Bug Bounty Target Deep Dive

แชร์
ฝัง
  • เผยแพร่เมื่อ 28 พ.ย. 2024

ความคิดเห็น • 102

  • @shashankmudgal4581
    @shashankmudgal4581 ปีที่แล้ว +14

    Hello, can you provide the link for those airbnb writeups?

    • @NahamSec
      @NahamSec  ปีที่แล้ว +16

      buer.haus/tag/airbnb/

  • @32_jadav_akash22
    @32_jadav_akash22 ปีที่แล้ว +27

    It would have been great to see a video on monitoring JavaScript files of an application for changes.

    • @nishantdalvi9470
      @nishantdalvi9470 ปีที่แล้ว +2

      Yeah

    • @ReligionAndMaterialismDebunked
      @ReligionAndMaterialismDebunked ปีที่แล้ว +1

      Yeee. Cheers. Shalom. Namaste. :3

    • @Spiderman432
      @Spiderman432 ปีที่แล้ว +2

      Yup I vote for this one

    • @MrWick-fy6xw
      @MrWick-fy6xw ปีที่แล้ว +2

      Yeah

    • @trustedsecurity6039
      @trustedsecurity6039 ปีที่แล้ว

      I dont understand people like you with your question honestly. Move your ass and start thinking... Learn how the app work, and learn where they store their JS files and it isnt hard to male a cron task who launch a Bash/python script to download JS files and/or inline JS and make a simple diff WTF you really need to be spoonfeed by someone and wait for a video on that???

  • @shriyanssudhi4545
    @shriyanssudhi4545 ปีที่แล้ว +2

    A video recommendation:-
    How to argue with the triager/program of the given issue is a valid security bug or not.
    I've seen multiple people on twitter say that they have submitted a report and it was marked info by program/triager
    Same happened to me few days ago. The same issue was accepted by a self managed program, but was marked info on other

  • @MarkFoudy
    @MarkFoudy ปีที่แล้ว +4

    Love this! Deep dive is awesome. The methodology you teach is priceless. Also thank you for the membership only videos. Are you going to make more of them? They are really helpful. Thank you!

    • @NahamSec
      @NahamSec  ปีที่แล้ว +1

      Yes I am! I have some cool stuff in the works for 2024! Thank you for being a member!

  • @marincosmin1214
    @marincosmin1214 ปีที่แล้ว +4

    If you can do a video impersonating a begginer bug bounty hunter, or even better inviting one to do a demo, would be great. Just started on this journy, and would love to understand the methodology after the recon part but to keep in mind that the experince is not as high as yours.
    Anyways, love your content ❤ keep it up, you definetely won me as a subscdiber and soon to be a member of the channel.

  • @papafhill9126
    @papafhill9126 ปีที่แล้ว +1

    I always appreciate your content. This one seemed kind of one-note though. Basically, "if you think access to an area will be too hard, you aren't trying hard enough." Great message, no doubt, but was hoping to learn something a bit... deeper. Anyway, still can't wait for next Monday's video! Keep up the awesome work.

    • @NahamSec
      @NahamSec  ปีที่แล้ว +1

      Hey! I really appreciate the comment! A lot of times, the steps necessary to unlock these features require a lot of work. In my early days, there were a lot of programs where I didn't want to jump through the hoops to get my account set up, and later I noticed a few of my friends getting some really good bugs, because somehow they just managed to get access and were willing to spend the 2-3 hours of work.
      Deeper usually comes with setting up these features and populating data. The concept of going deeper isn't some magic. Is just using the app to its fullest extent and finding out what other hidden features are available, who are they available to, and do you unlock them.

    • @papafhill9126
      @papafhill9126 ปีที่แล้ว

      @@NahamSec Super appreciate all this extra content/context! It's fun to think about knowing a target to such a high level, feels like really going 'behind enemy lines.' One thing I've been struggling with is how to organize all the recon and deep diving notes. Could be cool to hear your thoughts on keep the massive amounts of intel in order. Anyway, keep it up, you rock.

  • @askholia
    @askholia 10 หลายเดือนก่อน

    Do you ever do non-domain based hunts? I am new and sticking to just web based stuff, but I would love to see your take on other types of hunts. Thanks for the content! I think your videos are friendly and have a good vibe!

  • @hansvanpaassen
    @hansvanpaassen ปีที่แล้ว +5

    Hi Ben, I love your videos. In this vid you scrolled past a few peyloads you tried. I am trying my first bug hinting steps, could you make a video on how you find the spots that could be vulnerable and how you determine if there is a bug or there isn't one. As a newbie it is challenging to determine where to start looking for bugs and how to examine which response give you information you can go on and which responses tell you there isn't anything.
    Keep making these great videos and i'll keep watching! 🔥🔥

  • @tedwallace5640
    @tedwallace5640 ปีที่แล้ว

    Another amazing vid. It should even be a whole series on your playlist.

  • @Death_User666
    @Death_User666 ปีที่แล้ว

    This is great sometimes I'm reading the scope of work and sometimes I get lost because there so much to read/understand and I haven't done much on my account because I don't want to accidently fall out of scope

  • @dingdongcontreras
    @dingdongcontreras ปีที่แล้ว +1

    As always great source of knowledge. Thank you for creating this kind of vids! Please continue doing more of these.

    • @NahamSec
      @NahamSec  ปีที่แล้ว

      Thanks, will do!

  • @golang1540
    @golang1540 ปีที่แล้ว +1

    I wished you would delve deeper into everything related to HTTP headers and their vulnerabilities: cache poisoning, smuggling, X-forwarded-for, via, and so on. They deserve thorough exploration and attention.
    Thanks NhamSec

  • @nikitasizov1849
    @nikitasizov1849 ปีที่แล้ว

    Hey Ben!
    I think about one of your last videos (5 Best Pieces Of Advice For Bug Hunters), where you speak about hacker mindset (or critical thinking), I think that it is crucial, perhaps you have an idea of how to create a video about it. It will be great for all levels of bug hunters.
    Thank you for your video and inspiration, which it gives me and other nahomies.

    • @NahamSec
      @NahamSec  ปีที่แล้ว

      Thanks for the idea! Will think about this a bit more!

  • @MFoster392
    @MFoster392 ปีที่แล้ว

    You're still da man Ben, Thanks :-)

  • @g20orgindia
    @g20orgindia ปีที่แล้ว

    Please make a video on what is your exact method to find the bug? Do you always find subdomains? Are you partially dependent on automate or not?

  • @shirishinherspace
    @shirishinherspace ปีที่แล้ว

    Hello Naham, It would be helpful if there were some videos on flutter application pentesting. I would also like to know what are the industry best practices Bug Bounty Hunter use to automate the processes.

  • @monKeman495
    @monKeman495 ปีที่แล้ว

    i really liked your airbnb json null encoded waf filter bypass with embed tag and json deserialized rce bring us more finding like this technique to us

  • @siyabongasealetsa8947
    @siyabongasealetsa8947 ปีที่แล้ว

    Noted!!!
    So plz, can you in another video show us how you look for any type of injection that could potentially lead to you getting an RCE ?

  • @luckyahmed2978
    @luckyahmed2978 ปีที่แล้ว +1

    How can i be updated in bug bounty

  • @cyberman6021
    @cyberman6021 ปีที่แล้ว

    Hey Ben, please talk about CORS vulnerability is it a worth or useless ?

  • @kylealexander6818
    @kylealexander6818 ปีที่แล้ว

    Would you recommend someone to use Virtual machines for big bounties ?

  • @amoh96
    @amoh96 ปีที่แล้ว

    NahamSec your videos like drugs to me always get notification about new video i feel so happy and get energy to hack and learn new things thank you alot

  • @Vant0mme
    @Vant0mme ปีที่แล้ว +2

    Nahomies assemble!!!!!!

    • @NahamSec
      @NahamSec  ปีที่แล้ว +2

      NAHOMIESSSSS

  • @ankitjha883
    @ankitjha883 ปีที่แล้ว

    As a beginner in bug bounty from 7 month and I found 2 bug I want to be in your video to tell people what the things that is really not good in bug bounty

    • @rayanna9972
      @rayanna9972 10 หลายเดือนก่อน

      nope i have found more than 6 bugs last year ...As a professional programmer of Android &&Java ...what i wanna say looking for bugs become tougher than before...and What kind of skills that the video taught to you basically is something we called easy trick...99% hackers could know how to do this ..XD

  • @gk_eth
    @gk_eth ปีที่แล้ว

    Hi ben post videos on finding acquisition domains and how to use ASN to find more domains for a target..

  • @Mo3in5233
    @Mo3in5233 ปีที่แล้ว

    استاد دوره باگ بانتی که آف گذاشته بودین و رایگان شده بود رو تخفیفشو دوباره نمیزارین؟

  • @HariHacks22
    @HariHacks22 ปีที่แล้ว +1

    Sir I my trying to get into bug bounty but I am also thinking it is better to get first any web pentesting job,, get some experience and then start bug bounty....Sir Can you give some guidance regarding my question it will help me a lot.

  • @pythonprogarmming
    @pythonprogarmming ปีที่แล้ว +1

    Make a Deep Dive Video on CSRF Vulnerability

  • @j4ck_d4niels
    @j4ck_d4niels ปีที่แล้ว +2

    More Deep Dive videos :) Rockstar Games, They have changed some calls :)

    • @NahamSec
      @NahamSec  ปีที่แล้ว +2

      Rockstar would be fun!

  • @Nowayjosedev
    @Nowayjosedev ปีที่แล้ว

    Airbnb is a good target because it shows how to target big programs but how about web3 programs like OKX or any crypto program

  • @prakhar0x01
    @prakhar0x01 ปีที่แล้ว

    Great content Ben, Keep making this kind of videos and streams ..!! 😍🔥

  • @HariHacks22
    @HariHacks22 ปีที่แล้ว

    And I follow your guidance and steps... Love you content ❤

  • @danishbhat1536
    @danishbhat1536 ปีที่แล้ว

    Make videos on vulnerability classes but in depth and also make series on those vulnerability classes.

  • @crusader_
    @crusader_ ปีที่แล้ว

    How do you monitor JavaScript files in the era of webpack where js file names are dynamic

  • @Marty_YouTuber
    @Marty_YouTuber ปีที่แล้ว

    thank you for the video.

  • @nafizimtiaz9367
    @nafizimtiaz9367 11 หลายเดือนก่อน

    Can you do another deep dive on AT&T? it would be helpful.

  • @bakeery
    @bakeery ปีที่แล้ว

    What should I do to be invited in vdp?

  • @thecoinhustlers
    @thecoinhustlers 11 หลายเดือนก่อน

    Hey, can you record one bug bounty from start to finish, please. Thanks in advance. :) Like your Videos :)

  • @cristigdv
    @cristigdv ปีที่แล้ว

    Great video

  • @Rootsha0x7
    @Rootsha0x7 ปีที่แล้ว

    Please make a video automating testing the issues related broaken acess control using ai

  • @miscellaneouszone
    @miscellaneouszone ปีที่แล้ว

    Thank you for great content.
    Keep it up with your great work.

  • @love2allhumans
    @love2allhumans 8 หลายเดือนก่อน

    Hello i want full video of bug bounty program step by step. thanks

  • @WhyDontWeMusic
    @WhyDontWeMusic ปีที่แล้ว

    You should create a video on monitoring javascript files and your next target should be for deep dive “uber”

  • @Andrei-ds8qv
    @Andrei-ds8qv ปีที่แล้ว

    Very useful as always, thanks!

  • @mostafa12979
    @mostafa12979 ปีที่แล้ว

    Can you record your process in bug hunting in any program starting from recon to exploitation then speedup the recorded video and share it after bug disclosing
    This will be great for accelerated learning and understanding

    • @ishowmonkey5918
      @ishowmonkey5918 ปีที่แล้ว +1

      he doesnt do much recon anymore he just hacks manually

  • @workwork-oz4sc
    @workwork-oz4sc ปีที่แล้ว

    Hello, Please hunt in a public VDP or BBP programs if it's possible

  • @mehdi_sf7257
    @mehdi_sf7257 ปีที่แล้ว

    please make video how to discovery vulnerabilities and recon.

  • @aftabsaifi2436
    @aftabsaifi2436 ปีที่แล้ว

    Common bugs for Beginners to get first Bounty through it

  • @علیرضااحمدی-ع8خ
    @علیرضااحمدی-ع8خ 9 หลายเดือนก่อน

    very good👍👍

  • @dublinnnn
    @dublinnnn ปีที่แล้ว

    Manual Hunting for each Vulnerability type plsssss

  • @ReligionAndMaterialismDebunked
    @ReligionAndMaterialismDebunked ปีที่แล้ว

    WAF bypass, please. It seems like the holy grail. I'm going to be focusing on it more. Shalom. Salaam. Namaste. :3

  • @mayurbrahmbhatt3806
    @mayurbrahmbhatt3806 ปีที่แล้ว

    Real-life XSS finding :)

  • @torryboy2503
    @torryboy2503 ปีที่แล้ว

    Give some idea for creating blind xss waf free

  • @CipherMahmud1311
    @CipherMahmud1311 26 วันที่ผ่านมา

    can you make a video of cloud security

  • @srisowmyanemani9638
    @srisowmyanemani9638 ปีที่แล้ว

    Awesome video. Can you also do video on API , Mobile Bug bounty

  • @_lyrics_book
    @_lyrics_book ปีที่แล้ว

    Make a series for OSCP/ PNPT Certs Related videos. !!! #Req From INDIA. :)

  • @rahmat_qurishi
    @rahmat_qurishi ปีที่แล้ว

    awsome! Make some videos about manual hacking

  • @ralphandre4438
    @ralphandre4438 ปีที่แล้ว

    Let’s gooo!!

  • @abhinavkumar8052
    @abhinavkumar8052 ปีที่แล้ว

    Can you make a video how to moniter a JS file because JS file end name changes as the code updates like main_3c34f.js, main_2r2efw.js

  • @crusader_
    @crusader_ ปีที่แล้ว

    Do epic games next

  • @HackAll-ue3sr
    @HackAll-ue3sr ปีที่แล้ว

    Sql injection on a bug bounty program

  • @saadeddine6418
    @saadeddine6418 ปีที่แล้ว

    do deep dive on meta

  • @riadhasan2276
    @riadhasan2276 ปีที่แล้ว +1

    Create something for beginners 🙂

    • @NahamSec
      @NahamSec  ปีที่แล้ว

      Is this not for beginners?!

  • @AliYar-Khan
    @AliYar-Khan ปีที่แล้ว

    more real word hacking

  • @vjxi
    @vjxi ปีที่แล้ว

    Communication with triagers

  • @pamruth6380
    @pamruth6380 ปีที่แล้ว

    How to be successful as a bug bounty hunter, just like ben ;⁠)

  • @jackcoder2103
    @jackcoder2103 ปีที่แล้ว

    nice

  • @DigitalSpark-l9g
    @DigitalSpark-l9g ปีที่แล้ว

    Looking forward for videos on how to do deep and effective recon and a guide for finding manual bugs

  • @jaredelfaz2558
    @jaredelfaz2558 ปีที่แล้ว

    where is the interview with a beginner but successful bug hunter ?👿👿👿😠😠

  • @andreeaszilagyi6865
    @andreeaszilagyi6865 ปีที่แล้ว

    Hello, it is possible to hack a whatsapp number if I don't have access to his phone?

  • @junior0x00
    @junior0x00 ปีที่แล้ว

    Try Hacking manually just using burp suite and browser bro 😂🔥🔥

  • @cazacubogdan9020
    @cazacubogdan9020 ปีที่แล้ว

    Make a jailbrake for the latest firmware update on ps4!!!

  • @clarencemulenga
    @clarencemulenga ปีที่แล้ว +1

    Second

  • @ishowmonkey5918
    @ishowmonkey5918 ปีที่แล้ว +1

    first again

  • @dencam
    @dencam ปีที่แล้ว

    SQL injection

  • @danishbhat1536
    @danishbhat1536 ปีที่แล้ว

    doing same shit from past 2 years lol.

  • @newbiejember9854
    @newbiejember9854 ปีที่แล้ว

    what about LinkedIn ? It seems interesting considering that it's hard to get bugs other than BAC there :)