How To Get Started In Bug Bounties

แชร์
ฝัง
  • เผยแพร่เมื่อ 28 พ.ย. 2024

ความคิดเห็น • 154

  • @domaincontroller
    @domaincontroller 4 ปีที่แล้ว +47

    02:13 HTTP, TCP/IP, Linux, Bash scripting 02:30 Web apps, Networking, HTML, PHP 02:50 Burp Suite, Google 05:08 owasp

  • @atmane001
    @atmane001 4 ปีที่แล้ว +11

    Super useful resourxrs; 1.Twitter, gold mine for bug bounty. Hust follow the main players. 2.Start reading bug bounty reports, as many as you can and test. 3.Readn read ... many free resources out there. Big G is your friend in this case. 4.YT of course, follow channels that talk about bug bounty, cybersec and even dev. 5.Do some coding projects (c, c++, javasxript, python). It will be useful. Check github for ideas. 6.Have fun 😁😁

  • @tirtheshpawar9614
    @tirtheshpawar9614 4 ปีที่แล้ว +9

    JUST THE PRACTICAL GUIDANCE NEEDED IN AN ERA OF FLOODING INFORMATION... KEEP DOING THE GOOD WORK DC CYBERSEC!!!!

  • @no1sploit529
    @no1sploit529 4 ปีที่แล้ว +30

    Your video motivated me, I consider all of your words. This is heart touching. Thanks for such a great information.

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว +2

      Thanks for the nice words and for watching :)

    • @no1sploit529
      @no1sploit529 4 ปีที่แล้ว

      @@dccybersec welcome sir. Keep helping us 💓

  • @devcreed8175
    @devcreed8175 4 ปีที่แล้ว +4

    For all those who are here to get information about how to get started, here are few videos which might help you out:
    th-cam.com/video/7yKU0cSHu5A/w-d-xo.html
    th-cam.com/video/qme4rAD2mlM/w-d-xo.html
    th-cam.com/video/CU9Iafc-Igs/w-d-xo.html
    th-cam.com/video/vPWrrWlfrXQ/w-d-xo.html
    th-cam.com/video/kn0jClWSdD8/w-d-xo.html
    An unhelpful suggestion from me: The methodology I follow is, master a technology and then exploit it. Without mastering (or at least understanding) a technology, you can't start finding bugs in it. There are a tons of things going on behind the website you open or this video you are watching like a server hardware residing in a data center somewhere in this world with a hypervisor installed on it and a VM instance with a web hosting application, hosting this website behind a loadbalancer which is behind a dedicated physical firewall which might be behind some proxy server which might be behind another firewall.
    This was only the hardware part, many such things are deployed on the software-side too!
    So, start it with focus of learning it and then master it and then -_-
    Sit back home and read this comment again!
    Goodluck for your journey!

  • @shadowbandit5689
    @shadowbandit5689 4 ปีที่แล้ว +10

    Thanks for the information mate. Very helpful me and mates currently studying Cyber Security and are looking into diving into some bug bountys.

  • @hakunamatras
    @hakunamatras 4 ปีที่แล้ว +5

    Great video! I'm a student in Internet of Things with interests in cybersecurity and pen testing also, due to my study i don't have a lot of time to search the perfect resource on where to start, i usually get home, make my homework and at around 1am i can start learning. thanks for helping me out on that haha
    Could you make this a serie maybe?
    How to get started.
    How I did my first bounty
    Where are the keypoints the check
    How to write a good report
    Things not to do while bug hunting
    Roadmap to pen testing
    Again, Great channel, keep it up ^^
    Greetz from Belgium!

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว +4

      You literally named almost every episode of the bug bounty series that i've got in the works hahaha. Thanks for watching man, really appreciate it!

    • @hakunamatras
      @hakunamatras 4 ปีที่แล้ว +2

      @@dccybersec Don't thank me, you're doing the work! i'd love to help you with finding sources or just philosophize about bug hunting, any way i can reach out to you?

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว +3

      @@hakunamatras Discord or Twitter (links in description). Probably discord is best, i'm pretty active in my server :)

  • @DamienBiffinc0ldm3th0d
    @DamienBiffinc0ldm3th0d 4 ปีที่แล้ว +8

    THANK YOU, i cannot say this enough THANK YOU, i needed a definite go here learn this start there.

  • @Plutosantorini
    @Plutosantorini 4 ปีที่แล้ว +3

    Bro dont forget about cyber mentor man that guy is a hero

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว +2

      For sure! He’s awesome 😎

  • @psychoticgamer6853
    @psychoticgamer6853 4 ปีที่แล้ว +2

    Bali mask is background 😱
    This boi can Rob a bank🔥

  • @RN-kl4kp
    @RN-kl4kp 4 ปีที่แล้ว +3

    Yes..! Thank you very much... for this... just a request when you find get a bug bounty 💵💵💵 which we hope soon ? Can you please share with us?? The process??

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว +2

      Yep will do mate. I’ll be documenting my whole process from beginning to bounty!

    • @harihacke9454
      @harihacke9454 4 ปีที่แล้ว

      @@dccybersec where mate

  • @MyNameIsTX
    @MyNameIsTX 4 ปีที่แล้ว +1

    Soo essentially when you are going to attempt a bug bounty ( I am a completely clueless btw I have tried it and I don't know anything) do you just have to try every single exploit or like try all the possible problems? I do not exactly understand how it works. Also, I have no programming knowledge I have tried to self teach myself it and I am currently in college (community college) and hoping to transfer out to study IT but I want to branch out into cybersecurity. Basically, I do not know how to say what I want to say but, I think it is the owasp top 10 or something like that, do we try to find all those vulnerabilities in the program or website or is it something more specific.

    • @36cowboysintotalatramranch
      @36cowboysintotalatramranch 4 ปีที่แล้ว

      Yeah, basically you can try everything possible. Each app is a new challenge, with different bugs and defenses to evade, and then you report on what worked and on what didn’t. The job of a pentester is to evaluate the client’s systems, so it’s also good to tell them where you weren’t able to get anywhere because they did things right!

  • @maxitaxi7340
    @maxitaxi7340 4 ปีที่แล้ว +1

    I dont understand something. Some hackers are reading the code and they see instantly where a voulnabilty could be. But if i try to read webside code i dont understand anything. So i always go through the webside,and im testing every parameter. But how can i learn to find bugs by reading code?

    • @skiddy5294
      @skiddy5294 4 ปีที่แล้ว

      I think that comes down to experience.. I could be absolutely wrong because I'm just beginning as well. I think over time, you learn what will/wont work in that language.

  • @realcarttons2177
    @realcarttons2177 4 ปีที่แล้ว

    please do clear my confusion ,do we need to stay ananmous during bug bounyt

  • @wtfdoiputhere
    @wtfdoiputhere 3 ปีที่แล้ว +1

    Im gonna start with this bcz it seems easier to me than some magic assembly voodoo shit and i have great knowledge in linux, js and networking so im ready

  • @mahir_saif
    @mahir_saif 2 ปีที่แล้ว +1

    This video was so damn intense. Thanks a lot.

  • @abiworldseccentric9878
    @abiworldseccentric9878 4 ปีที่แล้ว

    Some times in The Hacker one site bug bounty section whom want to find the bugs they ask me to do find the bugs but they have one demand that shouldn't use Burpsuite and such a readymade tools so how can I performe..? Please can you suggest me

  • @yashwanthd1998
    @yashwanthd1998 4 ปีที่แล้ว

    What i dont understand is people always talk about xss injection.. if the website itself doesn't take any user input or input is sanitised which is everywhere these days..xss injection seems very weak and impossible.could u explain

  • @ocelotrevolver4125
    @ocelotrevolver4125 3 ปีที่แล้ว

    Can I make a living from doing bug bounties, or perhaps doing security evaluations for businesses demonstrating network security flaws to business owners and how to secure their systems and how to harden them. I have a good understanding of cybersecurity with years of experience using Linux I'm just not sure how I can transfer these skills I've learned over the years and turn this into a freelance income, any advice?

  • @jonathanyturralde
    @jonathanyturralde 4 ปีที่แล้ว +6

    This was a great video. Thanks for the content. Awesome stuff and very helpful for a newbie like myself.

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว

      Glad it helped out :)

  • @frostyboi6989
    @frostyboi6989 3 ปีที่แล้ว

    Is doing a bug bounty like doing a pen test you break into the company and tell them the bug ?

    • @dccybersec
      @dccybersec  3 ปีที่แล้ว

      More or less, yes

  • @faruky9197
    @faruky9197 4 ปีที่แล้ว +1

    First of all English is not my native language. I really want to do bug bounty but not too many resources in my language in bug bounty. Because of this, I cannot learn by reading documents or watching videos. That's why I need to learn software languages so that I can understand its logic. What should I do?

  • @JK-pb3vj
    @JK-pb3vj 4 ปีที่แล้ว +2

    Loving the content mate - great advice! Cheers from BNE, Aus 🍻

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว +1

      Thanks mate! I should do a local Brisbane meetup sometime

    • @JK-pb3vj
      @JK-pb3vj 4 ปีที่แล้ว

      Keen as, let’s put something together.. Where you at @codingo_ !

    • @Jawdey
      @Jawdey 4 ปีที่แล้ว

      Hey how good is brisbane!

  • @fourofour9569
    @fourofour9569 3 ปีที่แล้ว +1

    Good stuff! It really got my interest in bug bounties.

  • @Mauricio_Ferrari
    @Mauricio_Ferrari 4 ปีที่แล้ว +2

    Stok has been great to watch, already watched some of his videos. Great video by the way and thanks for recommendations.

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว

      he's an absolute legend. thanks for watching!

  • @prafullss
    @prafullss 4 ปีที่แล้ว +3

    Your all videos are really awesome. I like every video. Post video more . thank you bro. 😊

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว +2

      Thanks mate! That’s very kind of you

    • @prafullss
      @prafullss 4 ปีที่แล้ว +1

      Your kindness. 🤗😊

  • @vishnudileesh1243
    @vishnudileesh1243 4 ปีที่แล้ว +1

    Looking forward to the future video in which u tell your first bug finding story

  • @ThushyCyber
    @ThushyCyber 2 ปีที่แล้ว +1

    Thanks 😊

    • @dccybersec
      @dccybersec  2 ปีที่แล้ว +1

      No problem 😊

  • @youarenotspecial17
    @youarenotspecial17 4 ปีที่แล้ว +1

    nice video. btw I subscribe your channel cause you look like a really nice and honest guy!

  • @alonsocorrea1256
    @alonsocorrea1256 4 ปีที่แล้ว +1

    Having the OSCP helps to get into bug bounty??

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว +2

      for sure, but not necessarily needed

    • @dougthebugwrx
      @dougthebugwrx 4 ปีที่แล้ว

      @@dccybersec having done 35 oscp lab boxes so far , i say no . oscp web app labs are very average . you will learn more from portswigger web academy. also use owasp zap , its free

  • @alexramsey1006
    @alexramsey1006 4 ปีที่แล้ว +1

    Very nice presentation... Thank you.

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว

      Glad you liked it!

  • @koushikram4036
    @koushikram4036 3 ปีที่แล้ว

    please answer this
    do I need burb suite pro for my first bug ???

    • @dccybersec
      @dccybersec  3 ปีที่แล้ว

      Nope. You can use the free one

    • @koushikram4036
      @koushikram4036 3 ปีที่แล้ว

      @@dccybersec thanks for your replay

  • @malikimranawan3762
    @malikimranawan3762 4 ปีที่แล้ว

    if a Subdomain give us error 404 ..
    can that Takeover ?

  • @abhichauhan350
    @abhichauhan350 3 ปีที่แล้ว

    I want to learn bug bounty
    So tell me what topic should I learn

  • @inspirationeveryday1175
    @inspirationeveryday1175 4 ปีที่แล้ว +1

    Hello Sir Do you recomended KALI LINUX for BugBounty or Windows and MacOs is Good ?
    THANK you ⭐🔥

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว

      Honestly, whatever works for you. Kali might be easier as it has all the tools built in already but honestly, you can use any machine

  • @kylewattssurfing3266
    @kylewattssurfing3266 4 ปีที่แล้ว +1

    Thank you thank you thank you!

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว

      You’re welcome :)

  • @hugoalexandregoncalvespica124
    @hugoalexandregoncalvespica124 4 ปีที่แล้ว +3

    7:26 💪

  • @aritra1414
    @aritra1414 4 ปีที่แล้ว

    Definitely helpful. Thanks man!

  • @LotsOVideosMan
    @LotsOVideosMan 4 ปีที่แล้ว

    What is song called at 0:32?

  • @misterbrompton2400
    @misterbrompton2400 4 ปีที่แล้ว

    You didn't link OWASP

  • @darkhack3r417
    @darkhack3r417 4 ปีที่แล้ว +1

    New subscriber here also this is the first video i watch in your channel xD

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว

      woohoo! welcome! thanks for watching :)

  • @usama_sadiq
    @usama_sadiq 3 ปีที่แล้ว

    Mera ye sawaal hai ke agar hum kise company ke ek se ziada bug dhoond lein tu hum us company ko saare bugs ke liye sirf ek report likhen ya har bug ke liye alag alag report likhen

    • @dccybersec
      @dccybersec  3 ปีที่แล้ว

      I tried translating this from Hindi and still couldn't really understand, sorry :(
      Can you reply in english please so I can help out?

  • @yousefkammouneh6559
    @yousefkammouneh6559 4 ปีที่แล้ว +1

    Just found my first bug

  • @kylewattssurfing3266
    @kylewattssurfing3266 4 ปีที่แล้ว +1

    Awesome thank you

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว

      thanks for watching mate!

  • @davidg9469
    @davidg9469 4 ปีที่แล้ว

    Did you find many bugs ?

  • @kaotechtalk2395
    @kaotechtalk2395 4 ปีที่แล้ว +1

    This video was great! Thankyou so much for all of the info! Got a sub from me

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว

      Thanks for the sub!

  • @gurjeetdasari1997
    @gurjeetdasari1997 4 ปีที่แล้ว

    Please reply with the name of guides u prefer us to follow as
    I could not get what u said in the video

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว

      They are linked in the description

  • @sammygun84
    @sammygun84 4 ปีที่แล้ว

    Where all links from video?where link on guide?

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว

      TH-cam removed all my video descriptions a while back and replaced it with the default

  • @sunilrai5506
    @sunilrai5506 3 ปีที่แล้ว

    I am going to start bug bounty in hacker1 or bug crowd should I take permission or how to get permission from a web application, please help me anyone who all did bug bounty
    someone told me we have to take permission to bug hunting otherwise without permission it's will be a cybercrime plz someone explain😢😢😢😢

    • @dccybersec
      @dccybersec  3 ปีที่แล้ว +2

      As long as you stay within the scope of what is defined by hacker1 or bugcrowd, then you're relatively safe. Just make sure you understand what the scope is and how to stay inline with that

    • @sunilrai5506
      @sunilrai5506 3 ปีที่แล้ว

      @@dccybersec by the way thanks for your diamond advice sir
      (this advice is like a diamond for me can I follow you on tweeter sir)

    • @sunilrai5506
      @sunilrai5506 3 ปีที่แล้ว

      one more last
      like go to the hacker1 sing up and according their rule pick a program start bug hunting if they told us not to in any subdomain then not to do in any subdomain am I right?

  • @manojbajgain7660
    @manojbajgain7660 4 ปีที่แล้ว +1

    Really loved your videos
    #Can you discuss about Class 0 sms

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว

      It’s in the list man, you don’t need to keep asking lol

    • @manojbajgain7660
      @manojbajgain7660 4 ปีที่แล้ว

      @@dccybersec you didn't response so I keep on making query😝😝

  • @danielsuarezmartinez1967
    @danielsuarezmartinez1967 4 ปีที่แล้ว

    how much time pass from 0 knowledge to your first bug??

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว +2

      I'll let you know when I get my first bug haha

  • @rooney.46
    @rooney.46 4 ปีที่แล้ว +3

    Love ya, keep going ❤️

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว

      Thanks mate. Will do!

  • @wackyskullgaming6711
    @wackyskullgaming6711 4 ปีที่แล้ว +1

    This is very informative

  • @QuranicMoments
    @QuranicMoments 3 ปีที่แล้ว +2

    Lot of thanks sir. 🔥🔥 سبحان اللّه 🔥🔥

    • @dccybersec
      @dccybersec  3 ปีที่แล้ว

      My pleasure. Thanks for watching!

  • @jhadeeksollesta497
    @jhadeeksollesta497 4 ปีที่แล้ว +1

    Broo thank you so so much im only 12 and im only 12 and i dont know really if I can do this but thxxx

    • @taylors4733
      @taylors4733 4 ปีที่แล้ว

      The earlier the better!🙃 Go for it.

  • @francis2k488
    @francis2k488 4 ปีที่แล้ว +1

    Thanks for this video. I am still learning and believe it will all sync soon.
    I got the OWASP Testing Guide V4

    • @hackedemy9324
      @hackedemy9324 4 ปีที่แล้ว +1

      Are you Nigerian? Goodluck on your journey brother!

    • @francis2k488
      @francis2k488 4 ปีที่แล้ว

      @@hackedemy9324 yeah but live in Australia. Are you? Where do you live?

    • @hackedemy9324
      @hackedemy9324 4 ปีที่แล้ว

      @@francis2k488 You're really lucky! I'm in Nigeria at the moment but hopefully, I'll move out soon.

    • @francis2k488
      @francis2k488 4 ปีที่แล้ว

      @@hackedemy9324 are you a hacker?
      Why did you say I am lucky. With skills we can be lucky anywhere bro. You can try migration pathway.

    • @hackedemy9324
      @hackedemy9324 4 ปีที่แล้ว +1

      @@francis2k488 Yes I am. I'm self-studying cybersec online and studying Computer Engineering in the uni. Planning to leave Nigeria and study Computer Science or Cybersec elsewhere bc this isn't helping me. I'll try the migration pathway, saving towards it currently.

  • @rastinghasemi634
    @rastinghasemi634 4 ปีที่แล้ว +1

    Tanx

  • @tirilmariepedersen6956
    @tirilmariepedersen6956 4 ปีที่แล้ว

    Who are you looking at? :p

  • @ShashiSingh-ck7mu
    @ShashiSingh-ck7mu 4 ปีที่แล้ว

    How many money can we make by bug bounty hacking.

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว +1

      It depends which bugs you find for which company

    • @ShashiSingh-ck7mu
      @ShashiSingh-ck7mu 4 ปีที่แล้ว

      @@dccybersec like I'm 17 years old and going to graduate from school and I know c++ and python will that help? And as you mentioned in your video about tutorials on TH-cam will that help me or courses on udemy or courses on hacker one will help I'm little confused which course to take can you please help me out because I also want to become a hacker like Santiago Lopez and Thomas
      Thank you.

    • @b3ast407
      @b3ast407 4 ปีที่แล้ว +1

      @@ShashiSingh-ck7mu Yes read hackerone hacktivity,medium blogs, do labs like owaspbwa it definitely helps, @nahamsec's TH-cam channel is also very nice

  • @jasoe_playz1926
    @jasoe_playz1926 4 ปีที่แล้ว

    Programming Language is important.

  • @jinxscript
    @jinxscript 2 ปีที่แล้ว

    it's interesting 🤔

  • @harreve3629
    @harreve3629 3 ปีที่แล้ว +1

    Love bro..

    • @dccybersec
      @dccybersec  3 ปีที่แล้ว

      love you too mate!

  • @imuser007
    @imuser007 4 ปีที่แล้ว

    U missed nullbyte channel

  • @kylewattssurfing3266
    @kylewattssurfing3266 4 ปีที่แล้ว +1

    Awesome cool...

  • @nikkucreations7842
    @nikkucreations7842 4 ปีที่แล้ว

    Hii dc iam from india your video is more motivational

  • @SecurityTalent
    @SecurityTalent 2 ปีที่แล้ว

    great

  • @lagimmediafiles6478
    @lagimmediafiles6478 4 ปีที่แล้ว

    Whats up Man?

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว +1

      nm mate, how's it going?

    • @lagimmediafiles6478
      @lagimmediafiles6478 4 ปีที่แล้ว

      @@dccybersec im good i will start on My IT Job your channel is a big help

  • @saddamhussain189
    @saddamhussain189 4 ปีที่แล้ว

    Hi

  • @epic5855
    @epic5855 3 ปีที่แล้ว +1

    EPIC

  • @kunal9999100
    @kunal9999100 3 ปีที่แล้ว

    Can I get one of your soft toys?

    • @dccybersec
      @dccybersec  3 ปีที่แล้ว

      Sure. Which one do you want

  • @rithvikgujjula1400
    @rithvikgujjula1400 4 ปีที่แล้ว +1

    LEt's go first one here and first comment again

  • @richardjohnson9765
    @richardjohnson9765 4 ปีที่แล้ว

    Watch hackersploit

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว

      Definitely! he's awesome

  • @TheFunnyPOPS
    @TheFunnyPOPS 4 ปีที่แล้ว

    I won’t recommend it bug bounties has too much competition now all the pros find bugs before you.

    • @dccybersec
      @dccybersec  4 ปีที่แล้ว

      They just take the quick and easy payouts first. As far as building experience though it’s pretty good!

  • @mr.shanegao
    @mr.shanegao 3 ปีที่แล้ว +14

    02:13 HTTP, TCP/IP, Linux, Bash scripting
    02:30 Web apps, Networking, HTML, PHP
    02:50 Burp Suite, Google
    05:08 owasp