#NahamCon2024
ฝัง
- เผยแพร่เมื่อ 30 ก.ย. 2024
- LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍
There's a lot of hype around AI at the moment. Join Jason Haddix (@jhaddix) as he cuts through all the BS to show you 5 practical ways to use AI to supercharge your bounty hunting RIGHT NOW. Jason will cover AI for Recon, JavaScript analysis, Vulnerabilty Discovery, Payload Generation, and Reporting.
📚 If you want to learn bug bounty hunting from me: bugbounty.nahamsec.training
💻 If you want to practice soem of my free labs and challenges: app.hacking.hub.io
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces - amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs - amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I'd Do this - • If I Started Bug Bount...
2023 How to Bug Bounty - • How to Bug Bounty in 2023
Bug Bounty Hunting Full Time - youtu.be/watch...
Hacking An Online Casino - youtu.be/watch...
WebApp Pentesting/Hacking Roadmap - youtu.be/watch...
MY OTHER SOCIALS:
🌍 My website - www.nahamsec.com/
👨💻 My free labs - app.hackinghub...
🐦 Twitter - / nahamsec
📸 Instagram - / nahamsec
👨💻 Linkedin - / nahamsec
WHO AM I?
If we haven't met before, hey 👋! I'm Ben, most people online know me online as NahamSec. I'm a hacker turned content creator. Through my videos on this channel, I share my experience as a top hacker and bug bounty hunter to help you become a better and more efficient hacker.
FYI: Some of the links I have in the description are affiliate links that I get a a percentage from.
Reconnaissance and Asset Discovery:
[00:01:16] Discusses the importance of reconnaissance in bug bounty hunting, particularly finding assets to attack within the scope of a bounty.
Application Analysis:
[00:01:37] Covers the application analysis phase, where the application is broken down to understand it deeply and find potential attack vectors.
Exploitation:
[00:01:51] Talks about the exploitation phase, which is similar to any red team practitioner’s work, such as penetration testing.
Reporting Vulnerabilities:
[00:01:59] Explains the process of reporting vulnerabilities to the client and the importance of taking care of one’s tools.
AI Methodology:
[00:02:35] Introduces an abbreviated AI methodology necessary for setting up AI for various tasks, not just hacking.
Model Choice:
[00:03:07] Discusses the need to choose an appropriate model for AI tasks, highlighting the strengths and limitations of different models.
RAG and System Prompting:
[00:04:46] Describes the choice between using retrieval augmented generation (RAG) or system prompting to build AI helpers.
Agents:
[00:05:27] Talks about the concept of agents in AI, which are defined as small minibots that perform specific tasks.
Temperature Control:
[00:06:10] Explains the concept of temperature in AI, which controls the level of creativity of the AI bots.
Context and Prompting:
[00:06:49] Emphasizes the importance of providing context to AI bots to make them smarter and more effective.
Prompting Framework:
[00:09:11] Discusses the prompting skill and the use of a framework to improve interactions with AI models.
Building Prompts:
[00:10:31] Provides insights into building effective system prompts for AI bots to enhance their performance.
Subdomain Discovery:
[00:15:47] Introduces a bot called Subdomain Ninja, which helps in finding subdomains by building permutations.
Acquisition Research:
[00:17:19] Describes a bot designed to find acquisitions during the reconnaissance phase of bug bounty hunting.
Application Code Analysis:
[00:20:39] Talks about using AI to analyze application code and identify potential vulnerabilities.
Vulnerability Checks:
[00:33:39] Discusses how AI can be used to build quick vulnerability checks and automate parts of the bug hunting process.
Cool to hear Jason validating some of my suspicions. I tried making a “custom GPT” with a bunch of math texts & Knuth’s AoCP series uploaded into it. That seemed to make it much more effective as a learning tool for more advanced/technical topics. Its a difficult thing to quantify, but I can say that the custom model had no issue counting the ‘r’s in ‘strawberry’
I loved this talk, Ben. Thanks for having him on!
lol! I am the AI bot operating at 40%
Jhaddix is the best
thank you for the upload! :)
:)
🧘🏿♂️
You're dope man!
niceeee 🎉🎉🎉
Sup Bee?
Wow
Nice
jhaddix FTW!