ไม่สามารถเล่นวิดีโอนี้
ขออภัยในความไม่สะดวก
Learn Bug Bounty Hunting with These Resources!
ฝัง
- เผยแพร่เมื่อ 3 ส.ค. 2024
- I made this video a few years ago but as you can imagine the bug bounty community moves quickly, so here is a new list of resources for 2023 and some of my favourite newsletters, TH-cam channels, blogs, write ups, books and more that I recommend if you're just getting started!
Link to the full article with more detail :) open.substack.com/pub/insider...
0:00 Introduction
1:57 I can't tell you what will work for you
3:44 There's no course/book/video/spell
5:32 VARIETY MAKES LEARNING EASY
6:29 The CTF Roadbump
8:00 Learning Isn't Linear
8:53 It's okay to not know what you're doing
9:23 Push Yourself
11:27 Structured Learning Paths
13:19 Courses
15:05 Videos / Streamers / Shorts
16:26 Lecture Videos
17:03 Tools
19:45 Conferences
21:31 Podcasts
22:39 Books
26:08 Write Ups and Disclosures
26:58 Newsletters
28:15 Vulnerability Lists
29:00 Actually Hacking Something
29:33 Community Engagement
31:33 Start with the fundamentals
33:39 Join the Community
Howdy to all. Dear Katie, bless your heart. Thank you, kudos.
Katie, you are a life saver!!! I could not wrap my brain around these for college exam!!❤🎉
Thank you so much for the motivation, I started bug hunting on bugcrowd in July and so far I have reported over 15 bugs and all of them got either duplicate or information or not applicable. I am watching your videos to get motivated 😉😉😉
I really appreciate your point of view on this topic. I'm just getting started learning cybersecurity and found your video to be super helpful. Thanks!
Great pointers as always!
was waiting for your video from so long
So powerful insight, thanks sister ^^
Great..very useful!
Thank you so much Ma
Great video, thanks for the useful information
You are the best❤😊
Awesome, thank you so much! As for the tools, I've been debating if I should stick to burp or give a shot to Caido. I tried it out and fell in love with it, so clean, well structured and works great with Postman which is really effective for api hacking, so it's reassuring to hear other people are excited for it and its further developments too!
Rhynorator is a big fan too especially because it works on his Chromebook!
Thanks 😊
thank prof.
great!
Amazing
Your videos are amazing I learned so much and man idk what to say anywhere I can donate? ❤
You can but don’t worry about it :) the best thing you can do is sign up for a Bugcrowd account and start hacking ;)
Can you make a video on bug bounty setup? I have concern regarding IP ban and stuff.
I wouldn’t worry as long as you aren’t constantly hitting a server with payloads you won’t get an IP ban
My first "hack" was the most by the textbook CTF style almost like the developer just wanted it hacked, it was my school counties website (that they scrapped but kept online) had a search box with sqli and unhashed passwords and everyone used the same password for the super expensive golden door login site they had. I was 15 and got super popular bc of it but I wasnt even proud of myself for it was too easy. Yes I got arrested (not charged as adult thank God) 120 community service, two weeks juve, nothing that connects to Internet for year(like they could enforce that😂) I deleted everyones absents made people pass classes and it was the last month of school
You mentioned putting several links in the description but there aren't any there.
Hi Katie, what courses would you recommend for the recon and burpsuite phases?
Was there meant to be a link in the description? I cannot find it, can you please provide the link to the blog post?
Hello KATIE thank you for your all helpful videos i learned so much from them and its very good for a beginners like me
you also teach us how to stick to them and keep our passion for it . but i learn idor and how its works but i didn't know where i can found and how i chose a website for idor can you explain us plz
I’m actually going to do a livestream with Bugcrowd soon but any time you can see an ID as a number or a UUID (/resource/1, post=1) you wanna be checking for IDORs Tumblr is a great program to start with
@@InsiderPhD yes .. I understand these concept from your lectures and as well as web security academy labes now I just want land hands on practice.. please help me
@@InsiderPhD where I can find website to Scan?? Hacker one?
My problem is that I have to stop learning and start hacking
You can make the jump, just try and explore the next bug bounty programme you see, just try and map out in your notes which requests power which functionality and what kind of bugs you might want to look for :)
Hey thank you for the good work ❤
I am trying to to jump in to bug bounty
I tried to test an api of an app but I can't figure out how too see the api end points the app when i change the proxy of the wifi the app refuses to work I tried to install it in android simulator but they have some kind of security that will not allow you to install in simulator
Any advice?
I have some videos on this, but it’s usually because you need to break the ssl the app is using, the most reliable way is to use another tool called Frida use this scrip t codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/ with this tutorial infosecwriteups.com/hail-frida-the-universal-ssl-pinning-bypass-for-android-e9e1d733d29?gi=642ecc6dad06
@@InsiderPhD thank you 🙏
Sir own cryptocurrency mining ke liya language pat hai par start kaha se kare code🤔🤔
hey wheres the blog post link?
Didn’t get released in time :( should have it out before the weekend
Early. :3
First to comment 🎉
Hi,
I have a question that is very close to my heart.
You have extremely much knowledge and also show a lot in your videos, but I'm just despairing. I really want to get into the Bug Bounty Hunter business as a side job, but I have no idea where and what to start.
It kills me that I am apparently too stupid for it. I work as an IT forensics engineer in a government agency, before that I worked as a software engineer for a large food company in Austria, I have an IT technician and computer scientist degree, I graduated as a data scientist and business analyst, I had several trainings in databases and C# etc ... and am now too stupid to start as a Bug Bounty Hunter.
I would like to ask you for advice and tell me what I am doing wrong or what other courses I should take. In the meantime I have several Udemy courses, got the APIsec University course, ... I am at the end of my rope.
Sorry to bother you with this, but I didn't know what else to do.
Thanks and best regards from Austria
René
You're probably not too stupid to do anything, you already have a successful career - that's proof enough. You have a whole DEGREE that has taught you SO much about how to approach problems. When you started programming what improved your programming the most? Was it course after course showing you the basics of how objects work? NO IT WAS ACTUALLY PROGRAMMING.
Stop taking courses and actually start hacking, look at websites, understand how they're built and what goes into an action like logging in to a website. Don't just spam payloads but think about the type of security constraints an application has implemented and how you might bypass them. Focus on training yourself to think like a hacker, you're looking at a black box, what's on the other side? You have a BIG advantage with your skillset! Don't expect a bug in your first 10 hours of looking at a real client, just explore the website, break down features into each request/response you need. Think about how what kind of security measures should be in place, if you were implementing it how would you do it? What mistakes would a junior make?
cybermentor dont do bug hunting
No but they're making a lot of API security videos at the moment!
Hello mam,
How are you?
Mam I also want to do bug bounty and ethical hacking.
Can you guide me the road map and suggest some books?
Mam I am unable to create effective virus +malicious with python.
How can I solve it?
You are absolutely wasting your time if you are bug bounty hunting for money instead of curiosity or passion.
Agreed, I think anyone looking for a quick buck is going to be disappointed
Thank you a lot
How can I dm you?
Yup on Twitter or my email is on my website :)
Hi i really want to contact you to tell you something just because i feel it might brighten your day in the future, basically i want to share a story of mine i am not even interested in getting a reply or a feedback just i want to tell you so later on i can give an update that hopefully it makes you understand more how are people like you are significant to the community
is there anyway please? ( i don't trust telling it publicly)
Katie@insiderphd.dev