I love seeing the reality behind the large figures. The effort to get it, the burnout afterwards. Thank you for keeping it real and giving us more realistic expectations of what it takes to reach those goals. Love your work Ben!
Great video, Ben! It's always interesting to get an idea of what you guys really make with bug bounty, the tactics involved and the effort that was needed to get there. So thanks so much for share that side of your work. 👍
You da man bro, thank you for the info I'm a paraplegic teaching myself BB so i can make some extra money from home but i often think I'm starting to late considering it will be a while before I'm good enough to find bugs in the wild
It is actually not late at all! Just make sure to put reachable goals and not burn out. Some of these pro hackers were already in the industry in early 2010s. They did a lot of researching and testing. If you will start now, you can definitely reach your potential in the next couple of years, or even less!! Good luck
Did you course on Udemy, got really motivated and ready to dive in. But life got in the way and I have to shift my focus, being a husband and dad takes my most of my time and drains me by end of day. Also, want to grow professional in the cyber security field, which in most part requires certifications to get ahead. That takes up my time as well. As you said, you had to sacrifice something. Hoping that after I obtain the security certs that I want to get, I can jump in again into Bug Bounty and help support my family.
I'm in this same boat. Have a newborn, trying to complete my degree (HR check box), and then start self learning and doing Bug bounties for some extra income.
1 - I couldn't find any bugs for 4-5 months, but after watching your "QUIT RECON" video, I also quit recon and was able to find some bugs. Thank you! REQUEST 2 - Many of us can't watch "Live recon with orwa" stream, so please make it free since it's the most in-demand stream ever. Thank you!
amazing sir.... i made $950 last month presently learning API hacking just finished with corey j balls api hacking book.. God bless you for all you do.
@nahamsec congrats brotha. Seems like collaborations is the key, for higher payouts and higher impact bugs, that’s something I def need to do as I haven’t in almost a year. So if anyone interested let’s get on the road to 100k!!!
Thanks a lot. I have seen lots of video of you and other hackers. It will be amazing if in some videos you show the step by step of a bug bounty program.
@@NahamSec thanks a lot. I am sure many people are looking for that. a video which shows picking a program, try to find a bug and submitting the report will be priceless on youtube. lots of thanks in advance
I spent more than 6 months on bug bounty programs and I didn;t get any single bounty; I'm about to give up cause i need money to finance myself, in other words, i need money to pay for internet taxes and time spent
8:00 - So wait, you made $100k in two months purely on BB,.. and then also had enough time to do pentesting gigs and travel? Personally, I understand burnout, especially when it comes to overbearing employers. Gets worse when you are your own boss if you don't check that greed at the door. My goal would be to hit like $12.5k/month ($150k per annum) and once I hit that goal around the middle to end of the month, just take the rest of the time off and do game dev (hobbyist passion of mine) to just unwind.
It's also super encouraging to hear you do this with absolutely zero automation and entirely in your spare time. As a fledgling BB hunter, I just get confused why a lot of people push automation when, if everyone uses it then you have to be the first in line or else you'll always be late.
Can you make video live bug hunting Manually (Zero Automation or No recon)? Because iam a beginner I don't know how to hunt bugs Manually, everyone teach recon, but i don't like it.
@@NahamSec no you need to be very good or collab with pro hackers lije you,zseano etc.I did bugbounty almost a year and find only duplicates or informative.So fuck this never spend a minute in my life on this shit
so i did some automated api endpoint enumeration testing (via feroxbuster) and managed to get into the /etc/passwd file on my friends web server he allowed me to hack-BUT - this was the contents of the file: root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin does anybody know how i can ACTUALLY get a hold of the password hashes for each user here in the second field after the first : ????????
Hi there, I was wondering if you could advise me on what route to go for a complete beginner? Learning web fundementals -> TryHackMe -> Portswigger? And generally, would I be wasting my time with this, couple of people here saying you’re competing with top hackers and I agree. But I am able to dedicate a lot of time to BB. Thanks in advance!
I love seeing the reality behind the large figures. The effort to get it, the burnout afterwards. Thank you for keeping it real and giving us more realistic expectations of what it takes to reach those goals. Love your work Ben!
yup me too
yup me too
Great video, Ben! It's always interesting to get an idea of what you guys really make with bug bounty, the tactics involved and the effort that was needed to get there. So thanks so much for share that side of your work. 👍
Thanks for watching!
No script for the video, just real knowledge and real precious words coming out of your mouth 😂😂💖💖
You da man bro, thank you for the info I'm a paraplegic teaching myself BB so i can make some extra money from home but i often think I'm starting to late considering it will be a while before I'm good enough to find bugs in the wild
It is actually not late at all! Just make sure to put reachable goals and not burn out. Some of these pro hackers were already in the industry in early 2010s. They did a lot of researching and testing. If you will start now, you can definitely reach your potential in the next couple of years, or even less!! Good luck
@@waterlord6969 Thank you
I consider my self as a newbie and I find this very inspiring. I've got a lot of positive energy from it. Thanks for sharing. Cheers buddy 🌱
you da best man thanks for this one!
Thanks for watching!
you got to be in it to win it. Well done bro so happy for you!✌
Did you course on Udemy, got really motivated and ready to dive in. But life got in the way and I have to shift my focus, being a husband and dad takes my most of my time and drains me by end of day. Also, want to grow professional in the cyber security field, which in most part requires certifications to get ahead. That takes up my time as well. As you said, you had to sacrifice something. Hoping that after I obtain the security certs that I want to get, I can jump in again into Bug Bounty and help support my family.
Yeah, you have to be willing to give up something. It's not easy, but it's definitely doable
I'm in this same boat. Have a newborn, trying to complete my degree (HR check box), and then start self learning and doing Bug bounties for some extra income.
I love your contents man, Thank you from Iran :))
Thanks for the motivation :)
Are you doing also bug bounty in web3?
1 - I couldn't find any bugs for 4-5 months, but after watching your "QUIT RECON" video, I also quit recon and was able to find some bugs. Thank you!
REQUEST
2 - Many of us can't watch "Live recon with orwa" stream, so please make it free since it's the most in-demand stream ever. Thank you!
Nice work! It is available for members for now but it'll be published later.
@@NahamSec Ok , Thanks
I agree with your thoughts saying ++ years old program still have vulns. Last month, I found my first vuln ever from a 7 years old program :)
Lit that fire to start bug bounties!
Keep it up man i love watching the videos learning to get a job in cyber security some day.
Hey, have you an advanced courses for bug bounty if we finish your intro to bug bounty course on udemy ?
Not yet. But it’s coming!
Thank you Nahamsec 💯 for this video! Burnout are a thing for me, so I will do something about them. Cheers
best of luck!!
Would you say doing a penitesting is good entry to hacking ? Newbie and really considering changing careers
kudos ben for creating helpful contents.. keep going brother cheers
Thanks for watching!
Totally agree with this video Ben. I was the same this year too on a public program on HackerOne. No automation used and found 40 bugs.
Congrats and thank you for all the great advice!
Thanks for watching!
Your Udemy course, do you show all your methods of approaching a site?
🔥🔥🔥 NIce video bro. Your content has been so helpful in my cybersecurity journey as a beginner.
❤️
master at work 💯💯😍😍
amazing sir.... i made $950 last month
presently learning API hacking just finished with corey j balls api hacking book..
God bless you for all you do.
Bro i have completed that course, can u please share your twitter ... Lets follow this journey together
bro with that course i found 2 bugs 250 euro and 300 euro on intigrty 😁 . can i know which platform u used? i hack on intigriti
Hackerone
@@oneplanet2198 thnx 👍
Lesson from this Video:
Have a secondary bug bounty platform.
Put effort 60/40 of your hacking time or follow your own preference.
Why is your reaction on thumbnail feels like " you're asking yourself why did you earn 100k 😂"
It was kind of hard to believe it at first!
@nahamsec congrats brotha. Seems like collaborations is the key, for higher payouts and higher impact bugs, that’s something I def need to do as I haven’t in almost a year.
So if anyone interested let’s get on the road to 100k!!!
Great tips! Thanks for this
Hey love all your videos I’m 16 and all of your videos are really pushing me to become a ethical web hacker!
Well, A new Million $ hacker on his way!🙌🏻
Maybe some day :)
LOL he is already
Next person I'm 😅😮
did you say at the start taxation is coming to an end in the US?
The tax season is coming to an end.. as in just for the year!
@@NahamSec got it! i was surprised thinking that the american gvt wont collect taxes again
It something down the motivation that I spended enough days and didn't find even small hint
What to do
Thanks for the information ❤
do you need a permission before starting to find a vulnerabilty?
People only see success but not their hardwork😢❤
Thanks a lot. I have seen lots of video of you and other hackers. It will be amazing if in some videos you show the step by step of a bug bounty program.
Thanks for watching! I'll think of something to show that soon!
@@NahamSec thanks a lot. I am sure many people are looking for that. a video which shows picking a program, try to find a bug and submitting the report will be priceless on youtube.
lots of thanks in advance
That's Great Video !
how to keep update ourself
please make video about it
I spent more than 6 months on bug bounty programs and I didn;t get any single bounty; I'm about to give up cause i need money to finance myself, in other words, i need money to pay for internet taxes and time spent
Ben You from Iran??
It’s really amazing brother 🎉
Is i am doing good if my aim is penetration testing but need of money i am also giving time to bug bounty
Is portswiger trainning enough for all of this?
It's a good start but eventually you need to stop doing labs and dive right into it.
Give us free bug bounty course 😢
کاش میتونستی یه ویدیوجامع در مورد ریکان به زبان پارسی هم منتشر کنی:)
All these vulnerabilities did you find it in this year? Many of the programs triage time is huge.
Thanks, NahamSec, this vedio means a lot to me, motivated for more hacking now 🔥
Loved it and sparked in my deap heart now it will be the volcano
Please can you post the interview with godgatherorwa
insha'Allah that's gonna be me Allah will make me that dude
Great work
Thank you! Thanks for watching!
So a quarter of a mili in another two months? 🤔
probably not :(
Confusion confusion confusion
When i go for bug bounty i get confused what to do what to not 😢help !!!
Hello sir yesterday hacking session with orwa when upload in youtube?
You really motivate me sir❤! Love from India!
burp puts food on the table ;)
salute brother....
Fresh video! :3
Thanks for watching!
دایرکت بدم جواب میدی چنتا راهنمایی بگیرم داداش ؟
Thanks Naham
8:00 - So wait, you made $100k in two months purely on BB,.. and then also had enough time to do pentesting gigs and travel?
Personally, I understand burnout, especially when it comes to overbearing employers. Gets worse when you are your own boss if you don't check that greed at the door. My goal would be to hit like $12.5k/month ($150k per annum) and once I hit that goal around the middle to end of the month, just take the rest of the time off and do game dev (hobbyist passion of mine) to just unwind.
It's also super encouraging to hear you do this with absolutely zero automation and entirely in your spare time. As a fledgling BB hunter, I just get confused why a lot of people push automation when, if everyone uses it then you have to be the first in line or else you'll always be late.
Here we go. Subscribers ⬆
LET'S GO!!
If you're not making a million dollars a week don't even talk to me 😤✋️
I made ZERO in three years flexing your bounties like so many others doesn’t help.
love it
GZ
LF entry lvl job/internship
Python/CCNA/almost a hacker on HTB now learning JS.
I live in Ethiopia can I get my payments
Oh no how it possible bro
Ok maybe time to start doing bug bounty??????
Its tough, don't think if you start you have $
@@axelvirtus2514 it’d be more to keep up my skills tbh
yes - yes it is!
You have years of experience on your computer
I do!
@@NahamSec i know but how money years of experience do you have? 8-10 or more?
I doubt it. I watch your streams sometimes and you struggle with burp academy. You don't have to lie to get views
Useful perspective. You are so pale I can tell you've been busy LMAO
Like and subscribe so I can afford a tanning membership. Jk. I do need to go outside more 😂
all of your video sound is too low as other bug hunter ..i think thats a bug LOL
Generic API Key leak that is bug
motivated Bro
Can you make video live bug hunting Manually (Zero Automation or No recon)?
Because iam a beginner I don't know how to hunt bugs Manually, everyone teach recon, but i don't like it.
First 🥇❤
firstt
ping diff..someone else commented befroe me 😢😢
next time!
If you wanna start bug bounty think twice, remember you compite with hackers with 10+ experience
There's room for everyone. I genuinely believe that. Don't let that mindset be the reason why you don't chase your dreams!
@@NahamSec no you need to be very good or collab with pro hackers lije you,zseano etc.I did bugbounty almost a year and find only duplicates or informative.So fuck this never spend a minute in my life on this shit
Love from india man. We met soon. Remember my name kedarkid or AKKI
Please help with our cats food...... @Tanvir
Naham why Hacker1 cheat beginners i mean i reported 3 valid bugs they always say informative and close the report
so i did some automated api endpoint enumeration testing (via feroxbuster) and managed to get into the /etc/passwd file on my friends web server he allowed me to hack-BUT - this was the contents of the file:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
does anybody know how i can ACTUALLY get a hold of the password hashes for each user here in the second field after the first : ????????
Hi there, I was wondering if you could advise me on what route to go for a complete beginner?
Learning web fundementals -> TryHackMe -> Portswigger?
And generally, would I be wasting my time with this, couple of people here saying you’re competing with top hackers and I agree. But I am able to dedicate a lot of time to BB.
Thanks in advance!
me -> tryhackme - portswigger - pentesterlab - then api course from j ball
From what you can learn on portswigger and tryhackme, what would you say is the minimum knowledge before diving into real programs?