$20,000 In Bounties From Hacking Into A Prison
ฝัง
- เผยแพร่เมื่อ 24 มี.ค. 2024
- 📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
www.buymeacoffee.com/nahamsec
JOIN DISCORD:
discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 $200 DigitalOcean Credit:
m.do.co/c/3236319b9d0b
💬 Social Media
- / nahamsec
- / nahamsec
- twitch.com/nahamsec
- / nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
I always keep learning new things whenever I watch your videos. Thank you Nahamsec & Jason, you are making the way a whole lot easier for a bunch of people like me interested in bug bounty. I really can't thank you enough
This was a treasure trove of extremely useful info about the thought process pivoting from point to point and things to keep in mind when looking at applications.
Thats an incredible content .thanks a lot to both of you guys .
I watched, learned, applied the mdisec series, and here I am... What you're explaining seems very simple to me. I guess MDI is pushing us too hard :)
Really solid cast lads...
Thanks for the video =)
Love these redacted episodes thanks to both of you for sharing these tips
Yo nahamsec the video's is great but i think that when you are asking questions your voice is not clearly audible it should be greater.
Besides that Really great video and motivatoinal.!
Cool how you went and set up the site to demo bugs found. Thanks for knowledge. Also getting prisoners calls is crazy!! Cant wait till I feel I have enough knowledge to go find some bounties!! $$$
Thanks for watching!
Hey Nahamsec, this is really cool. I really liked it. Can you please make a couple of more podcasts like this. We really learn a lot from your videos.
That's the plan! This is a monthly series!
@@NahamSec Way that is so good news. I like podcasts like OTW, John Hammond, David Bombal Security FWD and this also!! Thanks always love burp suite videos
thanks
Amazing walkthrough, thank you for this! 🏆
Hi Ben and Jason, I have a few questions.
1. For logins, what if I found valid credentials from leaked or breached credentials. Is it okay to proceed using those creds to login to the app and look for vulnerability inside or should I already report it?
2. If I find sensitive information like passwords in content discovery and report it. Then moving forward I found another subdomain with login and the passwords I got from the first bug works is it okay to proceed since they did not change the password or is it reportable already?
3. After getting source code through content discovery and reporting it. Is it still okay to use that source code to look for vulnerability? I'm assuming that the client expects you to delete it already after reporting it.
Thanks Ben for always sharing great content. Wishing you all the best. 😊
1. No. You should report them and stop there. You can get access to sensitive information.
2. No. Same as 1.
3. Depends. If they tell you to delete and then you report bugs from the source code what will happen?
If you find credentials just report them. But not all programs accepts credentials from leaks and most of them are against this practice because they don't want to encourage credential stealing. Pay attention to the peograms terms because some of them might have a reason to refuse to pay you if you cross the limits.
Best content❤
Great content!
But sadly can't find my first bug in 3 months 😓
Don't despair. Keep hunting, hunting, hunting...I am sure day all that sweat will be rewarded, you just have to have the strength to take lessons from your failures
@@agustinothadeus Hmm... honestly it feels sad because my 4gb ram laptop can't handle a lot of multitasking and when testing.
I have a story to tell and i know i will surely find my first bug this month or the next
@@eugenekobby9676 In my experience most of the RAM during hunting is used by burp, you can try caido cli directly from the browser, it is much more lightweight
@@camelotenglishtuition6394 where would you recommend i get the certs
maybe we could talk privately
What vm he uses?
Why not create a seperate playlist for %week Program & Redacted Series ?
that's awesome
What software thecore plis
what do you mean
10:47 🥵🥵🥵🥵🥵🥵🥵🥵🥵🥵
Hey behrooz. Tanx for the golden content
Thank you for sharing knowledge
I have found actuator endpoints with actuator,health and info path.I already tested heapdump,env,threads, like common other endpoints and found nothing. Is there any other things that I should check that I might be missing.😅😅Thanks for the help😊
Git gud.
what is git gud??@@j0hnny_R3db34rd
Nahasec was Nahamsec is Nahamsec best in bug bounty ❤
what a legend , Recon OG
Delete my DOC#
No.
Very intersting
This looks soo easy for real life stuff
Seems too easy but in reality most hackers stop at some of the basic steps.