Bug Bounty Secrets
ฝัง
- เผยแพร่เมื่อ 25 มิ.ย. 2023
- 📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
www.buymeacoffee.com/nahamsec
JOIN DISCORD:
discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 $200 DigitalOcean Credit:
m.do.co/c/3236319b9d0b
💬 Social Media
- / nahamsec
- / nahamsec
- twitch.com/nahamsec
- / nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
![มองหน้ากันไม่ติด (Awkward) - โอ๊ต ปราโมทย์ FEAT. MAIYARAP [Official MV]](http://i.ytimg.com/vi/4b02SY_r6Gw/mqdefault.jpg)
first
💥💥💥
U da man Ben, I started out 6 months ago knowing nothing and i've learned so much from your videos. Thank You :-)
You rock!
@@NahamSec Thanks man
I have the same opinion of him.
like always it was a helpful video :) . can you maybe make more videos like this and focus on , what you wanna find in recon process ? which things do you try to find. for example: it was very fantastic thing for me , that you find another technologies that the Target uses.
Nothing more than google & how to send a email using my phone. I never heard of a terminal, Linux, a subdomain nothing. No i haven't found any bugs I'm just now getting to a point to start looking while I'm still learning. I'm actually a 51 yr old and a paraplegic for about 7 years. Dec 20 i seen a pentesting video and thought starting Jan i can learn cyber security and possibly make some extra money from home in 18 months to 2 years well a few months in i learned about BB so i decided to learn enough about it so i can hunt bugs while I'm learning more. About 6 moths in i feel i can pick a company and start doing it but as you know it's a dauting job and the tools are far from perfect but i feel i need to start doing it so i can find out what else i need t learn
Always ready for part2❤🙂
Something that I noticed is that it takes so much mental energy to try out, in the wild a new type of attack. I learn about it, I test it locally but it's like I am afraid to test it in the wild, what if something go wrong. So I usually test it on a few hosts, them more, and then go full scale. But yeah, that is something that I feel is slowing me down by some days for each attack I am learning. Is this happening to you also? If you got over it, how did you do?
Definitely a part 2 please! ❤
Great as always Waiting for part 2
@NahamSec,
In regards to mindset, if you understand a cross-site scripting report can you read the report and turn it into layman terms.
Like when I talk to ppl about network IP addresses, I'll say that it's an Address like sending a letter at Christmas if that host is offline or that family moved, you Christmas card will be "return to sender recipient does not live here anymore."
It's kind of silly thinking about that way but people understand the concept of trying to send a Christmas card to someone but they don't live there anymore.
They know that the address is important and they know that if there's a problem the US postal Service will return their Christmas card with some sort of a message.
I also do that when thinking about interoperability issues when setting things up in IT.
Sometimes Cisco products do not work with Apple iOS.
So when I'm troubleshooting something like this interoperability issue.
I imagine a couple in an argument and they are experiencing miscommunication issues. One person is expecting the other to behave in a certain way and that's not happening.
I gotta think about how to do this. This seems like a cool/interesting idea!
One of the things I love about the industry is the continuous learning, but how do you manage burnout with the demand of keeping up to date?
Ben, please do a part 2!
This is surely not a clickbait video Naham.
Thanks for always motivating us ❤Is there any platform to practice real world vulnerabilities
Your posting a great content but please increase the volume or speak loudly, it is very difficult to heard you in noisy conditions... ❤
I'm struggling with missing bugs or standard methodology/checklist to ensure the application is secure
Could you make a video of how you create your own custom lists for finding subdomains? I saw that you used a custom list when hacking redbull a few weeks ago :)
Where do I get started with hacking? I am a very structured person, so I feel I would need the fundamentals. Any recommendations would be appreciated.
Great Content
plz speak more about defensive careers
My memory is my biggest problem, always having to refer back to books or notes. Working full time and only having limited time to learn i don't build enough muscle memory 😥😥
I’m struggling to sit down and learn/practice. Stupid video games are always more important and it is so frustrating, deep down I know what I have to do but it always gets in the way… Any tips on how to flip that switch? 😁
Hello sir, I want to learn API Testing but don't know where to start, please can you give some guidence.
Check out the videos on the 5 books to read. One of them is on API hacking!
we want Part two
This video is helpful for me < thank you :)
You're welcome 😊
Woohoo!
Im at the point where I wanna try out bug bounty but I still have much to learn in AppSec. Should I focus learning more, efficiently at etc portswigger or should I just go into bug bounty and learn there?
Go in bug bounty. I'm in a similar position but doing it for real will be much beneficial than labs
Do the labs or some training first. If you already have knowledge then try bug bounty but in moderation.
You want to continue to build up your skills with more courses, certifications, and research.
I've been in AppSec for 2.5 years and working on preparing for Burp Suite Exam and INE courses/certifications. Then most likely continue to build skills in programming and secure coding to eventually get OSWE.
If you want to stay in application layer testing don't worry much about Active Directory or related for now. At some point I want the OSCP but right now it's not worth pursing unless you want to do general pentesting or red teaming.
What I remember hearing is there's always a sh#t ton to learn. But focus on what's going to help you with your job or where yiu want to go first.
part 2, please.
First man!
01:20, sir is Javascript really needed to be a good bug bounty hunter as really i have came so far giving a lot of time to javascript in the past few months
Hey Nahamsec Sir 🤩🤩🤩
hiiii
we want videos on xss pleaseeeeee
I dropped out of college last month, only for what I love the most. Hacking.
Welcome bro. I have also dropped high school.
please make a video how much code learning is required to be able to find bugs nobody talk about it.
I've already made this video. It's on my channel!
how long it took you to find your first bug?
2-3 months!
I've been trying for months, but I just can't find anything 😑
same problem bro
I found a critical but duplicate few hours late 😭
1st view❤
are you happy, Naham?
Part 2
❣
Salam valekum
PLZZZ MAKE A VIDEO ON BUG BOUNTY REPORT WRITING
💥💥💥💥
❤
Pzl! make 3 videos a week.
daddy ben any pentester lab give away :)
I'm struggling to finding my 4th valid bug last 2 months 😐
what advice u give me i know baisc js and some web ? should i go to real world start learning xss or what
@@amoh96 ofcourse yes 👍🏻
@@KaafUzair ?
👍🏻
Hello, Behrooz. Your speech is good, but it is a slogan. It is better to cover this in practice so that we can understand it better
PAYLOADS VIDEO HOW TO USE IT
Absolutely!
I'm struggling with missing bugs, I remember finding one bug but due to lack of knowledge (at that time) I missed it now I don't even remember where did I saw it because as a beginner I jumped too many programs.
I'm losing passion because I couldn't find a single bug in months.
lastly I would like to know how to hack patiently and how other hackers find xss or other bugs in less than 1hr or 3hrs some says found 10 bugs in last 24hrs.
Are you from iran?
@NahamSec
MY THREAD MODEL IS EASY - HIT THEM WHERE IT HURTS . EXAMPLE TAKE PAYPAL REST YOU KNOW 😈 !!!!
so i did some automated api endpoint enumeration testing (via feroxbuster) and managed to get into the /etc/passwd file on my friends web server he allowed me to hack-BUT - this was the contents of the file:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
does anybody know how i can ACTUALLY get a hold of the password hashes for each user here in the second field after the first : ????????
Part 2