How To Get Started In Bug Bounties
ฝัง
- เผยแพร่เมื่อ 8 ก.ย. 2024
- Got a question? Drop it in the comments below!
😍 Become a TH-cam member - / @dccybersec
🙏 Become a Patron - / dccybersec
👕 Merch - teespring.com/stores/dc-cybersec
❤️ Twitch - / muffin_knight
📷 Instagram - / dccybersec
📖 Facebook - / dccybersec
🐦 Twitter - / dccybersec
💬 Discord - / discord
👍 Thanks for watching and I'll see you in the next one!
🚨Hit subscribe to stay up to date with the latest news in Cyber Security🚨
MUSIC:
Music by / ikson
/ mabfeaetddup
~~~~~~
SIGN UP ON TryHackMe!
tryhackme.com/...
02:13 HTTP, TCP/IP, Linux, Bash scripting 02:30 Web apps, Networking, HTML, PHP 02:50 Burp Suite, Google 05:08 owasp
thx
Father of cj
Super useful resourxrs; 1.Twitter, gold mine for bug bounty. Hust follow the main players. 2.Start reading bug bounty reports, as many as you can and test. 3.Readn read ... many free resources out there. Big G is your friend in this case. 4.YT of course, follow channels that talk about bug bounty, cybersec and even dev. 5.Do some coding projects (c, c++, javasxript, python). It will be useful. Check github for ideas. 6.Have fun 😁😁
JUST THE PRACTICAL GUIDANCE NEEDED IN AN ERA OF FLOODING INFORMATION... KEEP DOING THE GOOD WORK DC CYBERSEC!!!!
thanks man!
Your video motivated me, I consider all of your words. This is heart touching. Thanks for such a great information.
Thanks for the nice words and for watching :)
@@dccybersec welcome sir. Keep helping us 💓
For all those who are here to get information about how to get started, here are few videos which might help you out:
th-cam.com/video/7yKU0cSHu5A/w-d-xo.html
th-cam.com/video/qme4rAD2mlM/w-d-xo.html
th-cam.com/video/CU9Iafc-Igs/w-d-xo.html
th-cam.com/video/vPWrrWlfrXQ/w-d-xo.html
th-cam.com/video/kn0jClWSdD8/w-d-xo.html
An unhelpful suggestion from me: The methodology I follow is, master a technology and then exploit it. Without mastering (or at least understanding) a technology, you can't start finding bugs in it. There are a tons of things going on behind the website you open or this video you are watching like a server hardware residing in a data center somewhere in this world with a hypervisor installed on it and a VM instance with a web hosting application, hosting this website behind a loadbalancer which is behind a dedicated physical firewall which might be behind some proxy server which might be behind another firewall.
This was only the hardware part, many such things are deployed on the software-side too!
So, start it with focus of learning it and then master it and then -_-
Sit back home and read this comment again!
Goodluck for your journey!
Thanks for the information mate. Very helpful me and mates currently studying Cyber Security and are looking into diving into some bug bountys.
THANK YOU, i cannot say this enough THANK YOU, i needed a definite go here learn this start there.
😊😊
Great video! I'm a student in Internet of Things with interests in cybersecurity and pen testing also, due to my study i don't have a lot of time to search the perfect resource on where to start, i usually get home, make my homework and at around 1am i can start learning. thanks for helping me out on that haha
Could you make this a serie maybe?
How to get started.
How I did my first bounty
Where are the keypoints the check
How to write a good report
Things not to do while bug hunting
Roadmap to pen testing
Again, Great channel, keep it up ^^
Greetz from Belgium!
You literally named almost every episode of the bug bounty series that i've got in the works hahaha. Thanks for watching man, really appreciate it!
@@dccybersec Don't thank me, you're doing the work! i'd love to help you with finding sources or just philosophize about bug hunting, any way i can reach out to you?
@@hakunamatras Discord or Twitter (links in description). Probably discord is best, i'm pretty active in my server :)
Bali mask is background 😱
This boi can Rob a bank🔥
Im gonna start with this bcz it seems easier to me than some magic assembly voodoo shit and i have great knowledge in linux, js and networking so im ready
Bro dont forget about cyber mentor man that guy is a hero
For sure! He’s awesome 😎
This was a great video. Thanks for the content. Awesome stuff and very helpful for a newbie like myself.
Glad it helped out :)
Yes..! Thank you very much... for this... just a request when you find get a bug bounty 💵💵💵 which we hope soon ? Can you please share with us?? The process??
Yep will do mate. I’ll be documenting my whole process from beginning to bounty!
@@dccybersec where mate
Thanks 😊
No problem 😊
This video was so damn intense. Thanks a lot.
Stok has been great to watch, already watched some of his videos. Great video by the way and thanks for recommendations.
he's an absolute legend. thanks for watching!
Good stuff! It really got my interest in bug bounties.
Your all videos are really awesome. I like every video. Post video more . thank you bro. 😊
Thanks mate! That’s very kind of you
Your kindness. 🤗😊
Looking forward to the future video in which u tell your first bug finding story
I can’t wait!
7:26 💪
Loving the content mate - great advice! Cheers from BNE, Aus 🍻
Thanks mate! I should do a local Brisbane meetup sometime
Keen as, let’s put something together.. Where you at @codingo_ !
Hey how good is brisbane!
nice video. btw I subscribe your channel cause you look like a really nice and honest guy!
lol thanks :D
Very nice presentation... Thank you.
Glad you liked it!
First of all English is not my native language. I really want to do bug bounty but not too many resources in my language in bug bounty. Because of this, I cannot learn by reading documents or watching videos. That's why I need to learn software languages so that I can understand its logic. What should I do?
Can I make a living from doing bug bounties, or perhaps doing security evaluations for businesses demonstrating network security flaws to business owners and how to secure their systems and how to harden them. I have a good understanding of cybersecurity with years of experience using Linux I'm just not sure how I can transfer these skills I've learned over the years and turn this into a freelance income, any advice?
Awesome thank you
thanks for watching mate!
Thank you thank you thank you!
You’re welcome :)
New subscriber here also this is the first video i watch in your channel xD
woohoo! welcome! thanks for watching :)
This video was great! Thankyou so much for all of the info! Got a sub from me
Thanks for the sub!
Definitely helpful. Thanks man!
I dont understand something. Some hackers are reading the code and they see instantly where a voulnabilty could be. But if i try to read webside code i dont understand anything. So i always go through the webside,and im testing every parameter. But how can i learn to find bugs by reading code?
I think that comes down to experience.. I could be absolutely wrong because I'm just beginning as well. I think over time, you learn what will/wont work in that language.
Soo essentially when you are going to attempt a bug bounty ( I am a completely clueless btw I have tried it and I don't know anything) do you just have to try every single exploit or like try all the possible problems? I do not exactly understand how it works. Also, I have no programming knowledge I have tried to self teach myself it and I am currently in college (community college) and hoping to transfer out to study IT but I want to branch out into cybersecurity. Basically, I do not know how to say what I want to say but, I think it is the owasp top 10 or something like that, do we try to find all those vulnerabilities in the program or website or is it something more specific.
Yeah, basically you can try everything possible. Each app is a new challenge, with different bugs and defenses to evade, and then you report on what worked and on what didn’t. The job of a pentester is to evaluate the client’s systems, so it’s also good to tell them where you weren’t able to get anywhere because they did things right!
please do clear my confusion ,do we need to stay ananmous during bug bounyt
Just found my first bug
Woohoo!
What i dont understand is people always talk about xss injection.. if the website itself doesn't take any user input or input is sanitised which is everywhere these days..xss injection seems very weak and impossible.could u explain
it's interesting 🤔
Thanks man!
Is doing a bug bounty like doing a pen test you break into the company and tell them the bug ?
More or less, yes
Really loved your videos
#Can you discuss about Class 0 sms
It’s in the list man, you don’t need to keep asking lol
@@dccybersec you didn't response so I keep on making query😝😝
Some times in The Hacker one site bug bounty section whom want to find the bugs they ask me to do find the bugs but they have one demand that shouldn't use Burpsuite and such a readymade tools so how can I performe..? Please can you suggest me
Thanks for this video. I am still learning and believe it will all sync soon.
I got the OWASP Testing Guide V4
Are you Nigerian? Goodluck on your journey brother!
@@hackedemy9324 yeah but live in Australia. Are you? Where do you live?
@@francis2k488 You're really lucky! I'm in Nigeria at the moment but hopefully, I'll move out soon.
@@hackedemy9324 are you a hacker?
Why did you say I am lucky. With skills we can be lucky anywhere bro. You can try migration pathway.
@@francis2k488 Yes I am. I'm self-studying cybersec online and studying Computer Engineering in the uni. Planning to leave Nigeria and study Computer Science or Cybersec elsewhere bc this isn't helping me. I'll try the migration pathway, saving towards it currently.
Tanx
This is very informative
Thanks mate
Hello Sir Do you recomended KALI LINUX for BugBounty or Windows and MacOs is Good ?
THANK you ⭐🔥
Honestly, whatever works for you. Kali might be easier as it has all the tools built in already but honestly, you can use any machine
Broo thank you so so much im only 12 and im only 12 and i dont know really if I can do this but thxxx
The earlier the better!🙃 Go for it.
Love ya, keep going ❤️
Thanks mate. Will do!
Awesome cool...
Thanks ✌️
if a Subdomain give us error 404 ..
can that Takeover ?
I want to learn bug bounty
So tell me what topic should I learn
great
thanks!
🔥 Awsome 👑
Thanks mate!
Mera ye sawaal hai ke agar hum kise company ke ek se ziada bug dhoond lein tu hum us company ko saare bugs ke liye sirf ek report likhen ya har bug ke liye alag alag report likhen
I tried translating this from Hindi and still couldn't really understand, sorry :(
Can you reply in english please so I can help out?
Having the OSCP helps to get into bug bounty??
for sure, but not necessarily needed
@@dccybersec having done 35 oscp lab boxes so far , i say no . oscp web app labs are very average . you will learn more from portswigger web academy. also use owasp zap , its free
Lot of thanks sir. 🔥🔥 سبحان اللّه 🔥🔥
My pleasure. Thanks for watching!
Love bro..
love you too mate!
Please reply with the name of guides u prefer us to follow as
I could not get what u said in the video
They are linked in the description
please answer this
do I need burb suite pro for my first bug ???
Nope. You can use the free one
@@dccybersec thanks for your replay
What is song called at 0:32?
EPIC
You didn't link OWASP
Did you find many bugs ?
I am going to start bug bounty in hacker1 or bug crowd should I take permission or how to get permission from a web application, please help me anyone who all did bug bounty
someone told me we have to take permission to bug hunting otherwise without permission it's will be a cybercrime plz someone explain😢😢😢😢
As long as you stay within the scope of what is defined by hacker1 or bugcrowd, then you're relatively safe. Just make sure you understand what the scope is and how to stay inline with that
@@dccybersec by the way thanks for your diamond advice sir
(this advice is like a diamond for me can I follow you on tweeter sir)
one more last
like go to the hacker1 sing up and according their rule pick a program start bug hunting if they told us not to in any subdomain then not to do in any subdomain am I right?
Hii dc iam from india your video is more motivational
Hi
Programming Language is important.
how much time pass from 0 knowledge to your first bug??
I'll let you know when I get my first bug haha
Where all links from video?where link on guide?
TH-cam removed all my video descriptions a while back and replaced it with the default
U missed nullbyte channel
Who are you looking at? :p
Whats up Man?
nm mate, how's it going?
@@dccybersec im good i will start on My IT Job your channel is a big help
How many money can we make by bug bounty hacking.
It depends which bugs you find for which company
@@dccybersec like I'm 17 years old and going to graduate from school and I know c++ and python will that help? And as you mentioned in your video about tutorials on TH-cam will that help me or courses on udemy or courses on hacker one will help I'm little confused which course to take can you please help me out because I also want to become a hacker like Santiago Lopez and Thomas
Thank you.
@@ShashiSingh-ck7mu Yes read hackerone hacktivity,medium blogs, do labs like owaspbwa it definitely helps, @nahamsec's TH-cam channel is also very nice
LEt's go first one here and first comment again
Killin it mate
Can I get one of your soft toys?
Sure. Which one do you want
Watch hackersploit
Definitely! he's awesome
I won’t recommend it bug bounties has too much competition now all the pros find bugs before you.
They just take the quick and easy payouts first. As far as building experience though it’s pretty good!
02:13 HTTP, TCP/IP, Linux, Bash scripting
02:30 Web apps, Networking, HTML, PHP
02:50 Burp Suite, Google
05:08 owasp