Please, if possible, cover these advanced topics like How to bypass Drupal CMS or other secured CMS? How to bypass HARD WAF protection that stops HTML, SQL, and XSS injection payloads? Payload single-double-triple encoding using Cyber-Chef? How to find the real origin IP of secured websites behind Cloudflare, Akamai, ModSecurity, AWS CDN, etc.,? How to bypass Hard WAF using SQLMAP or Burpsuite? How to find hidden vulnerable parameters and endpoints inside the .js and .jason files? How to find hidden admin pages, cPanel pages, and WHM pages ? Please cover these important topics. Thanks
new to this channel i swear this information never see them before this what we really need as beginners thank u alot we need more videos like this if u want u can make playlist of bugs but in long videos like BAC & iDORS & Logic Bugs
Soooooo, in all these videos I'm watching, the core idea is this: if it exists in a connection on the internet, your job is to find a way to "manipulate" or even take over it, in a nutshell. So if you can't copy, you find a way to be able to for example. How doesn't matter, just make sure to alert the compay and not continue to manipulate it, the difference in good and evil? And thats all the job description really is?
Hi, thanks for your comment! Bug bounty platforms are a bit different from what you described: Bug bounty platforms connect companies with ethical hackers who look for security vulnerabilities in their systems. These hackers, often called "bug bounty hunters," are rewarded for identifying and responsibly disclosing bugs or security issues. The goal is to help companies fix vulnerabilities before malicious hackers can exploit them. But it does not always have to be a company/target in a bug bounty platform. There are programs not tied to any platform (for example, apple, google, meta). You can have a look at security.txt. It is a proposed standard for websites to provide information on their security policies and how to report security issues. It helps ethical hackers know who to contact and how to report vulnerabilities responsibly. In short, ethical hacking is about finding and reporting issues to improve security, not exploiting them. The difference between good and evil lies in the intent and actions taken after discovering a vulnerability. Tread lightly and stay ethical ;)
Hi, let me try to explain a bit further. Usually, you cannot know, which URL has a bug. Because if there were a clear indicator, the developer would also know and could fix it. Hence, we have to do testing and probing. This video talks about one specific bug class that can occur. There are many more. The bug class in this video mainly focuses on the parameters in the URL. Ideally, you would test every parameter of every URL of your target, but this can quickly become too much to test. That is why this video talks about some parameters that might be more likely to have a vulnerability. The video also talks about some tricks you can apply when you actually test a parameter and its values. As a beginner, I recommend you to learn the basics of Linux, and how the internet works (HTTP, IPs, DNS, TCP, UDP, etc.). I hope this could clarify it a bit.
It's the quickest and consice IDORS video i've ever watched on TH-cam, actually. has all the tips + has very good visuals.. Hats off 👮♀️
Thanks a lot!
I would definitely agree. Finally someone who gets right to the chase!
Keep this type of content, clear and full of info in one video..subscribed!
Thanks, will do!
Great video man. New subscriber ✌🏻
Nice tips. Straight to the point 👍 keep going
Thank you. I will. :)
bro this is the best explaination of bug bounty ever
Thanks a lot! :)
Great work - very clear and well communicated.
Clear and concise. Thanks
Welcome!
Really INFORMATIVE VDO I EVER SEEN IN JUST 8 MINUTES
Great video❤
Please, if possible, cover these advanced topics like How to bypass Drupal CMS or other secured CMS? How to bypass HARD WAF protection that stops HTML, SQL, and XSS injection payloads? Payload single-double-triple encoding using Cyber-Chef? How to find the real origin IP of secured websites behind Cloudflare, Akamai, ModSecurity, AWS CDN, etc.,? How to bypass Hard WAF using SQLMAP or Burpsuite? How to find hidden vulnerable parameters and endpoints inside the .js and .jason files? How to find hidden admin pages, cPanel pages, and WHM pages ? Please cover these important topics. Thanks
Thanks for your comment and all the suggestions. I literally just copied this into my content list. Stay tuned!
This video is pure gold
bro dropin off some very useful tips🔥🔥🔥
🔥🔥🔥
best tips video on bug hunting i have ever seen
Thank you. That means a lot. :)
new to this channel i swear this information never see them before this what we really need as beginners thank u alot we need more videos like this if u want u can make playlist of bugs but in long videos like BAC & iDORS & Logic Bugs
Thank you! I will work on it!
new to channel brother really good explain hope more videos come about IDORS & APIS & Tricks & Tips .... thank you sir !
More to come!
Amazing video! Really well done and very interesting. Would be cool if you could also make some 1h+ long deep dives on topics like this
Noted. I will look into that :)
Great Explanation
Glad you liked it
Well explained !! Thanks
clear and understanding, thanks
Glad it helped!
I just recently started studying insects... I got really excited and then really disappointed by this video 😂
The real bug hunter channel is coming soon :P
oh yea bro instasub! this is really helpful
Best video I ever watched
subscribed!!!
Good content keep it up sir 👏
Appreciated. What topic would you like to see next?
thank you
nice tips mate keep going
Thanks, will do!
THE BEST VIDEO EVER ❤
amazing explanation
Best video 👍👍👍👍
One of the most concise tutorials I've encountered ❤
its a valueable content video that you have given , please make videos on Bug bounty ,hackerone Tutorial , for your Subscriber , God bless you❤
Soooooo, in all these videos I'm watching, the core idea is this: if it exists in a connection on the internet, your job is to find a way to "manipulate" or even take over it, in a nutshell.
So if you can't copy, you find a way to be able to for example. How doesn't matter, just make sure to alert the compay and not continue to manipulate it, the difference in good and evil?
And thats all the job description really is?
Hi, thanks for your comment! Bug bounty platforms are a bit different from what you described:
Bug bounty platforms connect companies with ethical hackers who look for security vulnerabilities in their systems. These hackers, often called "bug bounty hunters," are rewarded for identifying and responsibly disclosing bugs or security issues. The goal is to help companies fix vulnerabilities before malicious hackers can exploit them.
But it does not always have to be a company/target in a bug bounty platform. There are programs not tied to any platform (for example, apple, google, meta). You can have a look at security.txt. It is a proposed standard for websites to provide information on their security policies and how to report security issues. It helps ethical hackers know who to contact and how to report vulnerabilities responsibly.
In short, ethical hacking is about finding and reporting issues to improve security, not exploiting them. The difference between good and evil lies in the intent and actions taken after discovering a vulnerability. Tread lightly and stay ethical ;)
Sir we need more really inpressive
More is on the way.
Subscribed
Appreciated
very helpful video
Glad it was helpful!
I'm a beginner. I didn't understand much of your video where what was going on. What part of the url, how do I know which url has an bug!
Hi, let me try to explain a bit further.
Usually, you cannot know, which URL has a bug. Because if there were a clear indicator, the developer would also know and could fix it. Hence, we have to do testing and probing. This video talks about one specific bug class that can occur. There are many more. The bug class in this video mainly focuses on the parameters in the URL.
Ideally, you would test every parameter of every URL of your target, but this can quickly become too much to test. That is why this video talks about some parameters that might be more likely to have a vulnerability. The video also talks about some tricks you can apply when you actually test a parameter and its values.
As a beginner, I recommend you to learn the basics of Linux, and how the internet works (HTTP, IPs, DNS, TCP, UDP, etc.). I hope this could clarify it a bit.
@@bughunterlabs yeah sure thanks ❤️❤️
WELL,
bro could you do ssrf next ?
SRRF is in the pipeline. It might not be the next one, but it is coming! Stay tuned.
Wow epic
Wow 🎉
struggling to find programs to find BAC bugs :(
Which programs have you looked into so far?
@@bughunterlabs front, frontegg,freshworks from hackerone and some others from other platform.
@@bughunterlabs front, frontegg, freshworks from hackerone and some programs from other platform
Really easy to find, means theres a billion indians finding it before you will.
Can i connect with you on twitter
Yes, go ahead