Bug Bounty Target Deep Dive

Hello, can you provide the link for those airbnb writeups?

It would have been great to see a video on monitoring JavaScript files of an application for changes.

A video recommendation:-
How to argue with the triager/program of the given issue is a valid security bug or not.
I've seen multiple people on twitter say that they have submitted a report and it was marked info by program/triager
Same happened to me few days ago. The same issue was accepted by a self managed program, but was marked info on other

If you can do a video impersonating a begginer bug bounty hunter, or even better inviting one to do a demo, would be great. Just started on this journy, and would love to understand the methodology after the recon part but to keep in mind that the experince is not as high as yours.
Anyways, love your content ❤ keep it up, you definetely won me as a subscdiber and soon to be a member of the channel.

Love this! Deep dive is awesome. The methodology you teach is priceless. Also thank you for the membership only videos. Are you going to make more of them? They are really helpful. Thank you!

Another amazing vid. It should even be a whole series on your playlist.

This is great sometimes I'm reading the scope of work and sometimes I get lost because there so much to read/understand and I haven't done much on my account because I don't want to accidently fall out of scope

Great content Ben, Keep making this kind of videos and streams ..!! 😍🔥

Hi Ben, nice content! with this video i realise that i'm using the network tab very rare, thanks for the tip!

As always great source of knowledge. Thank you for creating this kind of vids! Please continue doing more of these.

I wished you would delve deeper into everything related to HTTP headers and their vulnerabilities: cache poisoning, smuggling, X-forwarded-for, via, and so on. They deserve thorough exploration and attention.
Thanks NhamSec

Do you ever do non-domain based hunts? I am new and sticking to just web based stuff, but I would love to see your take on other types of hunts. Thanks for the content! I think your videos are friendly and have a good vibe!

Thank you for great content.
Keep it up with your great work.

And I follow your guidance and steps... Love you content ❤

Hi Ben, I love your videos. In this vid you scrolled past a few peyloads you tried. I am trying my first bug hinting steps, could you make a video on how you find the spots that could be vulnerable and how you determine if there is a bug or there isn't one. As a newbie it is challenging to determine where to start looking for bugs and how to examine which response give you information you can go on and which responses tell you there isn't anything.
Keep making these great videos and i'll keep watching! 🔥🔥

Very useful as always, thanks!

thank you for the video.

Hey Ben!
I think about one of your last videos (5 Best Pieces Of Advice For Bug Hunters), where you speak about hacker mindset (or critical thinking), I think that it is crucial, perhaps you have an idea of how to create a video about it. It will be great for all levels of bug hunters.
Thank you for your video and inspiration, which it gives me and other nahomies.

I always appreciate your content. This one seemed kind of one-note though. Basically, "if you think access to an area will be too hard, you aren't trying hard enough." Great message, no doubt, but was hoping to learn something a bit... deeper. Anyway, still can't wait for next Monday's video! Keep up the awesome work.

Hello Naham, It would be helpful if there were some videos on flutter application pentesting. I would also like to know what are the industry best practices Bug Bounty Hunter use to automate the processes.

Great video

i really liked your airbnb json null encoded waf filter bypass with embed tag and json deserialized rce bring us more finding like this technique to us

Please make a video on what is your exact method to find the bug? Do you always find subdomains? Are you partially dependent on automate or not?

You're still da man Ben, Thanks :-)

Noted!!!
So plz, can you in another video show us how you look for any type of injection that could potentially lead to you getting an RCE ?

Hi ben post videos on finding acquisition domains and how to use ASN to find more domains for a target..

Make videos on vulnerability classes but in depth and also make series on those vulnerability classes.

As a beginner in bug bounty from 7 month and I found 2 bug I want to be in your video to tell people what the things that is really not good in bug bounty

Let’s gooo!!

How do you monitor JavaScript files in the era of webpack where js file names are dynamic

very good👍👍

awsome! Make some videos about manual hacking

Nahomies assemble!!!!!!

Please make a video automating testing the issues related broaken acess control using ai

Make a Deep Dive Video on CSRF Vulnerability

Awesome video. Can you also do video on API , Mobile Bug bounty

More Deep Dive videos :) Rockstar Games, They have changed some calls :)

Can you do another deep dive on AT&T? it would be helpful.

Hey Ben, please talk about CORS vulnerability is it a worth or useless ?

You should create a video on monitoring javascript files and your next target should be for deep dive “uber”

Hey, can you record one bug bounty from start to finish, please. Thanks in advance. :) Like your Videos :)

How can i be updated in bug bounty

Would you recommend someone to use Virtual machines for big bounties ?

Sir I my trying to get into bug bounty but I am also thinking it is better to get first any web pentesting job,, get some experience and then start bug bounty....Sir Can you give some guidance regarding my question it will help me a lot.

What should I do to be invited in vdp?

Real-life XSS finding :)

Manual Hunting for each Vulnerability type plsssss

please make video how to discovery vulnerabilities and recon.

Hello, Please hunt in a public VDP or BBP programs if it's possible

Airbnb is a good target because it shows how to target big programs but how about web3 programs like OKX or any crypto program

Give some idea for creating blind xss waf free

NahamSec your videos like drugs to me always get notification about new video i feel so happy and get energy to hack and learn new things thank you alot

Hello i want full video of bug bounty program step by step. thanks

Can you make a video how to moniter a JS file because JS file end name changes as the code updates like main_3c34f.js, main_2r2efw.js

Can you record your process in bug hunting in any program starting from recon to exploitation then speedup the recorded video and share it after bug disclosing
This will be great for accelerated learning and understanding

nice

WAF bypass, please. It seems like the holy grail. I'm going to be focusing on it more. Shalom. Salaam. Namaste. :3

Common bugs for Beginners to get first Bounty through it

Make a series for OSCP/ PNPT Certs Related videos. !!! #Req From INDIA. :)

استاد دوره باگ بانتی که آف گذاشته بودین و رایگان شده بود رو تخفیفشو دوباره نمیزارین؟

do deep dive on meta

Sql injection on a bug bounty program

Do epic games next

How to be successful as a bug bounty hunter, just like ben ;⁠)

Second

Communication with triagers

more real word hacking

first again

Looking forward for videos on how to do deep and effective recon and a guide for finding manual bugs

Create something for beginners 🙂

Try Hacking manually just using burp suite and browser bro 😂🔥🔥

doing same shit from past 2 years lol.

where is the interview with a beginner but successful bug hunter ?👿👿👿😠😠

SQL injection

Hello, it is possible to hack a whatsapp number if I don't have access to his phone?

Make a jailbrake for the latest firmware update on ps4!!!

what about LinkedIn ? It seems interesting considering that it's hard to get bugs other than BAC there :)