I received my first bounty by targeting a small, relatively unknown, sub domain connected to a large public program. It used to belong to a small company that was recently bought out by the big one so I figured it might be an “untapped resource” if you will.
It might help to force yourself to pick a program and just say "this week I am going to work on X, and I'm going to look for bug type Y and Z" like go deep
Ahaha my dissertation was on deciphering ancient languages, my wallpaper is a graphic I made for my dissertations, not Egyptian but greek! The writing system is called Linear B
You can find this in my Finding Your First Bug series or my video on Live API Hacking, both have step by step guides. To find websites to hack you register on a bug bounty platform like HackerOne, Bugcrowd, Intigriti etc, and choose a target like I'm showing on this video
I have mixed opinions, I think a few years ago XSS was great! But now there's a lot involved to finding an XSS bug and most are being found by pros with significantly more expertise in bypassing WAFs. However, other people tell me that this gives beginners a good chance to learn how javascript/hacking can work. So if you ask me XSS is dead or dying for beginners. If you ask others XSS is a good first bug still.
zeus cybersec 0: How the web works (Web application hackers handbook - free at HackerOne is great for this) 1: How to use burp (my videos + practice) 2: What bugs are out there and the signs of them (my videos) 3: How to exploit these bugs (practice on CTFs /real targets)
@@InsiderPhD thing is I am in this field for 1 year.Preparing for oscp and done many oscp like ctfs.I am more of a network guy but I love web security too.I have done dvwa and Over the wire Natas challenge.I have a good idea on advancd used of Burpsuite.What ctfs/books do you recommend for Getting good in web?Also I don't feel confident as I have given most of my time to ctfs be it network or web.Please help me Katie🙁How can I boost my confidence and what web related books/ctfs should I finish before dipping my feet into bug bounty?
I think given your experience you need to START HACKING. It’s always going to be tough but that’s eventually where you want to be so pick a bug, pick a target and just START HACKING. Will it be hard, of course! But nothing worth doing is easy!
hbbss hbbss IDORs for sure, not that technically complex, and you can just methodically test endpoints one by one. Relies more on determination than technical skills
I’m unfortunately not a great TH-camr lmao and it took me a few attempts to get the audio right, for the moment just increase the volume but in the future I have fixed this issue!
@@InsiderPhD i ran it on big speakers used earphones did eq on chrome to boost high end still was quite low. hoping to see a fix soon. thanks for resonding. #ayylmao for life.
Check out the whole series, especially Business Logic and IDORs which I think are great first bugs when you haven't got a lot of technical skills yet. You can also practice with CTFs
I received my first bounty by targeting a small, relatively unknown, sub domain connected to a large public program.
It used to belong to a small company that was recently bought out by the big one so I figured it might be an “untapped resource” if you will.
Not to be intrusive or anything but what bug did you find??? I'm also starting to get into bug bounties and trying to find a good methodology 😁😁😁
Please never stop doing these
That' what I've been expecting for weeks.. Thanks!
:D Glad you like it, I intend to do a bug bounty methdology/approach video as a follow up to this one soon
Thanks, that was really informative for me as a beginner
Really doing a great job...Loved IT ..Waiting for more to come..
Thank you so much, next video will be out tomorrow :)
It was pretty much useful. Thank you very much for your help.
Thankyou Queen for being dope, Sharing your material to my newer team members has been a beauty.
you are absolutely amazing. Really appreciate the information you putting forward.Thanks!!!
I really liked this presentation, will try to take into consideration every point
Thanks! Was informative. Keep uploading videos
an amazing video that's exactly what i was so confused about
Thank you! Now i don't roam around on h1 for 30 minutes then start a program and give up after 5 minutes lol
It might help to force yourself to pick a program and just say "this week I am going to work on X, and I'm going to look for bug type Y and Z" like go deep
@@InsiderPhD indeed!
Great job. Thank you. And by the way, are you going to hack in to the pyramid(31:58) as well?. :)
Ahaha my dissertation was on deciphering ancient languages, my wallpaper is a graphic I made for my dissertations, not Egyptian but greek! The writing system is called Linear B
Starting here and leaving this comment to check on in 12wks and hopefully already have found a a buf by then
?
So did you find one?
?
Killer video, very useful, Thanks for taking the time to do this. :)
I am speechless, thanks. it really helps.
I will watch everything content you make
you made my day. 😍😍😍😍🙏🙏🙏🙏🙏
Why does it matter
3:06 4:30
Things to consider
4:30 5:58
Subscribed just now! your videos are awesome ❤️ please keep sharing
Sounds like aussie accent 😅😅
love your content.
British :)
Nicee, thank you for posting this video. It was very helpful
You are everywhere bruh😂
@@SankizTime lol XD
@@eduardj-e8x bro, sorry! I don't have discord on this phone, so i am not able to talk to uu these days :(
@@SankizTime Oh, it's okay buddy, text me when u can.
Thank you, that’s helped me a lot
Great video! All the scrolling up and down in the last 5minutes made me a bit dizzy, but other than that great content. Thanks a lot 😂✌️
Great video ✌🏻✌🏻
Thanks for the video, very useful !
brilliant video mate.
thank you for your work!
It says 'enforces a Signal Requirement'. How I can find bug bounty programs without these requirements or how to fix them?
great video, im motivated.
Thank u that was really useful
Massive thanks 💛
Just subbed. Amazing content!
Thank you!
can u make a video on spf missing with what type of information should written in it nd proof also. plzz
Thanks so much!
It's a very helpful and interesting video. thanks
Glad it was helpful! That's very kind of you :)
hello.. if i targeted my hacker one then how i will go their website? i will just login to their website through their link they are provided there?
Thank u from Vietnam
When showing a webpage.. could you slow down a bit? The constant scrolling doesn't allow the viewer to see what you are seeing.
Thanks for the feedback, I will definitely slow down!
This was so good
Will you also be making practical video's on bug hunting?
R Y I intend to make a full bug bounty methodology/how to approach targets as a follow up to this one :)
Brilliant content
i want practical demonstration of finding bugs of any vulnerabilities step by step ? and how to find the qwebsites having the bugs or not?
You can find this in my Finding Your First Bug series or my video on Live API Hacking, both have step by step guides. To find websites to hack you register on a bug bounty platform like HackerOne, Bugcrowd, Intigriti etc, and choose a target like I'm showing on this video
Wow great one ..... very help-full
Thank you so much for sharing it,🙏💞🇳🇵
Amazing! What do you think about XSS as first Bug bounty for a Beginner ?
I have mixed opinions, I think a few years ago XSS was great! But now there's a lot involved to finding an XSS bug and most are being found by pros with significantly more expertise in bypassing WAFs. However, other people tell me that this gives beginners a good chance to learn how javascript/hacking can work. So if you ask me XSS is dead or dying for beginners. If you ask others XSS is a good first bug still.
Awesome !! Video :D K33p Posting .Thanks
What is “scope”
That’s the stuff you’re allowed to hack or not allowed, it means if you find a bug in X software they will pay a bounty :)
@@InsiderPhD thanks so much
Thought it was a tool or something
Katie pls help.What are the prior knowledge needed for bug bounties? Shoud I do vulnerable web applications?any good books
zeus cybersec
0: How the web works (Web application hackers handbook - free at HackerOne is great for this)
1: How to use burp (my videos + practice)
2: What bugs are out there and the signs of them (my videos)
3: How to exploit these bugs (practice on CTFs /real targets)
@@InsiderPhD thing is I am in this field for 1 year.Preparing for oscp and done many oscp like ctfs.I am more of a network guy but I love web security too.I have done dvwa and Over the wire Natas challenge.I have a good idea on advancd used of Burpsuite.What ctfs/books do you recommend for Getting good in web?Also I don't feel confident as I have given most of my time to ctfs be it network or web.Please help me Katie🙁How can I boost my confidence and what web related books/ctfs should I finish before dipping my feet into bug bounty?
I think given your experience you need to START HACKING. It’s always going to be tough but that’s eventually where you want to be so pick a bug, pick a target and just START HACKING. Will it be hard, of course! But nothing worth doing is easy!
@@InsiderPhD True.Thanks Katie☺️By the way can I add u on insta?I like connecting to people in the community
I don't have instagram I'm afraid! But you can follow me on twitter and @ me any time if you have questions and I will DM you :)
Excellent Video ...⭐⭐⭐ ⭐⭐
Can we use Kali Linux At live Mode ?
or we can just use Windows or MacOs ?
Use Windows or OSX if you’re more comfortable you DONT need Kali to do bug bounties!
@@InsiderPhD thank you madame Katie you are one of my heros
@@InsiderPhD please Make video when you speak about how you enter on Bug Bounty and why we can do to do what you do 🙂
perfect thanks
Can you make a course please ?
Spoilers :) by this is something I’m actively looking into less technical more how to find your first bug and get consistent :)
best "complete beginner bug"?
hbbss hbbss IDORs for sure, not that technically complex, and you can just methodically test endpoints one by one. Relies more on determination than technical skills
Sick! Thanks again for your help, love the content!!
very low audio volume. had a hard time tbh
I’m unfortunately not a great TH-camr lmao and it took me a few attempts to get the audio right, for the moment just increase the volume but in the future I have fixed this issue!
@@InsiderPhD i ran it on big speakers used earphones did eq on chrome to boost high end still was quite low. hoping to see a fix soon. thanks for resonding. #ayylmao for life.
lol i got no skills or knowledge about coding how can i do it
Check out the whole series, especially Business Logic and IDORs which I think are great first bugs when you haven't got a lot of technical skills yet. You can also practice with CTFs
thanks!
Killer video, very useful, mic sucks
Hi what is your age plz
How old are you?
Yankee with no BRIM!!
Good
Cute voice
Love your voice. so sweet. :)
Your voice is wery low please chenga your mic