Turning a $500 bounty into $30,000+

Come hangout with us on Discord! discordapp.com/invite/ucCz7uh
Remember my example is simplified for the sake of this video and I did have to jump through a few hoops like: a small filter bypass, CSP, and finding a legacy API endpoint in order to get my account takeover to work. The next time you find an XSS find a way to gain access to your "victim's" account without just trying to leak their current session/cookies.
P.S.: Course update is underway!

Try to make videos about SSTI and SQLi. All are finding SQLi in cookie,param and login page. I can’t understand how the SQLi works in some areas. Please make a video about SSTI and SQLi.

I would love to have you opinion on wether i as a beginner should learn one vulnerability first and look for it anywhere, or i should pick a target and learn how to look for many vulnerabilities there.

Good stuff and I can actually understand the way you explain stuff.

Thanks, your videos are really well explained. Learning with your videos is a time saver in some research’s.

How do you like the 8bitdo keyboard? I've been thinking about getting one.

I see you have hella notion notifications lol same same....hey you got any cool templates for notion or anything? Hacky things lol? Check lists? Im a sucker for a good checklist lol

I have got a stored XSS, but you need to be an admin to inject payload. Any tips on this 😕

very informative video thanks :)

Hii, Can you share the links for 5 week program? I totally lost.

Fire video bro

Thanks bro ❤

Thats a cool escalation, Thanks for the continues contribution to the community👏🙏,

Am new to this game any direction because I don't knw wey to start from and those 100+ pages books aren't helping

Please Sir make a video on Business Logic Error vulnerability

Hey, will you do an update of the course materials? If so, when? :)

Great Content ...

Information Disclosure --> It is popular and it has so many different types

Is "US Dept Of Defense" paid bug bounty program or free?

Wow sir keep it up , present

Hey Nahmsec! Hope you are well!

give us top 5 bugs finding tutorials..

Awesome 🥰

need some video on RCE on latest app

It would be great to create SSRF content

ey Naham you just got rickrolled by coffin haha

Great!!

nice one

Add some videos about SQLi , how ,where to find, how to identify and exploitation.

I would love if you could make your voice louder as it is a bit hard to hear from my side

Deep Dive RCE or SQLi

Business Logic Flaw 🤓🤓🤓🤓🤓🤓

RCE naham

IDOR

You always talk about money, and I think you are trying to attract viewers because you know that they need money. You follow the same method as financial speculation videos and stock exchanges in attracting victims. The topic of Bounty Bugs is very difficult and requires knowledge and time to learn, and not in this way that you present and simplify it in order to attract views.

Can you guys validate this is this a valid bug:
If there is a email change feature in application after login. In here by putting victim email instead of sending link to unregistered email we getting link on attacker email (base email ) is this a valid case or some case there is no verification email. We click on link and get registered?
With victim email

This dude still selling bs about big bounty come on man do your stuff and stop try to sell lies to people that wants to get a career cause you damn know very well that bug bounty unless you have another job and a lot of time do not pay shit