Love these videos! I like how you make these techniques and things more human. Guides and other videos seem so intimidating, this is a lot more realistic for learning
Notes: Methodology: 1. figure out what an application/feature does. 2. click every button and link. (Sometimes do some fuzzing) 3. identify Interesting endpoints. The Cycle: Try exploit>Doesn't work?(if it works exploit it)>workout why>change exploit.
Thank you for this great content. It is perfect for someone like me who is beginning bug hunting, even though I have been a developer for a long time. I would like to know what your basic set up includes, such as OS, VPN, and other essentials.
My setup: I use OSX or Windows, and Burp Suite Professional (for the ability to search), discord and slack to ask for help. I don’t use anything fancy until I need to, never used Kali but I am familiar with the command line and Linux, I just prefer standard OSs
Hello ma'am, great videos. And I'm a computer science student doing BCA. Am i worthy for bug bounty? I'm learning for 2-3 months now, but I don't know what to do now, like I'm kindof blank maybe.
If it’s something you want to pursue of course you are worthy! I would say you need to think critically about what you’re learning and why. Are you learning about specific bugs? Are you then trying out CTFs? And then are you looking for those bugs in the wild? That’s the phases you should go through: 1) Learn what bugs are out there 2) Learn how to spot and exploit them 3) Practice finding those bugs. I will say that it can take a really long time to find your first bug, and don’t feel like you’re not good enough to be a bug hunter when it takes MOST people MONTHS to find their first bug.
It will come on soon, I have a day job in addition to the hacking, so in order to make sure I can make videos weekly I need to mix shorter videos every other week as a mixture between topics I know very well with those I don’t. It will come out, I’ve just written the API enumeration video today :)
I have a question I am not very good at XSS and I ignore it while doing hunting because I find it quite boring (the impact is interesting, finding them is not) Any suggestions?
I am also not a fan of XSS, I find them quite boring and the amount of bypasses you need to find and keep up to date with is meh. I recently learned how to use XSS to bypass the SOP policy on a mobile app though and that really got me excited. So my suggestions: Take a look at some really impressive XSS attacks to help you get excited for XSS again or just don't focus on it for a bit, maybe go for a deep dive into something where you don't typically find XSS like mobile or hardware hacking, upskill in something else! Personally, I just ignore XSS unless I really understand how a filter works. It took me MONTHS to find my first XSS!
@@InsiderPhD sry for troubling you are best of best the thing i want tell is most of the youtubers do there videos while pentesting vulnerable web like =owasp jucy shop but we dont understand how to use them for real life bug bounties
This is the problem I have too. CTFs suck for actually demonstrating bug bounties, no web developer in 2020 is leaving SQL injection in their work. It’s why I want to show the actual hacking process, but I don’t want to break confidentiality, I’ve had ideas but I’m not sure how to solve it yet
i think you are the best person ever if can please message to to this email because i has lot of problems please i will not trouble you promise please cyber.plauge212@gmail.com
Well done, Katie! Congratulations on the audio upgrade. :D
Really liked your view on manual stuff
Sound is...
AMAAAAZZZZZIIIINNNNGGG!!!!!
I'm so glad I sorted it, thanks for sticking with bad audio era, the future looks bright!
You really great, no one says their's methodology.
Love these videos! I like how you make these techniques and things more human. Guides and other videos seem so intimidating, this is a lot more realistic for learning
Such a clean audio, damn. Thanks for this amazing content!
Can you make live bughunting videos for better understanding on live targets??!!!!!
Cool video !
As always, nice and short video.
Glad you enjoyed it! I'm trying to make sure I get some shorter more bite sized videos out so I can continue making videos weekly!
Notes:
Methodology:
1. figure out what an application/feature does.
2. click every button and link. (Sometimes do some fuzzing)
3. identify Interesting endpoints.
The Cycle:
Try exploit>Doesn't work?(if it works exploit it)>workout why>change exploit.
Looks like we are soon getting a live stream talk... nice video and audio😅😍
Yes we are! I have all the equipment now I can't wait to live hack some stuff!
and one last question, what is endpoint and how find it or get knowledge bout it.
Awesome
Thank you for this great content. It is perfect for someone like me who is beginning bug hunting, even though I have been a developer for a long time. I would like to know what your basic set up includes, such as OS, VPN, and other essentials.
My setup: I use OSX or Windows, and Burp Suite Professional (for the ability to search), discord and slack to ask for help. I don’t use anything fancy until I need to, never used Kali but I am familiar with the command line and Linux, I just prefer standard OSs
thaaaankkkk youuuuu sooooo muuuuchhh
You r great 🥰👍👍
Love these vids, keep it up!
Hello ma'am, great videos.
And I'm a computer science student doing BCA. Am i worthy for bug bounty? I'm learning for 2-3 months now, but I don't know what to do now, like I'm kindof blank maybe.
If it’s something you want to pursue of course you are worthy! I would say you need to think critically about what you’re learning and why. Are you learning about specific bugs? Are you then trying out CTFs? And then are you looking for those bugs in the wild? That’s the phases you should go through: 1) Learn what bugs are out there 2) Learn how to spot and exploit them 3) Practice finding those bugs. I will say that it can take a really long time to find your first bug, and don’t feel like you’re not good enough to be a bug hunter when it takes MOST people MONTHS to find their first bug.
@@InsiderPhD thank you ma'am.
you're the best :)
100th like well done Katie!
🎉
How many bug you find ??
Me: a
Katie: CHAOTIC!
Thanks, this is a polite methodology
Can you complete the special course for us " How To Do Recon "
It will come on soon, I have a day job in addition to the hacking, so in order to make sure I can make videos weekly I need to mix shorter videos every other week as a mixture between topics I know very well with those I don’t. It will come out, I’ve just written the API enumeration video today :)
Thank you and I appreciate this, and I wish you luck
I have a question
I am not very good at XSS and I ignore it while doing hunting because I find it quite boring (the impact is interesting, finding them is not)
Any suggestions?
I am also not a fan of XSS, I find them quite boring and the amount of bypasses you need to find and keep up to date with is meh. I recently learned how to use XSS to bypass the SOP policy on a mobile app though and that really got me excited. So my suggestions: Take a look at some really impressive XSS attacks to help you get excited for XSS again or just don't focus on it for a bit, maybe go for a deep dive into something where you don't typically find XSS like mobile or hardware hacking, upskill in something else!
Personally, I just ignore XSS unless I really understand how a filter works. It took me MONTHS to find my first XSS!
@@InsiderPhD Thanks for the response 😊
Seriously much informative but I have a query how do I identify how the server is responding and fault in response.
You look for the response code, here's a list en.wikipedia.org/wiki/List_of_HTTP_status_codes
@@InsiderPhD thnxxx.......
Hi...how do you approach learning a new topic ? Can we get a video on that...pls
Great video idea! For sure I’ll make this :D
Great video Big fan, can you make video of your bug hunting
I'm really hoping to do this, but I am not sure how to do it without breaking disclosure policies!
@@InsiderPhD That's Ok , I know you'll find way 😊😊
madam katie can you please bring a video which is showing about real life bug bounty i mean make a video doing a real pentest for a real site
This is something I wanna do, but I'm trying to find a way that keeps everything confidential
@@InsiderPhD sry for troubling you are best of best the thing i want tell is most of the youtubers do there videos while pentesting vulnerable web like =owasp jucy shop but we dont understand how to use them for real life bug bounties
This is the problem I have too. CTFs suck for actually demonstrating bug bounties, no web developer in 2020 is leaving SQL injection in their work. It’s why I want to show the actual hacking process, but I don’t want to break confidentiality, I’ve had ideas but I’m not sure how to solve it yet
@@InsiderPhD thaq u very much you are the pentest ever message to a beginner SUCH KINDLY
i think you are the best person ever if can please message to to this email because i has lot of problems please i will not trouble you promise please cyber.plauge212@gmail.com
I love you
love from bangladeshi followers :)
I'm not here because of Bug Bounty tips, I'm here for audio engineering tips
New setup is a Audio-Technica AT2020 & Scarlet Solo interface! Plus a fancy mic stand with some acoustic foam to stop echos!
Can you make SQL injection video
I’ll add your suggestion to the coming soon pile :)
@@InsiderPhD I am waiting ♥️
Is SQL injection still worth it to look for?
why dont you add your face cam on your videos
:)