I was very skeptical before I started watching your videos and now after 3 videos I have become a huge fan of yours, I love your sincerity and openness to Sec's topic! Thank you so much, if it wasn't for you I wouldn't have found that bounty yesterday (business logic - payment bypass)! Everything you say is true, each of us has a different mentality and this leads us to find different bugs! Honestly I prefer you to all the others Sec's youtubers. Thank you so much.
Omg! Congrats on finding a business logic error! They are some of my favourite bugs! Thank you for your kind comments it really brightens my day to read them, thank you for taking the time to not just watch my videos but also to write a comment! I hope my future videos will keep you coming back
This was great, thank you! I stopped hunting after just a month or so because I was highly discouraged. Now I have multiple avenues to try out. It was inspiring to hear about your experiences going up against pros and finding things they did not. So glad I found you from the 5 Hacking Newsletter :-)
Aww thank you, I know it can really feel like everything has already been found but honestly there are definitely options, the h1 report showed that 71% of hackers prefer to hack web, so even just thinking about mobile or APIs (or code or physical devices) I think there are definitely some good bugs in that 29%
Wow. Thanks for this video. Im one of those people who thinks all the bugs are gone because most of my submissions are duplicates. After listening to you, i was inspired to do bug hunting again. Hope i can find my 1st valid submission.
I hope you can find something but don't be too disappointed if you find dupes, dupes are still valid bugs! It sucks that you don't get paid but as a beginner finding a dupe is an achievement! You found something!!! Just keep on doing what you do :)
So not on TH-cam but I highly recommend Dawn Isabel (her talk is the one I recommend), Spaceraccon has some EXCELLENT newbie resources, and Teknogeek is the king of mobile. I recommend learning how to use Frida because once you learn that you are honestly right at the top of iOS bounty hunters
Can u make a video for source code bug bounty I cant find resource for beginner on source code analys I love reading codes and I wanna do this on bug bounty programs but there is no resource about source code bug bounty as much as web/mobile. This would be so good
About the pyramid of hunters' niche, you've mentioned web and mobile. Do you think that source code review and binary exploitation is also a niche with less competition? I know that there is different skills you need, but that could be easier for example if someone is new to bug bounty and is a C/C++ developer. Awesome video btw, you're doing an awesome work!! Thank you"
Definitely! I mention mobile because it's easiest for beginners to learn but with the right experience code review+binary is definitely worth learning. I met someone at a recent h1 live event who had earned his place at the event, but had never ever used burp before, the guy was a pro at code review and a bloody genius. In fact one of the challenges involved an extra bounty if you also submitted a fix, he was able to find bugs in other hackers fixes. Honestly incredible.
Wojciech Błaszczuk twitter.com/not_aardvark I highly recommend this article on this crazy complex vulnerability blog.teddykatz.com/2019/11/23/json-padding-oracles.html
Hi katie, If the endpoint do works with the cookie by changing the cookie of UserB, (this cookie has lots of variables but just chaning PHPSESSIONID of UserB works) is it consider a IDOR? I mean i haven't decipher the PHPSSESIONID but just changing it to a valid one will make the action as correct. Should I report it? is is a low finding???
If you have an endpoint which does something for User A, like change their email, and you replace the cookies with User B's and it still affects User A's account that's definitely a bug!
The way you select the program, I do the same too. It is great some teaching my mindset and help everyone. Beginners like me keep on asking me this question. Hope, they will get some nice idea after watching this. Great Work @insiderPhD
Are there other sites like bug crowd or hacker one just for mobile bounties? I know both bugcrowd and h1 have mobile bounties but, a source for just mobile would be a huge time saver.
![일상 속 기분 좋음 [Proto disco meme]](http://i.ytimg.com/vi/DwmEIaZ7XGQ/mqdefault.jpg)
Excellent strategic advice, Insider!
Damn! You've got a solution to every problem. So simple yet so effective. Thanks for this Katie!😊
I was very skeptical before I started watching your videos and now after 3 videos I have become a huge fan of yours, I love your sincerity and openness to Sec's topic! Thank you so much, if it wasn't for you I wouldn't have found that bounty yesterday (business logic - payment bypass)! Everything you say is true, each of us has a different mentality and this leads us to find different bugs! Honestly I prefer you to all the others Sec's youtubers. Thank you so much.
Omg! Congrats on finding a business logic error! They are some of my favourite bugs! Thank you for your kind comments it really brightens my day to read them, thank you for taking the time to not just watch my videos but also to write a comment! I hope my future videos will keep you coming back
This video is filled with awesomeness! Thank you very much
This was great, thank you! I stopped hunting after just a month or so because I was highly discouraged. Now I have multiple avenues to try out. It was inspiring to hear about your experiences going up against pros and finding things they did not. So glad I found you from the 5 Hacking Newsletter :-)
Aww thank you, I know it can really feel like everything has already been found but honestly there are definitely options, the h1 report showed that 71% of hackers prefer to hack web, so even just thinking about mobile or APIs (or code or physical devices) I think there are definitely some good bugs in that 29%
Wow. Thanks for this video. Im one of those people who thinks all the bugs are gone because most of my submissions are duplicates. After listening to you, i was inspired to do bug hunting again. Hope i can find my 1st valid submission.
I hope you can find something but don't be too disappointed if you find dupes, dupes are still valid bugs! It sucks that you don't get paid but as a beginner finding a dupe is an achievement! You found something!!! Just keep on doing what you do :)
a very motivational clip, thank you!
hey thanks for the video, subscribed..pls do more thanks Katie...
This video was 15 minutes but I was like. Damn it's already over I didn't feel time past by.
Awesome video considering realistic scenario ! Great 🤟
Thank you! 👍
One Word for this video "GREAT"
"
All the bugs are all gone...no they are not"....nice dating advice :) love this thanks
Plenty of fis- I mean bugs in the ocean of lazy developers
@@InsiderPhD of wut ? :D
o7
How are you, do you think studying from sans will be helpful for me(still beginner)
Great video as usual!
Great video! Motivated to pick this up again and start hunting. Which iOS hackers on TH-cam do you recommend?
So not on TH-cam but I highly recommend Dawn Isabel (her talk is the one I recommend), Spaceraccon has some EXCELLENT newbie resources, and Teknogeek is the king of mobile. I recommend learning how to use Frida because once you learn that you are honestly right at the top of iOS bounty hunters
Can u make a video for source code bug bounty I cant find resource for beginner on source code analys I love reading codes and I wanna do this on bug bounty programs but there is no resource about source code bug bounty as much as web/mobile. This would be so good
About the pyramid of hunters' niche, you've mentioned web and mobile. Do you think that source code review and binary exploitation is also a niche with less competition?
I know that there is different skills you need, but that could be easier for example if someone is new to bug bounty and is a C/C++ developer.
Awesome video btw, you're doing an awesome work!! Thank you"
Definitely! I mention mobile because it's easiest for beginners to learn but with the right experience code review+binary is definitely worth learning. I met someone at a recent h1 live event who had earned his place at the event, but had never ever used burp before, the guy was a pro at code review and a bloody genius. In fact one of the challenges involved an extra bounty if you also submitted a fix, he was able to find bugs in other hackers fixes. Honestly incredible.
@@InsiderPhD great stuff, could you tell credits about him? Twitter or sth?
Wojciech Błaszczuk twitter.com/not_aardvark I highly recommend this article on this crazy complex vulnerability blog.teddykatz.com/2019/11/23/json-padding-oracles.html
Hi katie,
If the endpoint do works with the cookie by changing the cookie of UserB, (this cookie has lots of variables but just chaning PHPSESSIONID of UserB works) is it consider a IDOR? I mean i haven't decipher the PHPSSESIONID but just changing it to a valid one will make the action as correct. Should I report it? is is a low finding???
If you have an endpoint which does something for User A, like change their email, and you replace the cookies with User B's and it still affects User A's account that's definitely a bug!
@@InsiderPhD thanks a lot!!!
The way you select the program, I do the same too. It is great some teaching my mindset and help everyone. Beginners like me keep on asking me this question. Hope, they will get some nice idea after watching this. Great Work @insiderPhD
Thank you, I think this is a start but I'm sure as you work on your own methodology you will pick out stuff you like to hack on!
Are there other sites like bug crowd or hacker one just for mobile bounties? I know both bugcrowd and h1 have mobile bounties but, a source for just mobile would be a huge time saver.
No, but a ton of h1 programs have mobile apps in scope! there are so many options for mobile apps atm.
Good stuff
♥️
Hello
Oh my god your voice is really shocking how old are you😂
Mid 20s! But I'm guessing you thought I was a young man/teenager I'm actually a woman!