Thank you so much for the motivation, I started bug hunting on bugcrowd in July and so far I have reported over 15 bugs and all of them got either duplicate or information or not applicable. I am watching your videos to get motivated 😉😉😉
Dupes are GOOD - that means you're finding the right stuff BUT you're just not fast enough, that's when you've gotta play the bb meta of finding new scope before other people, recon helps a lot with that. Informational/not applicable is super dependent on the client, it's usually a risk they're happy to accept not necessarily that you haven't found an issue. Keep on it there are so many people out there who haven't even been brave enough to report a single bug, you're smashing it compared to them.
I really appreciate your point of view on this topic. I'm just getting started learning cybersecurity and found your video to be super helpful. Thanks!
Awesome, thank you so much! As for the tools, I've been debating if I should stick to burp or give a shot to Caido. I tried it out and fell in love with it, so clean, well structured and works great with Postman which is really effective for api hacking, so it's reassuring to hear other people are excited for it and its further developments too!
My first "hack" was the most by the textbook CTF style almost like the developer just wanted it hacked, it was my school counties website (that they scrapped but kept online) had a search box with sqli and unhashed passwords and everyone used the same password for the super expensive golden door login site they had. I was 15 and got super popular bc of it but I wasnt even proud of myself for it was too easy. Yes I got arrested (not charged as adult thank God) 120 community service, two weeks juve, nothing that connects to Internet for year(like they could enforce that😂) I deleted everyones absents made people pass classes and it was the last month of school
Hello KATIE thank you for your all helpful videos i learned so much from them and its very good for a beginners like me you also teach us how to stick to them and keep our passion for it . but i learn idor and how its works but i didn't know where i can found and how i chose a website for idor can you explain us plz
I’m actually going to do a livestream with Bugcrowd soon but any time you can see an ID as a number or a UUID (/resource/1, post=1) you wanna be checking for IDORs Tumblr is a great program to start with
@@InsiderPhD yes .. I understand these concept from your lectures and as well as web security academy labes now I just want land hands on practice.. please help me
Hey thank you for the good work ❤ I am trying to to jump in to bug bounty I tried to test an api of an app but I can't figure out how too see the api end points the app when i change the proxy of the wifi the app refuses to work I tried to install it in android simulator but they have some kind of security that will not allow you to install in simulator
I have some videos on this, but it’s usually because you need to break the ssl the app is using, the most reliable way is to use another tool called Frida use this scrip t codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/ with this tutorial infosecwriteups.com/hail-frida-the-universal-ssl-pinning-bypass-for-android-e9e1d733d29?gi=642ecc6dad06
You can make the jump, just try and explore the next bug bounty programme you see, just try and map out in your notes which requests power which functionality and what kind of bugs you might want to look for :)
Hi, I have a question that is very close to my heart. You have extremely much knowledge and also show a lot in your videos, but I'm just despairing. I really want to get into the Bug Bounty Hunter business as a side job, but I have no idea where and what to start. It kills me that I am apparently too stupid for it. I work as an IT forensics engineer in a government agency, before that I worked as a software engineer for a large food company in Austria, I have an IT technician and computer scientist degree, I graduated as a data scientist and business analyst, I had several trainings in databases and C# etc ... and am now too stupid to start as a Bug Bounty Hunter. I would like to ask you for advice and tell me what I am doing wrong or what other courses I should take. In the meantime I have several Udemy courses, got the APIsec University course, ... I am at the end of my rope. Sorry to bother you with this, but I didn't know what else to do. Thanks and best regards from Austria René
You're probably not too stupid to do anything, you already have a successful career - that's proof enough. You have a whole DEGREE that has taught you SO much about how to approach problems. When you started programming what improved your programming the most? Was it course after course showing you the basics of how objects work? NO IT WAS ACTUALLY PROGRAMMING. Stop taking courses and actually start hacking, look at websites, understand how they're built and what goes into an action like logging in to a website. Don't just spam payloads but think about the type of security constraints an application has implemented and how you might bypass them. Focus on training yourself to think like a hacker, you're looking at a black box, what's on the other side? You have a BIG advantage with your skillset! Don't expect a bug in your first 10 hours of looking at a real client, just explore the website, break down features into each request/response you need. Think about how what kind of security measures should be in place, if you were implementing it how would you do it? What mistakes would a junior make?
Hello mam, How are you? Mam I also want to do bug bounty and ethical hacking. Can you guide me the road map and suggest some books? Mam I am unable to create effective virus +malicious with python. How can I solve it?
Hi i really want to contact you to tell you something just because i feel it might brighten your day in the future, basically i want to share a story of mine i am not even interested in getting a reply or a feedback just i want to tell you so later on i can give an update that hopefully it makes you understand more how are people like you are significant to the community is there anyway please? ( i don't trust telling it publicly)
I feel alot motivated when i see your vids , Thanks Katie!.
Howdy to all. Dear Katie, bless your heart. Thank you, kudos.
Thank you so much for the motivation, I started bug hunting on bugcrowd in July and so far I have reported over 15 bugs and all of them got either duplicate or information or not applicable. I am watching your videos to get motivated 😉😉😉
kudos to you cheer up i belive in you
@@serhanesaidi3140 thanks dear! Really it means a lot 💕💕
Dupes are GOOD - that means you're finding the right stuff BUT you're just not fast enough, that's when you've gotta play the bb meta of finding new scope before other people, recon helps a lot with that.
Informational/not applicable is super dependent on the client, it's usually a risk they're happy to accept not necessarily that you haven't found an issue. Keep on it there are so many people out there who haven't even been brave enough to report a single bug, you're smashing it compared to them.
I really appreciate your point of view on this topic. I'm just getting started learning cybersecurity and found your video to be super helpful. Thanks!
Thank you so much for making this! Super useful.
Katie, you are a life saver!!! I could not wrap my brain around these for college exam!!❤🎉
Your content is gold thanks!!!!
was waiting for your video from so long
So powerful insight, thanks sister ^^
Awesome, thank you so much! As for the tools, I've been debating if I should stick to burp or give a shot to Caido. I tried it out and fell in love with it, so clean, well structured and works great with Postman which is really effective for api hacking, so it's reassuring to hear other people are excited for it and its further developments too!
Rhynorator is a big fan too especially because it works on his Chromebook!
Was there meant to be a link in the description? I cannot find it, can you please provide the link to the blog post?
Great video, thanks for the useful information
Can you make a video on bug bounty setup? I have concern regarding IP ban and stuff.
I wouldn’t worry as long as you aren’t constantly hitting a server with payloads you won’t get an IP ban
Great pointers as always!
Your videos are amazing I learned so much and man idk what to say anywhere I can donate? ❤
You can but don’t worry about it :) the best thing you can do is sign up for a Bugcrowd account and start hacking ;)
Hi Katie, what courses would you recommend for the recon and burpsuite phases?
Thank you so much Ma
My first "hack" was the most by the textbook CTF style almost like the developer just wanted it hacked, it was my school counties website (that they scrapped but kept online) had a search box with sqli and unhashed passwords and everyone used the same password for the super expensive golden door login site they had. I was 15 and got super popular bc of it but I wasnt even proud of myself for it was too easy. Yes I got arrested (not charged as adult thank God) 120 community service, two weeks juve, nothing that connects to Internet for year(like they could enforce that😂) I deleted everyones absents made people pass classes and it was the last month of school
Great..very useful!
Hello KATIE thank you for your all helpful videos i learned so much from them and its very good for a beginners like me
you also teach us how to stick to them and keep our passion for it . but i learn idor and how its works but i didn't know where i can found and how i chose a website for idor can you explain us plz
I’m actually going to do a livestream with Bugcrowd soon but any time you can see an ID as a number or a UUID (/resource/1, post=1) you wanna be checking for IDORs Tumblr is a great program to start with
@@InsiderPhD yes .. I understand these concept from your lectures and as well as web security academy labes now I just want land hands on practice.. please help me
@@InsiderPhD where I can find website to Scan?? Hacker one?
You mentioned putting several links in the description but there aren't any there.
Thanks 😊
Awesome
You are the best❤😊
thank prof.
Amazing
great!
Sir own cryptocurrency mining ke liya language pat hai par start kaha se kare code🤔🤔
Hey thank you for the good work ❤
I am trying to to jump in to bug bounty
I tried to test an api of an app but I can't figure out how too see the api end points the app when i change the proxy of the wifi the app refuses to work I tried to install it in android simulator but they have some kind of security that will not allow you to install in simulator
Any advice?
I have some videos on this, but it’s usually because you need to break the ssl the app is using, the most reliable way is to use another tool called Frida use this scrip t codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/ with this tutorial infosecwriteups.com/hail-frida-the-universal-ssl-pinning-bypass-for-android-e9e1d733d29?gi=642ecc6dad06
@@InsiderPhD thank you 🙏
My problem is that I have to stop learning and start hacking
You can make the jump, just try and explore the next bug bounty programme you see, just try and map out in your notes which requests power which functionality and what kind of bugs you might want to look for :)
hey wheres the blog post link?
Didn’t get released in time :( should have it out before the weekend
Hi,
I have a question that is very close to my heart.
You have extremely much knowledge and also show a lot in your videos, but I'm just despairing. I really want to get into the Bug Bounty Hunter business as a side job, but I have no idea where and what to start.
It kills me that I am apparently too stupid for it. I work as an IT forensics engineer in a government agency, before that I worked as a software engineer for a large food company in Austria, I have an IT technician and computer scientist degree, I graduated as a data scientist and business analyst, I had several trainings in databases and C# etc ... and am now too stupid to start as a Bug Bounty Hunter.
I would like to ask you for advice and tell me what I am doing wrong or what other courses I should take. In the meantime I have several Udemy courses, got the APIsec University course, ... I am at the end of my rope.
Sorry to bother you with this, but I didn't know what else to do.
Thanks and best regards from Austria
René
You're probably not too stupid to do anything, you already have a successful career - that's proof enough. You have a whole DEGREE that has taught you SO much about how to approach problems. When you started programming what improved your programming the most? Was it course after course showing you the basics of how objects work? NO IT WAS ACTUALLY PROGRAMMING.
Stop taking courses and actually start hacking, look at websites, understand how they're built and what goes into an action like logging in to a website. Don't just spam payloads but think about the type of security constraints an application has implemented and how you might bypass them. Focus on training yourself to think like a hacker, you're looking at a black box, what's on the other side? You have a BIG advantage with your skillset! Don't expect a bug in your first 10 hours of looking at a real client, just explore the website, break down features into each request/response you need. Think about how what kind of security measures should be in place, if you were implementing it how would you do it? What mistakes would a junior make?
Sound
First to comment 🎉
cybermentor dont do bug hunting
No but they're making a lot of API security videos at the moment!
Hello mam,
How are you?
Mam I also want to do bug bounty and ethical hacking.
Can you guide me the road map and suggest some books?
Mam I am unable to create effective virus +malicious with python.
How can I solve it?
You are absolutely wasting your time if you are bug bounty hunting for money instead of curiosity or passion.
Agreed, I think anyone looking for a quick buck is going to be disappointed
Early. :3
Thank you a lot
How can I dm you?
Yup on Twitter or my email is on my website :)
Hi i really want to contact you to tell you something just because i feel it might brighten your day in the future, basically i want to share a story of mine i am not even interested in getting a reply or a feedback just i want to tell you so later on i can give an update that hopefully it makes you understand more how are people like you are significant to the community
is there anyway please? ( i don't trust telling it publicly)
Katie@insiderphd.dev