOne, Bugcrowd navigation |
| Month 3 | Week 11 | CW-Lab-39 | Automation Pipeline Lab | OVA + Wolf | Nuclei, httpx, gau, mass scanning |
| Month 3 | Week 12 | CW-Lab-40 | Vuln Chaining Lab | OVA + Wolf | XSS + CSRF + IDOR chains |
| Month 3 | Week 12 | CW-CTF-FINAL | Final Capstone CTF | OVA + Wolf | All Topics — Certification Exam |
Tools & Resources Covered
Certification & Assessment
| Assessment |
Type |
Weight |
Description |
| Month 1 CTF |
Practical |
20% |
Capture the Flag — Web security basics, OWASP Top 10 challenges |
| Month 2 CTF |
Practical |
25% |
Advanced exploitation — API, JWT, business logic, smuggling |
| Bug Report Assignment |
Written |
20% |
Write a professional vulnerability report with PoC for a given finding |
| Final Capstone CTF |
Practical |
25% |
Full-scope simulated Bug Bounty program with 10+ hidden vulnerabilities |
| Theory Quiz |
MCQ/Short Answer |
10% |
Online quiz covering VDP concepts, legal ethics, CVSS scoring, platform rules |
Cyber Wolf Certification:
Upon passing (70%+ score), students receive the Cyber Wolf — Certified VDP & Bug Bounty Professional (CW-CVBBP) digital certificate, verifiable on the Cyber Wolf portal at www.cyberwolf.pro.