I dont understand people like you with your question honestly. Move your ass and start thinking... Learn how the app work, and learn where they store their JS files and it isnt hard to male a cron task who launch a Bash/python script to download JS files and/or inline JS and make a simple diff WTF you really need to be spoonfeed by someone and wait for a video on that???
A video recommendation:- How to argue with the triager/program of the given issue is a valid security bug or not. I've seen multiple people on twitter say that they have submitted a report and it was marked info by program/triager Same happened to me few days ago. The same issue was accepted by a self managed program, but was marked info on other
Love this! Deep dive is awesome. The methodology you teach is priceless. Also thank you for the membership only videos. Are you going to make more of them? They are really helpful. Thank you!
If you can do a video impersonating a begginer bug bounty hunter, or even better inviting one to do a demo, would be great. Just started on this journy, and would love to understand the methodology after the recon part but to keep in mind that the experince is not as high as yours. Anyways, love your content ❤ keep it up, you definetely won me as a subscdiber and soon to be a member of the channel.
I always appreciate your content. This one seemed kind of one-note though. Basically, "if you think access to an area will be too hard, you aren't trying hard enough." Great message, no doubt, but was hoping to learn something a bit... deeper. Anyway, still can't wait for next Monday's video! Keep up the awesome work.
Hey! I really appreciate the comment! A lot of times, the steps necessary to unlock these features require a lot of work. In my early days, there were a lot of programs where I didn't want to jump through the hoops to get my account set up, and later I noticed a few of my friends getting some really good bugs, because somehow they just managed to get access and were willing to spend the 2-3 hours of work. Deeper usually comes with setting up these features and populating data. The concept of going deeper isn't some magic. Is just using the app to its fullest extent and finding out what other hidden features are available, who are they available to, and do you unlock them.
@@NahamSec Super appreciate all this extra content/context! It's fun to think about knowing a target to such a high level, feels like really going 'behind enemy lines.' One thing I've been struggling with is how to organize all the recon and deep diving notes. Could be cool to hear your thoughts on keep the massive amounts of intel in order. Anyway, keep it up, you rock.
Do you ever do non-domain based hunts? I am new and sticking to just web based stuff, but I would love to see your take on other types of hunts. Thanks for the content! I think your videos are friendly and have a good vibe!
Hi Ben, I love your videos. In this vid you scrolled past a few peyloads you tried. I am trying my first bug hinting steps, could you make a video on how you find the spots that could be vulnerable and how you determine if there is a bug or there isn't one. As a newbie it is challenging to determine where to start looking for bugs and how to examine which response give you information you can go on and which responses tell you there isn't anything. Keep making these great videos and i'll keep watching! 🔥🔥
This is great sometimes I'm reading the scope of work and sometimes I get lost because there so much to read/understand and I haven't done much on my account because I don't want to accidently fall out of scope
I wished you would delve deeper into everything related to HTTP headers and their vulnerabilities: cache poisoning, smuggling, X-forwarded-for, via, and so on. They deserve thorough exploration and attention. Thanks NhamSec
Hey Ben! I think about one of your last videos (5 Best Pieces Of Advice For Bug Hunters), where you speak about hacker mindset (or critical thinking), I think that it is crucial, perhaps you have an idea of how to create a video about it. It will be great for all levels of bug hunters. Thank you for your video and inspiration, which it gives me and other nahomies.
Hello Naham, It would be helpful if there were some videos on flutter application pentesting. I would also like to know what are the industry best practices Bug Bounty Hunter use to automate the processes.
i really liked your airbnb json null encoded waf filter bypass with embed tag and json deserialized rce bring us more finding like this technique to us
NahamSec your videos like drugs to me always get notification about new video i feel so happy and get energy to hack and learn new things thank you alot
As a beginner in bug bounty from 7 month and I found 2 bug I want to be in your video to tell people what the things that is really not good in bug bounty
nope i have found more than 6 bugs last year ...As a professional programmer of Android &&Java ...what i wanna say looking for bugs become tougher than before...and What kind of skills that the video taught to you basically is something we called easy trick...99% hackers could know how to do this ..XD
Sir I my trying to get into bug bounty but I am also thinking it is better to get first any web pentesting job,, get some experience and then start bug bounty....Sir Can you give some guidance regarding my question it will help me a lot.
Can you record your process in bug hunting in any program starting from recon to exploitation then speedup the recorded video and share it after bug disclosing This will be great for accelerated learning and understanding
Hello, can you provide the link for those airbnb writeups?
buer.haus/tag/airbnb/
It would have been great to see a video on monitoring JavaScript files of an application for changes.
Yeah
Yeee. Cheers. Shalom. Namaste. :3
Yup I vote for this one
Yeah
I dont understand people like you with your question honestly. Move your ass and start thinking... Learn how the app work, and learn where they store their JS files and it isnt hard to male a cron task who launch a Bash/python script to download JS files and/or inline JS and make a simple diff WTF you really need to be spoonfeed by someone and wait for a video on that???
A video recommendation:-
How to argue with the triager/program of the given issue is a valid security bug or not.
I've seen multiple people on twitter say that they have submitted a report and it was marked info by program/triager
Same happened to me few days ago. The same issue was accepted by a self managed program, but was marked info on other
Love this! Deep dive is awesome. The methodology you teach is priceless. Also thank you for the membership only videos. Are you going to make more of them? They are really helpful. Thank you!
Yes I am! I have some cool stuff in the works for 2024! Thank you for being a member!
If you can do a video impersonating a begginer bug bounty hunter, or even better inviting one to do a demo, would be great. Just started on this journy, and would love to understand the methodology after the recon part but to keep in mind that the experince is not as high as yours.
Anyways, love your content ❤ keep it up, you definetely won me as a subscdiber and soon to be a member of the channel.
I always appreciate your content. This one seemed kind of one-note though. Basically, "if you think access to an area will be too hard, you aren't trying hard enough." Great message, no doubt, but was hoping to learn something a bit... deeper. Anyway, still can't wait for next Monday's video! Keep up the awesome work.
Hey! I really appreciate the comment! A lot of times, the steps necessary to unlock these features require a lot of work. In my early days, there were a lot of programs where I didn't want to jump through the hoops to get my account set up, and later I noticed a few of my friends getting some really good bugs, because somehow they just managed to get access and were willing to spend the 2-3 hours of work.
Deeper usually comes with setting up these features and populating data. The concept of going deeper isn't some magic. Is just using the app to its fullest extent and finding out what other hidden features are available, who are they available to, and do you unlock them.
@@NahamSec Super appreciate all this extra content/context! It's fun to think about knowing a target to such a high level, feels like really going 'behind enemy lines.' One thing I've been struggling with is how to organize all the recon and deep diving notes. Could be cool to hear your thoughts on keep the massive amounts of intel in order. Anyway, keep it up, you rock.
Do you ever do non-domain based hunts? I am new and sticking to just web based stuff, but I would love to see your take on other types of hunts. Thanks for the content! I think your videos are friendly and have a good vibe!
Hi Ben, I love your videos. In this vid you scrolled past a few peyloads you tried. I am trying my first bug hinting steps, could you make a video on how you find the spots that could be vulnerable and how you determine if there is a bug or there isn't one. As a newbie it is challenging to determine where to start looking for bugs and how to examine which response give you information you can go on and which responses tell you there isn't anything.
Keep making these great videos and i'll keep watching! 🔥🔥
Another amazing vid. It should even be a whole series on your playlist.
This is great sometimes I'm reading the scope of work and sometimes I get lost because there so much to read/understand and I haven't done much on my account because I don't want to accidently fall out of scope
As always great source of knowledge. Thank you for creating this kind of vids! Please continue doing more of these.
Thanks, will do!
I wished you would delve deeper into everything related to HTTP headers and their vulnerabilities: cache poisoning, smuggling, X-forwarded-for, via, and so on. They deserve thorough exploration and attention.
Thanks NhamSec
Hey Ben!
I think about one of your last videos (5 Best Pieces Of Advice For Bug Hunters), where you speak about hacker mindset (or critical thinking), I think that it is crucial, perhaps you have an idea of how to create a video about it. It will be great for all levels of bug hunters.
Thank you for your video and inspiration, which it gives me and other nahomies.
Thanks for the idea! Will think about this a bit more!
You're still da man Ben, Thanks :-)
Please make a video on what is your exact method to find the bug? Do you always find subdomains? Are you partially dependent on automate or not?
Hello Naham, It would be helpful if there were some videos on flutter application pentesting. I would also like to know what are the industry best practices Bug Bounty Hunter use to automate the processes.
i really liked your airbnb json null encoded waf filter bypass with embed tag and json deserialized rce bring us more finding like this technique to us
Noted!!!
So plz, can you in another video show us how you look for any type of injection that could potentially lead to you getting an RCE ?
How can i be updated in bug bounty
Hey Ben, please talk about CORS vulnerability is it a worth or useless ?
Would you recommend someone to use Virtual machines for big bounties ?
NahamSec your videos like drugs to me always get notification about new video i feel so happy and get energy to hack and learn new things thank you alot
Nahomies assemble!!!!!!
NAHOMIESSSSS
As a beginner in bug bounty from 7 month and I found 2 bug I want to be in your video to tell people what the things that is really not good in bug bounty
nope i have found more than 6 bugs last year ...As a professional programmer of Android &&Java ...what i wanna say looking for bugs become tougher than before...and What kind of skills that the video taught to you basically is something we called easy trick...99% hackers could know how to do this ..XD
Hi ben post videos on finding acquisition domains and how to use ASN to find more domains for a target..
استاد دوره باگ بانتی که آف گذاشته بودین و رایگان شده بود رو تخفیفشو دوباره نمیزارین؟
Sir I my trying to get into bug bounty but I am also thinking it is better to get first any web pentesting job,, get some experience and then start bug bounty....Sir Can you give some guidance regarding my question it will help me a lot.
Make a Deep Dive Video on CSRF Vulnerability
More Deep Dive videos :) Rockstar Games, They have changed some calls :)
Rockstar would be fun!
Airbnb is a good target because it shows how to target big programs but how about web3 programs like OKX or any crypto program
Great content Ben, Keep making this kind of videos and streams ..!! 😍🔥
And I follow your guidance and steps... Love you content ❤
Make videos on vulnerability classes but in depth and also make series on those vulnerability classes.
How do you monitor JavaScript files in the era of webpack where js file names are dynamic
thank you for the video.
Can you do another deep dive on AT&T? it would be helpful.
What should I do to be invited in vdp?
Hey, can you record one bug bounty from start to finish, please. Thanks in advance. :) Like your Videos :)
Great video
Please make a video automating testing the issues related broaken acess control using ai
Thank you for great content.
Keep it up with your great work.
Hello i want full video of bug bounty program step by step. thanks
You should create a video on monitoring javascript files and your next target should be for deep dive “uber”
Very useful as always, thanks!
Can you record your process in bug hunting in any program starting from recon to exploitation then speedup the recorded video and share it after bug disclosing
This will be great for accelerated learning and understanding
he doesnt do much recon anymore he just hacks manually
Hello, Please hunt in a public VDP or BBP programs if it's possible
please make video how to discovery vulnerabilities and recon.
Common bugs for Beginners to get first Bounty through it
very good👍👍
Manual Hunting for each Vulnerability type plsssss
WAF bypass, please. It seems like the holy grail. I'm going to be focusing on it more. Shalom. Salaam. Namaste. :3
Real-life XSS finding :)
Give some idea for creating blind xss waf free
can you make a video of cloud security
Awesome video. Can you also do video on API , Mobile Bug bounty
Make a series for OSCP/ PNPT Certs Related videos. !!! #Req From INDIA. :)
awsome! Make some videos about manual hacking
Let’s gooo!!
Can you make a video how to moniter a JS file because JS file end name changes as the code updates like main_3c34f.js, main_2r2efw.js
Do epic games next
Sql injection on a bug bounty program
do deep dive on meta
Create something for beginners 🙂
Is this not for beginners?!
more real word hacking
Communication with triagers
How to be successful as a bug bounty hunter, just like ben ;)
nice
Looking forward for videos on how to do deep and effective recon and a guide for finding manual bugs
where is the interview with a beginner but successful bug hunter ?👿👿👿😠😠
Hello, it is possible to hack a whatsapp number if I don't have access to his phone?
Try Hacking manually just using burp suite and browser bro 😂🔥🔥
Make a jailbrake for the latest firmware update on ps4!!!
Second
first again
FIRST!!
SQL injection
doing same shit from past 2 years lol.
what about LinkedIn ? It seems interesting considering that it's hard to get bugs other than BAC there :)