Turning a $500 bounty into $30,000+
ฝัง
- เผยแพร่เมื่อ 21 เม.ย. 2024
- 📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
www.buymeacoffee.com/nahamsec
JOIN DISCORD:
discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 $200 DigitalOcean Credit:
m.do.co/c/3236319b9d0b
💬 Social Media
- / nahamsec
- / nahamsec
- twitch.com/nahamsec
- / nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
Come hangout with us on Discord! discordapp.com/invite/ucCz7uh
Remember my example is simplified for the sake of this video and I did have to jump through a few hoops like: a small filter bypass, CSP, and finding a legacy API endpoint in order to get my account takeover to work. The next time you find an XSS find a way to gain access to your "victim's" account without just trying to leak their current session/cookies.
P.S.: Course update is underway!
Hi,thanx for the great channel.i am new to hackerone,i have a question,i have a server mis config bug,but dont know under what to report it as there is no description for it under reports.please help?
Try to make videos about SSTI and SQLi. All are finding SQLi in cookie,param and login page. I can’t understand how the SQLi works in some areas. Please make a video about SSTI and SQLi.
Yes really needed that @NahamSec
I would love to have you opinion on wether i as a beginner should learn one vulnerability first and look for it anywhere, or i should pick a target and learn how to look for many vulnerabilities there.
Good stuff and I can actually understand the way you explain stuff.
Thanks, your videos are really well explained. Learning with your videos is a time saver in some research’s.
Thanks for watching
How do you like the 8bitdo keyboard? I've been thinking about getting one.
I see you have hella notion notifications lol same same....hey you got any cool templates for notion or anything? Hacky things lol? Check lists? Im a sucker for a good checklist lol
I have got a stored XSS, but you need to be an admin to inject payload. Any tips on this 😕
very informative video thanks :)
Hii, Can you share the links for 5 week program? I totally lost.
Fire video bro
Thanks bro ❤
Thats a cool escalation, Thanks for the continues contribution to the community👏🙏,
Thanks for watching!
Am new to this game any direction because I don't knw wey to start from and those 100+ pages books aren't helping
Please Sir make a video on Business Logic Error vulnerability
Hey, will you do an update of the course materials? If so, when? :)
Very soon! There will be multiple updates. I have finished recording update 1.
@@NahamSec Thanks a lot! Can we help in any way? :)
Great Content ...
Information Disclosure --> It is popular and it has so many different types
Is "US Dept Of Defense" paid bug bounty program or free?
Wow sir keep it up , present
Hey Nahmsec! Hope you are well!
Hi 👋🏽
give us top 5 bugs finding tutorials..
Awesome 🥰
need some video on RCE on latest app
It would be great to create SSRF content
ey Naham you just got rickrolled by coffin haha
Great!!
nice one
Add some videos about SQLi , how ,where to find, how to identify and exploitation.
I would love if you could make your voice louder as it is a bit hard to hear from my side
Will take a look at audio settings! Thanks for flagging!
Deep Dive RCE or SQLi
Business Logic Flaw 🤓🤓🤓🤓🤓🤓
RCE naham
IDOR
You always talk about money, and I think you are trying to attract viewers because you know that they need money. You follow the same method as financial speculation videos and stock exchanges in attracting victims. The topic of Bounty Bugs is very difficult and requires knowledge and time to learn, and not in this way that you present and simplify it in order to attract views.
Can you guys validate this is this a valid bug:
If there is a email change feature in application after login. In here by putting victim email instead of sending link to unregistered email we getting link on attacker email (base email ) is this a valid case or some case there is no verification email. We click on link and get registered?
With victim email
It's not a valid bug
This dude still selling bs about big bounty come on man do your stuff and stop try to sell lies to people that wants to get a career cause you damn know very well that bug bounty unless you have another job and a lot of time do not pay shit