I would like you to interview a new bug bounty hunter, not a total new hunter, but someone that has been doing it for 4-6 months, try to find out what separates him from someone who is more experienced like yourself. Would be amazing if you could watch him look at some VDP program like ford or some other VDP and see if he's not checking some stuff he should be, spending to much time on some stuff, perhaps he's moving to fast, etc. Would be like a VOD review for games, but for bug hunting
"I've been doing bug bounty for 5 months (basicly with no background), and I've received 2 bounties of $50 each (i want better ones). However, I'd like to better understand the experiences of those who have achieved more than I have, for now.
It would be very helpful and interesting to have videos on: - How to quickly and efficiently write a bug report (templates, automation, AI and so on...) - What are the most common BBPs policies and practices for not breaking them (rate limit, automation limitations) - Burp suite: best extensions and when to use Thanks mate, love your videos and appreciate your work!
Love this! I just started hunting for bugs yesterday and it's actually pretty fun--tough but fun. I guess, content wise, I do like content that goes deep on individual types of bugs and examples on how to find them. Love your vids man 😁
Hi Nahmsec I would like to go back for 4 yrs( start of the college)to start my bug bounty.. watching ur videos .. I started bug bounty 1 yr back (because of my friend I started... But he, not even trying to find bug . He went for normal work style -office ) Ur videos are literally excellent motivation to start or focus.. on it Man ..
Alot of us " begginers " , struggle on the methodology. I have followed alot without success untill now . If you could do us a begginers checklist ( to get us used to doing the actual stuff that benefit us and hopefully ipen new doors for us ) Guys please like this we need it !
You should interview bug bounty hunters of all levels, all the way from beginners to experts. Edited: And maybe interviewing hackers with particular niche (specialized in one vulnerability type) who then gives a little demo in the end. That would be great and more engaging. Moreover we get to see how they go about things.
Hello Naham, thank you for giving so much back to the community! Personally I started watching you recently and I am still going through a bunch of materials, honestly for me it helped the bug bounty methodology I've seen from Jhaddix a shoutout to him as well. However, I feel that I didn't see that at other content creators in cyber security and I think it would be amazing to maybe get to see how you guys are doing your own methodologies, maybe like how you build your list of steps you follow when doing recon or bug hunting. I am thinking it can be even a video on advice on how to build our own methodologies based on ideas from you or other people in the community. I know I am kind of asking to "steal knowledge" but I think that having maybe a video about how to build or tune our methodologies or something where we can learn from other seasoned bug bounty hunters more catered to the style bug bounty methodology v4 is would be quite amazing. And I also hope Jhaddix would be okay with this as well!! Once again, thanks for the awesome content and the inspiration you have been so far!
Hello, Naham. First off, I love your content so far, been watching your videos for a few weeks, maybe a month or two now. To be honest, the most impactful content (to me at least) in your channel, is strictly related to roadmaps and beginners oriented content. I'd love to see content related directly to how to start, overviews and overall, more advice about the first weeks/months. I come from a humanistic background, therefore, I'm trying to make the jump to Bounty Hunting, but it's pretty hard to be honest, so maybe more guide-like content, as if it was a college class, but a 101 class. Honestly, that's the content I'd love to see. Thanks in advance.
I have a few roadmap videos but would love to hear more about this. Like more specifics. If you're up for it, would love to hear your thoughts or some examples via email. 5poa@nahamsec.com
Hey, I'm a big fan! I've been thinking about how to convince the triage team that session fixation is a vulnerability. Just kidding! Lately, I've been facing numerous issues with my reports. They either get duplicated or are categorized as informational. I found a bug where you can control accounts using just one cookie (it's brute-forceable). This bug allows you to post in another person's account or even delete the account. However, it's frustrating to receive responses categorizing these issues as out of scope. It feels like sometimes they don't fully read our reports. I don't know if you faced a difficult time in bug bounty hunting, but maybe consider making a video on how to deal with these problems. Don't give up, stay focused, because even though it's a hobby you love, it can also take a toll on your mental health. (I know that in this case its not what the companie whants and bla bla bla that why they refused the report, but still why are u in a bugbounty program if your not going to take seriously)
Always enjoying your content, thank you and keep going! It would be cool to see how you are approaching bug bounty from scratch. Maybe its doing a lab but with mind set that its a real life bug bounty program. Or something similar like that, so it would give viewers understanding how you approach things.
I would like to see more videos on bug bounty methodology that allows for the highest number of bugs found. I am in the same situation you were in. I became interested in bug bounty to gain experience and have something to put on my resume because it's hard to get any job without experience these days. I even saw a job offer for an internship recently that required experience in a similar position... Therefore, videos showing what to focus on to find as many bugs as possible (not necessarily well-paid) would really help me 🙂
Hello Nahamsec, thank you for all the content you make, a recommendation would be: How to overcome that voice in your head that says that you are not good at this thing that many of the new ones have, although this could be a little more psychological, it would still be interesting to know your opinion How long should I be searching in a program? 1 month or 1 week? What to do if I don't find any vulnerability? look for more information on vulnerability? watch videos of yourself or anyone else who dedicates content like you?
1. google dorking and what kinda bugs you can find with just dorking (could be a part of initial recon/enum stage) 2. series on what, how, why, when, where of the usual bugs 3. how to set up and use cloud VPS for bug hunting
You are already giving great content and we love them, and I understand the field we are in where we have to stay in limit of ethics and legality, but would really like you to talk about your reports on the bug types or some journey to some cool weird reports while being in the line of not disclosing anything. But things that corben often does on twitter, Justin talks about it on his podcasts, I would like a format of videos from you where you alaso talk about such reports as deeply as possible but staying in the limit of policies. Thankyou for improving our community so much.
Hello Ben , thank you for all the work you've been doing . The videos you publish do a lot for the community . I would really love for you to do a video about zone transfer vulnerabilities or just stuff hackers should understand when going for dns vulnerabilities. Thanks
Actually I think it would be interesting if you show us your thought process of how you get to vulnerabilities, I mean when you see website, what do you actually think that may be happening and how you are concluding it
Hi Nahmsec, Thank you for all the encouragement you provide in your videos to beginners as well as the insight you consistently share. As a beginner getting into Bug Bounty Hunting, I am still a little confused about how DNS can be leveraged for both enumeration purposes, and a potential vulnerability. I know Stok has a video where he describes how he has his own DNS/BIND server to help with his target enumeration. Would you be willing to do some videos explaining how DNS should be leveraged for enumeration? I am specifically thinking about domain transfers etc. I have had a difficult time finding any videos which provide a detailed explanation for a beginner regarding this topic. Thank you for all your content and your contributions to the community, I hope to see you at Defcon next year!
Consider interviewing a bug bounty hunters with 6-12 months of experience, to explore what distinguishes them from more seasoned hunters. Observe their approach while assessing a VDP program like Ford's, identifying any potential gaps in their checks, time management, or speed. I would like you to pick the hunters directly from bugcrowd or hackerone.
I my opinion it would be a really good idea to select some cves or any h1 report, trying to replicate it locally, so we all learn and understand a new way of thinking or a new vulnerability to test for.
I'd be thrilled if someone could put together a Capture The Flag (CTF) challenge for you! It would be awesome if they included a bunch of domains and all sorts of random stuff. Then, you can dive into it just like you would with a real bug bounty program, without any hints beforehand. That way, we get a feel for where to begin, what to test, and so on. what do you think
Hi naham, I like your content which covers tips or methodology like this one. Most people like me know about vulnerability exploitation but don't know how to find it I worked on a private BBP, and found some good bugs on it. This gave me idea how to hunt for business logic. The sumps thing I learnt is 1 feature just contradicts other. That's the bug in 1 sentence. You can make some similar videos
lots of people sharing us how to hunt for bugs. however, i’ve not heard anybody tell us when to stop for hunting, when we should give up on that bug and start other stuffs. hope you will share about this
*Advice* : 1 - *For Quality Bugs:* Focus on uniqueness. eg-> very less hackers do permutation bruteforcing. 2 - *For finding Bugs:* If you feel like you're struggling to find bugs, skip Recon , and focus only on manual testing like business logic, access control, and authentication ..etc. 3 - *Mental and Body Health:* Treat yourself as a human, your health is more important than a bug.
As someone that hasn't found a bug yet but is hopeful to find a bug soon I would want some content around determining what input / parameters / variables / tags I should be looking for in order to better understand how data is handled by the target. A lot of content already exists on Recon/AppAnalysis, and the resounding keynote is to follow the data. Understanding what I can do manually to do that would be a huge win.
I think a good topic/question to answer would be at what point do you move from training to putting into practice? For example I am popping boxes on htb in fairly good time now but still lack some confidence to shift my limited time over to h1/bugcrowd platforms
Hey naham! I think that it would be interesting how to handle multiple scans with multiple servers. You know, It could be very interesting how to set up multiple servers for multiple purposes or even how to handle applications which allow multiples threads to perform a lot of differents request between multiple subdomains or something like this. I think also that it could be interesting because maybe a lot of vulnerability researchers stop when they have only one VPS working with one network demanding command like amass.
What is very hard for me to find is an easy to follow journey from A to Z. Like which are the steps to become X (qa manage, master pentester, hacker, whatever, etc.)
Another great video would be how to submit bugs properly for different programs since they are all different. I've read that people tend to lose a bounty because of improper documentation. Love your page. Thanks again
Today I learnt something new thanks sir ❤ When we are hunting on bug bounty programs just give full strength and dedication Mindset. Doesn't matter Bug will get Not applicable or Dublicate or Informative. Mater does what you learn from you failure. Like Tony stark learn from mistake and build best weapon 🤩😇
There is a story about a Sensei who asks his class one day - "what is the most difficult belt to obtain?". A couple of people put up their hand and reply "Black Belt , sensei". The Sensei pauses and replies " the hardest belt to obtain is the white belt. The thing a lot of people struggle with is just to get up and start. Stop watching video, reading books and signing up to Udemy courses. I'd love to know how many people signed up to your Bug Bounty course VS how many completed it ?
I'd have to look at the stats, but I have made a video saying exactly this! I love the story though. Can you email me 5poa@nahamsec.com for your voucher :)?
I really like your content and admire your knowledge and experience. I think that a good balance between "motivational content" and technical content would be great. Also, not everything is hacking and the community would appreciate your insights regarding basic and foundational concepts like web application infrastructure, protocols like HTTP or DNS and make a series of videos about it or your approach of different technologies. You have probably noticed the average level of your followers, so you can leverage your knowledge to make it valuable for beginners and advanced. Don't forget youtube shorts to keep people engaged and reach new audiences. Keep it up NahamSec, one day I will collaborate with you!
RCE series with test cases for all possible Vulnerabilities leading to RCE. Bug bounty reports analysis for each chain. Which targets are vulnerable to RCE? What all things we need to know to find RCE, etc
Hello ben !! I would love to see some video series in which you explain some of the disclosed bug reports . Mainly because it is difficult sometimes to understand many of the complex bug reports . Also you can make a series on source code review .
Hi Ben, thanks for your videos. If u create a video about picking a target from platform such as hackerone and show ur approached and vision about finding the bugs, will be a priceless video on youtube. this kind of content due to the reality, would be amazing. There is no need to find something on that program, we just want to see your approach and methods of how u work on a real target not a CTF.
I would like to start a podcast with bug hunter or red teaming member for sharing their journey , their methodologies, their tools, their hacking mindset etc. It would be amazing , if you start this type of podcast, or video blog.
Hey Naham, First of all, I love the content you create on every platform .The Video suggestion that you are saying is from my point-of-view is You should make a series for beginners how to get into hacking career. By mean by that is like 1st learns basis of networking ,linux and step by step you go through each portion so that a beginner can understand and have a idea of how he can get into the field. AND LAST BUT NOT LEAST....YOUR VLOGS❤ bcoz its interesting to watch events or normal days in a hacker's life.
Thank you! I have made some content like these: th-cam.com/video/C_QFnx2PrPA/w-d-xo.html th-cam.com/video/doFo0I_KU0o/w-d-xo.html th-cam.com/video/GyktHRmkBWU/w-d-xo.html Do you mean something different?
I'd be interested if you could make a video that provides insights on how to integrate the explicit knowledge gained from readings (e.g. books, blog posts, and reports) and listening to others, along with a certain type of knowledge gained from doing hands-on labs and CTFs, and effectively applying that to develop the procedural (practical) knowledge of actually finding bugs on real-world targets. I thought about this again today, and though the answer seems as simple as getting out of the "learning loop" and just jumping into hacking to learn, this still seems to be very elusive for many. The sort of practical knowledge involved in hacking can be difficult to articulate sometimes, and so it seems some people, maybe half-joking, refer to an intuition or spidey sense while hacking. Perhaps there are some particularly good strategies to internalize knowledge gained from learning materials and labs to develop the deep procedural knowledge required for the more complex tasks in real-world hunting. Just getting one's hands dirty with bug hunting and using strats like focusing on one vuln class are good pieces of advice, but maybe there are some more explicit, actionable things new hunters can do in order to transfer knowledge from learning and experience in labs to "doing the thing" that is bug bounty hunting.
Please show us more access controls bypasses . Like just look at a report that has been posted and make a same sensation video to teach us how to do it and how to think when approaching a target. Thank you man 🙏
Can you please upload a full video explaining how we find different kind of bugs and how to report them and where to report them please this was not available on TH-cam by anyone
Hello! I would appreciate an episode about some project with Raspberry Pi - e. g. fuzzing farm. Not so much to overly promote reliance on automation but to expand knowledge and possibilities. Thank you for your consideration!
Hello Naham, first I really enjoy your videos but Please create a video discussing the rules for bug hunting. For example, we want to ensure that we are working within legal boundaries without encountering any problems. Additionally, provide information about the types of tools we can use for testing. We're particularly interested in videos covering these topics.
I woud like you to make a video on how someone can find bugs without using any purchased software or hacking tools. It would be very useful as every youtuber nowadays uses payed tools.
Hello Ben, thanks for the content. I would like to have a video about the best steps, initial steps to follow when going for finding bugs in a bug bounty program.
It would be good, if you make content on the most common bugs, like. What the bug is? Technical background, a practical example on how to identify and exploit
I want to know how we can do Web application pentesting from starting to end when we deal with company projects & bugbounty programs Requesting you to take a live example and explain us that would be better
Hey man your vids motivate me alot you can make any type of vids it is awesome but focusing on bug hunting labs , tips and tricks are very very great and motivates us ❤
nahamsec you're a good bug bounty content creator , and i like your content thank you for sharing with us good information and knowledge about bug bounty , i'd like you to make a video about how to dive deep into the program (web app) not just subdomain enumeration , and what does mean understanding the app in depth i mean what are the things you should understand or know about the web app that may help the hacker to find good vulnerabilities
I like that, can you send me some specific questions about this to help me come up with the content? Like what would you like to learn specifically? 5poa@nahamsec.com
hi big bro. If for newcomers who want to start Bug Bounty, prerequisites like The required knowledge of network, JavaScript, Linux, etc. will be great if taught by you.
VLOG Day in The Life! walking us through a basic day of your current role, I believe would allow us to intergrade some of the behaviors in our everyday live, for example do you have a planner or are there Certains things you do in order to get ready for work (I heard every hacker drinks coffee lol). Seeing how you manage your free time would also help, like a AAU basketball player would watch a NBA players Day in a life ... what do you do to improve your game ?
I have solved most of portswigger labs but the thing is I am able to find & exploit a specific vulnerability in the labs because I know there is something to exploit here. But when it comes to bug bounty programs , after recon I just try to blindly inject sql inj/lfi/ssti payloads when I see any specific parameters like file=. After a few tries I assume it is not vulnerable & I am wasting my time here. What would be your advice to approach a target instead of blindly going for it? Thanks
my question might seem stupid but can you describe how can i apply my knowledge in real world means how can one actually find some vulnerability and report it and if possible get paid
Hy @NahamSec, Please make a Series Of Advance Web Pentesting Like "Account Take Over" level 1 to 10 and then "CRLF" level 1 to 10 and then "Buisness Logic Flaws" level 1 to 10 : And So On.
I would like you to interview a new bug bounty hunter, not a total new hunter, but someone that has been doing it for 4-6 months, try to find out what separates him from someone who is more experienced like yourself. Would be amazing if you could watch him look at some VDP program like ford or some other VDP and see if he's not checking some stuff he should be, spending to much time on some stuff, perhaps he's moving to fast, etc. Would be like a VOD review for games, but for bug hunting
That is an amazing recommendation!! Love it❤
Love the recommendation!
"I've been doing bug bounty for 5 months (basicly with no background), and I've received 2 bounties of $50 each (i want better ones). However, I'd like to better understand the experiences of those who have achieved more than I have, for now.
Thank you, we need a new but successful bug hunter to be interviewed.
I absolutely love this! Maybe I'll make this into a series or something.
can you email me 5poa@nahamsec.com for your voucher :)?
It would be very helpful and interesting to have videos on:
- How to quickly and efficiently write a bug report (templates, automation, AI and so on...)
- What are the most common BBPs policies and practices for not breaking them (rate limit, automation limitations)
- Burp suite: best extensions and when to use
Thanks mate, love your videos and appreciate your work!
Love this!
I just started hunting for bugs yesterday and it's actually pretty fun--tough but fun.
I guess, content wise, I do like content that goes deep on individual types of bugs and examples on how to find them.
Love your vids man 😁
Thank you! I'll keep that in mind
Hi Nahmsec
I would like to go back for 4 yrs( start of the college)to start my bug bounty.. watching ur videos ..
I started bug bounty 1 yr back (because of my friend I started... But he, not even trying to find bug . He went for normal work style -office )
Ur videos are literally excellent motivation to start or focus.. on it
Man ..
Alot of us " begginers " , struggle on the methodology.
I have followed alot without success untill now .
If you could do us a begginers checklist ( to get us used to doing the actual stuff that benefit us and hopefully ipen new doors for us )
Guys please like this we need it !
You should interview bug bounty hunters of all levels, all the way from beginners to experts.
Edited: And maybe interviewing hackers with particular niche (specialized in one vulnerability type) who then gives a little demo in the end. That would be great and more engaging. Moreover we get to see how they go about things.
Hello Naham, thank you for giving so much back to the community! Personally I started watching you recently and I am still going through a bunch of materials, honestly for me it helped the bug bounty methodology I've seen from Jhaddix a shoutout to him as well. However, I feel that I didn't see that at other content creators in cyber security and I think it would be amazing to maybe get to see how you guys are doing your own methodologies, maybe like how you build your list of steps you follow when doing recon or bug hunting. I am thinking it can be even a video on advice on how to build our own methodologies based on ideas from you or other people in the community. I know I am kind of asking to "steal knowledge" but I think that having maybe a video about how to build or tune our methodologies or something where we can learn from other seasoned bug bounty hunters more catered to the style bug bounty methodology v4 is would be quite amazing. And I also hope Jhaddix would be okay with this as well!! Once again, thanks for the awesome content and the inspiration you have been so far!
Hello, Naham. First off, I love your content so far, been watching your videos for a few weeks, maybe a month or two now. To be honest, the most impactful content (to me at least) in your channel, is strictly related to roadmaps and beginners oriented content. I'd love to see content related directly to how to start, overviews and overall, more advice about the first weeks/months.
I come from a humanistic background, therefore, I'm trying to make the jump to Bounty Hunting, but it's pretty hard to be honest, so maybe more guide-like content, as if it was a college class, but a 101 class. Honestly, that's the content I'd love to see. Thanks in advance.
I have a few roadmap videos but would love to hear more about this. Like more specifics. If you're up for it, would love to hear your thoughts or some examples via email. 5poa@nahamsec.com
Hey, I'm a big fan!
I've been thinking about how to convince the triage team that session fixation is a vulnerability. Just kidding! Lately, I've been facing numerous issues with my reports. They either get duplicated or are categorized as informational. I found a bug where you can control accounts using just one cookie (it's brute-forceable). This bug allows you to post in another person's account or even delete the account. However, it's frustrating to receive responses categorizing these issues as out of scope. It feels like sometimes they don't fully read our reports.
I don't know if you faced a difficult time in bug bounty hunting, but maybe consider making a video on how to deal with these problems. Don't give up, stay focused, because even though it's a hobby you love, it can also take a toll on your mental health.
(I know that in this case its not what the companie whants and bla bla bla that why they refused the report, but still why are u in a bugbounty program if your not going to take seriously)
Always enjoying your content, thank you and keep going!
It would be cool to see how you are approaching bug bounty from scratch. Maybe its doing a lab but with mind set that its a real life bug bounty program. Or something similar like that, so it would give viewers understanding how you approach things.
Big shoutout To nahamsec....Please share videos on your XSS methodology....Please
I would like to see more videos on bug bounty methodology that allows for the highest number of bugs found. I am in the same situation you were in. I became interested in bug bounty to gain experience and have something to put on my resume because it's hard to get any job without experience these days. I even saw a job offer for an internship recently that required experience in a similar position... Therefore, videos showing what to focus on to find as many bugs as possible (not necessarily well-paid) would really help me 🙂
Hello Nahamsec, thank you for all the content you make, a recommendation would be:
How to overcome that voice in your head that says that you are not good at this thing that many of the new ones have, although this could be a little more psychological, it would still be interesting to know your opinion
How long should I be searching in a program? 1 month or 1 week?
What to do if I don't find any vulnerability? look for more information on vulnerability? watch videos of yourself or anyone else who dedicates content like you?
I think the coolest videos are the live hunting ones. They really help a lot
1. google dorking and what kinda bugs you can find with just dorking (could be a part of initial recon/enum stage)
2. series on what, how, why, when, where of the usual bugs
3. how to set up and use cloud VPS for bug hunting
You are already giving great content and we love them, and I understand the field we are in where we have to stay in limit of ethics and legality, but would really like you to talk about your reports on the bug types or some journey to some cool weird reports while being in the line of not disclosing anything. But things that corben often does on twitter, Justin talks about it on his podcasts, I would like a format of videos from you where you alaso talk about such reports as deeply as possible but staying in the limit of policies.
Thankyou for improving our community so much.
Hello Ben , thank you for all the work you've been doing . The videos you publish do a lot for the community . I would really love for you to do a video about zone transfer vulnerabilities or just stuff hackers should understand when going for dns vulnerabilities. Thanks
Actually I think it would be interesting if you show us your thought process of how you get to vulnerabilities, I mean when you see website, what do you actually think that may be happening and how you are concluding it
Hi Nahmsec,
Thank you for all the encouragement you provide in your videos to beginners as well as the insight you consistently share. As a beginner getting into Bug Bounty Hunting, I am still a little confused about how DNS can be leveraged for both enumeration purposes, and a potential vulnerability. I know Stok has a video where he describes how he has his own DNS/BIND server to help with his target enumeration. Would you be willing to do some videos explaining how DNS should be leveraged for enumeration? I am specifically thinking about domain transfers etc. I have had a difficult time finding any videos which provide a detailed explanation for a beginner regarding this topic. Thank you for all your content and your contributions to the community, I hope to see you at Defcon next year!
Consider interviewing a bug bounty hunters with 6-12 months of experience, to explore what distinguishes them from more seasoned hunters. Observe their approach while assessing a VDP program like Ford's, identifying any potential gaps in their checks, time management, or speed. I would like you to pick the hunters directly from bugcrowd or hackerone.
it would be interesting to see a video on how you choose a bug bounty program specific to a certain skill set/bug knowledge
I my opinion it would be a really good idea to select some cves or any h1 report, trying to replicate it locally, so we all learn and understand a new way of thinking or a new vulnerability to test for.
I'd be thrilled if someone could put together a Capture The Flag (CTF) challenge for you! It would be awesome if they included a bunch of domains and all sorts of random stuff. Then, you can dive into it just like you would with a real bug bounty program, without any hints beforehand. That way, we get a feel for where to begin, what to test, and so on. what do you think
Hi naham,
I like your content which covers tips or methodology like this one.
Most people like me know about vulnerability exploitation but don't know how to find it
I worked on a private BBP, and found some good bugs on it. This gave me idea how to hunt for business logic.
The sumps thing I learnt is 1 feature just contradicts other. That's the bug in 1 sentence.
You can make some similar videos
Noted! I'd have to think about this a bit more to see how to approach this! can you email me 5poa@nahamsec.com for your voucher :)?
lots of people sharing us how to hunt for bugs. however, i’ve not heard anybody tell us when to stop for hunting, when we should give up on that bug and start other stuffs. hope you will share about this
*Advice* :
1 - *For Quality Bugs:* Focus on uniqueness. eg-> very less hackers do permutation bruteforcing.
2 - *For finding Bugs:* If you feel like you're struggling to find bugs, skip Recon , and focus only on manual testing like business logic, access control, and authentication ..etc.
3 - *Mental and Body Health:* Treat yourself as a human, your health is more important than a bug.
As someone that hasn't found a bug yet but is hopeful to find a bug soon I would want some content around determining what input / parameters / variables / tags I should be looking for in order to better understand how data is handled by the target. A lot of content already exists on Recon/AppAnalysis, and the resounding keynote is to follow the data. Understanding what I can do manually to do that would be a huge win.
hahaha, first learn how to dual boot kali, the proper way, yah its me
@@MianHizb I just learned how to do that. Took a bit to understand but finally got it working.
Cover more about the manual web app approach. What you do when you get started on a target and stuff
Content suggestion: Motivational video after experiencing a layoff and how to apply beginner skills to produce income as soon as possible
I think a good topic/question to answer would be at what point do you move from training to putting into practice? For example I am popping boxes on htb in fairly good time now but still lack some confidence to shift my limited time over to h1/bugcrowd platforms
Hey naham!
I think that it would be interesting how to handle multiple scans with multiple servers. You know, It could be very interesting how to set up multiple servers for multiple purposes or even how to handle applications which allow multiples threads to perform a lot of differents request between multiple subdomains or something like this.
I think also that it could be interesting because maybe a lot of vulnerability researchers stop when they have only one VPS working with one network demanding command like amass.
What is very hard for me to find is an easy to follow journey from A to Z. Like which are the steps to become X (qa manage, master pentester, hacker, whatever, etc.)
have a well explained detailed video on bug bounty books , ctf and blogs reading . or you can talk about resources available publicly for bug bounty
Another great video would be how to submit bugs properly for different programs since they are all different. I've read that people tend to lose a bounty because of improper documentation. Love your page. Thanks again
Today I learnt something new thanks sir ❤
When we are hunting on bug bounty programs just give full strength and dedication Mindset. Doesn't matter Bug will get Not applicable or Dublicate or Informative.
Mater does what you learn from you failure. Like Tony stark learn from mistake and build best weapon 🤩😇
There is a story about a Sensei who asks his class one day - "what is the most difficult belt to obtain?". A couple of people put up their hand and reply "Black Belt , sensei". The Sensei pauses and replies " the hardest belt to obtain is the white belt. The thing a lot of people struggle with is just to get up and start. Stop watching video, reading books and signing up to Udemy courses. I'd love to know how many people signed up to your Bug Bounty course VS how many completed it ?
Nothing but facts
I'd have to look at the stats, but I have made a video saying exactly this! I love the story though. Can you email me 5poa@nahamsec.com for your voucher :)?
I really like your content and admire your knowledge and experience. I think that a good balance between "motivational content" and technical content would be great. Also, not everything is hacking and the community would appreciate your insights regarding basic and foundational concepts like web application infrastructure, protocols like HTTP or DNS and make a series of videos about it or your approach of different technologies. You have probably noticed the average level of your followers, so you can leverage your knowledge to make it valuable for beginners and advanced. Don't forget youtube shorts to keep people engaged and reach new audiences. Keep it up NahamSec, one day I will collaborate with you!
RCE series with test cases for all possible Vulnerabilities leading to RCE. Bug bounty reports analysis for each chain. Which targets are vulnerable to RCE? What all things we need to know to find RCE, etc
Great content and always helpful. Will like to know how are your days in bug bounty and how often and how are your breaks.
Hello ben !! I would love to see some video series in which you explain some of the disclosed bug reports . Mainly because it is difficult sometimes to understand many of the complex bug reports . Also you can make a series on source code review .
Hi Ben, thanks for your videos. If u create a video about picking a target from platform such as hackerone and show ur approached and vision about finding the bugs, will be a priceless video on youtube. this kind of content due to the reality, would be amazing. There is no need to find something on that program, we just want to see your approach and methods of how u work on a real target not a CTF.
I would like to start a podcast with bug hunter or red teaming member for sharing their journey , their methodologies, their tools, their hacking mindset etc. It would be amazing , if you start this type of podcast, or video blog.
Hey Naham,
First of all, I love the content you create on every platform .The Video suggestion that you are saying is from my point-of-view is You should make a series for beginners how to get into hacking career. By mean by that is like 1st learns basis of networking ,linux and step by step you go through each portion so that a beginner can understand and have a idea of how he can get into the field.
AND LAST BUT NOT LEAST....YOUR VLOGS❤ bcoz its interesting to watch events or normal days in a hacker's life.
Thank you! I have made some content like these:
th-cam.com/video/C_QFnx2PrPA/w-d-xo.html
th-cam.com/video/doFo0I_KU0o/w-d-xo.html
th-cam.com/video/GyktHRmkBWU/w-d-xo.html
Do you mean something different?
I'd be interested if you could make a video that provides insights on how to integrate the explicit knowledge gained from readings (e.g. books, blog posts, and reports) and listening to others, along with a certain type of knowledge gained from doing hands-on labs and CTFs, and effectively applying that to develop the procedural (practical) knowledge of actually finding bugs on real-world targets. I thought about this again today, and though the answer seems as simple as getting out of the "learning loop" and just jumping into hacking to learn, this still seems to be very elusive for many.
The sort of practical knowledge involved in hacking can be difficult to articulate sometimes, and so it seems some people, maybe half-joking, refer to an intuition or spidey sense while hacking. Perhaps there are some particularly good strategies to internalize knowledge gained from learning materials and labs to develop the deep procedural knowledge required for the more complex tasks in real-world hunting. Just getting one's hands dirty with bug hunting and using strats like focusing on one vuln class are good pieces of advice, but maybe there are some more explicit, actionable things new hunters can do in order to transfer knowledge from learning and experience in labs to "doing the thing" that is bug bounty hunting.
I would love a video on ssrf and how to exploit it. More importantly you need a french press! 😊
Totally new to this. It all still seems so new to me. But love the content Naham.
Please show us more access controls bypasses . Like just look at a report that has been posted and make a same sensation video to teach us how to do it and how to think when approaching a target. Thank you man 🙏
Hi, if possible, talk about business logic flaw, where and how to practice it ?
Can you please upload a full video explaining how we find different kind of bugs and how to report them and where to report them please this was not available on TH-cam by anyone
Hello! I would appreciate an episode about some project with Raspberry Pi - e. g. fuzzing farm. Not so much to overly promote reliance on automation but to expand knowledge and possibilities. Thank you for your consideration!
Hello Naham, first I really enjoy your videos but Please create a video discussing the rules for bug hunting. For example, we want to ensure that we are working within legal boundaries without encountering any problems. Additionally, provide information about the types of tools we can use for testing. We're particularly interested in videos covering these topics.
I woud like you to make a video on how someone can find bugs without using any purchased software or hacking tools.
It would be very useful as every youtuber nowadays uses payed tools.
Early crew.
Hello Ben, thanks for the content. I would like to have a video about the best steps, initial steps to follow when going for finding bugs in a bug bounty program.
It would be good, if you make content on the most common bugs, like.
What the bug is?
Technical background, a practical example on how to identify and exploit
If your ticket gets closed as resolved and you find a bypass, submit a new bug. Resolving through email will probably result in no second bounty.
Please Make a Advanced Bug Bounty Course in 2024
How to read and understand the scope of work so we don’t go out of scope
we want content like the video " Blind xss for beginners " :) thank you nahmsec
What lesser known things come up in bug bounty? Manage multiple emails , testing payment gateway without putting any money, something like this.
I want to know how we can do Web application pentesting from starting to end when we deal with company projects & bugbounty programs
Requesting you to take a live example and explain us that would be better
You should take a course from @NetworkChuck on shooting a coffee scene 🤣🤣🤣
NahamSec making coffee lol
Hey man your vids motivate me alot you can make any type of vids it is awesome but focusing on bug hunting labs , tips and tricks are very very great and motivates us ❤
I think something about pentesting on wasm would be awesome
Also U are the best
Hello Nahamsec, thanks for the great content.
Can you make videos about Nuclei, how to use nuclei , how to make templates etc etc ?
nahamsec you're a good bug bounty content creator , and i like your content thank you for sharing with us good information and knowledge about bug bounty , i'd like you to make a video about how to dive deep into the program (web app) not just subdomain enumeration , and what does mean understanding the app in depth i mean what are the things you should understand or know about the web app that may help the hacker to find good vulnerabilities
I like that, can you send me some specific questions about this to help me come up with the content? Like what would you like to learn specifically? 5poa@nahamsec.com
Love from Kerala 😍
I'd like more videos on making coffee! 😂
hi big bro.
If for newcomers who want to start Bug Bounty, prerequisites like
The required knowledge of network, JavaScript, Linux, etc. will be great if taught by you.
VLOG Day in The Life! walking us through a basic day of your current role, I believe would allow us to intergrade some of the behaviors in our everyday live, for example do you have a planner or are there Certains things you do in order to get ready for work (I heard every hacker drinks coffee lol). Seeing how you manage your free time would also help, like a AAU basketball player would watch a NBA players Day in a life ... what do you do to improve your game ?
Great idea!! can you email me 5poa@nahamsec.com for your voucher :)?
@@NahamSec just sent the email, thank you
I have solved most of portswigger labs but the thing is I am able to find & exploit a specific vulnerability in the labs because I know there is something to exploit here. But when it comes to bug bounty programs , after recon I just try to blindly inject sql inj/lfi/ssti payloads when I see any specific parameters like file=.
After a few tries I assume it is not vulnerable & I am wasting my time here.
What would be your advice to approach a target instead of blindly going for it?
Thanks
We are same bro
Can u share a checklist or something that will help bug Bounty beginners
I have a request that you create a course that is like an internship which is useful to add into a resume and get into job
my question might seem stupid but can you describe how can i apply my knowledge in real world means how can one actually find some vulnerability and report it and if possible get paid
Would love a quick how to video on bug hunting automation with Nuclei. Most videos are a few years old and don't cover this tool for 2023. ✊🏿✊🏿
I've been thinking about Nuclei but still not sure what I want to make of it. Will keep this in mind!
@@NahamSec I'm sure whatever you choose will be awesome 🤘🏿🤘🏿
Hy @NahamSec, Please make a Series Of Advance Web Pentesting Like "Account Take Over" level 1 to 10 and then "CRLF" level 1 to 10 and then "Buisness Logic Flaws" level 1 to 10 : And So On.
Thanks for the videos bro. You keep me motivated to find them bugs.
Any time!
;)
Forget everything assume that you only learnt about SSRF how will you approach your target? Which areas will you target?
Hi!
I know mindset is compulsory. Can you please guide us regarding How we can develop a hacker's mindset?
Content about discovering vulnerable sub-domains and various tools to do so
Hiiiee ben🤗🤗🤗 how are you doing?I think we need bug bounty case studies which I think will help out a bunch of folks like BBRE😊love ya🤗🤗
shubs! 🤯🤯🤯
Create a video about POC, how it should be and ...❤
Hello Naham. Please make content on beginner's guide
How to increase impact on p4 bugs like open redirection
What's the future of hacking and AI looking like. How will AI impact the world of hacking?
sir make a video on idor vulnerability
Make a bug bounty bootcamp
i guess going on twitter can help in finding people to collaborate with.
Attack and defence CTF challenge
more examples on real world targets
thanks naham
How to avoid ip block while bruteforcing?
Love it! Can you email me 5poa@nahamsec.com for your voucher :)?
I just saw your comment happy to know you liked it I just emailed you@@NahamSec
Do more XSS kindly
Video on race condition
make video bypass firewall ,400 bad request kind of video 😅
awesome🤩
More of the redacted series and you doing something out of work and BB. I personally following you for years and want to know more.
First here