How to Write Great Bug Bounty Reports
ฝัง
- เผยแพร่เมื่อ 29 ก.ย. 2024
- Pentests & Security Consulting: tcm-sec.com
Get Trained: academy.tcm-se...
Get Certified: certifications...
Merch: merch.tcm-sec.com
Sponsorship Inquiries: info@thecybermentor.com
📱Social Media📱
___________________________________________
Twitter: / thecybermentor
Twitch: / thecybermentor
Instagram: / thecybermentor
LinkedIn: / heathadams
TikTok: / thecybermentor
Discord: / discord
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
/ thecybermentor
Support the stream (one-time): streamlabs.com...
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: amzn.to/31GN7iX
The Hacker Playbook 3: amzn.to/34XkIY2
Hacking: The Art of Exploitation: amzn.to/2VchDyL
The Web Application Hacker's Handbook: amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: amzn.to/31HAmVx
Linux Basics for Hackers: amzn.to/34WvcXP
Python Crash Course, 2nd Edition: amzn.to/30gINu0
Violent Python: amzn.to/2QoGoJn
Black Hat Python: amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: amzn.to/30d1UW1
EVGA 2080TI: amzn.to/30d2lj7
MSI Z390 MotherBoard: amzn.to/30eu5TL
Intel 9700K: amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: amzn.to/2M638Zb
Razer Nommo Chroma Speakers: amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: amzn.to/31MOgpu
My Recording Equipment:
Panasonic G85 4K Camera: amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: amzn.to/2LIRxAp
Aston Origin Microphone: amzn.to/2LFtNNE
Rode VideoMicro: amzn.to/309yLKH
Mackie PROFX8V2 Mixer: amzn.to/31HKOMB
Elgato Cam Link 4K: amzn.to/2QlicYx
Elgate Stream Deck: amzn.to/2OlchA5
*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.
Hope this is being put out since you're working on a Bug Bounty Course!
It's because we get a lot of bad bug bounty reports in our VDP program.
@@JoeHellethemayor That was option #2 for me, lol
Scope is negotiable-but you do need to actually negotiate. That means NOT submitting a report through their bounty program.
If you find something out of scope that is actually something, you should reach out directly to the company. Be considerate, and there’s a decent chance of negotiating payment-assuming you really did _find something_
Report writing is a fine art, especially for bug bounty. Report just good enough to get paid, but vague enough that the implemented fix can be bypassed so you can farm the same bug for multiple bounties. 😂
do you have any written bug bounty report
Nice video, thank you! But when is the best time to start bug bounty hunting?
this is exactly what I have been waiting for. Thank you Heath!!!!😀
I know nothing about coding or hacking or ANYTHING, but I really want to learn- even just the basics would be cool. Do you know a good starting point or what I should do to set a foundation for building my knowledge on the subject?
Just asking what if some comments and low severity vulnerabilities able to fetch the database where one can access admin account without changing the password, are those vulnerabilities will stay in low severity or we should set them as critical?
From my point of view, regardless of whether a tool tells you that you have something critical, it would be necessary to see if that asset is critical for the organization as such.
But going back to what you indicate, I believe that something considered as disclosure of weak credentials or passwords must be approached with the same implication that it deserves. Since it carries an even greater risk.
Nice Video Mate
❤❤❤
nice work man ❤❤❤
MMMM. I will start your courses today. I just want to start with your courses. Not proffessor messer etc. just remind me how to start> thank you
Big fan sir❤
Dude! Who are these other people on this channel? Not really liking that
Great tutori8al Heath!
What tools do you like to use for note taking / documentation?
nice
thank you heath
First