Bug Bounty Hunting Full Time
ฝัง
- เผยแพร่เมื่อ 1 ต.ค. 2023
- 📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
Thank you Snyk for sponsoring this video! Snyk.co/nahamsec
👉🏼 Read the extended version of this post here:
nahamsec.com/posts/hacking-fu...
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
www.buymeacoffee.com/nahamsec
JOIN DISCORD:
discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 $200 DigitalOcean Credit:
m.do.co/c/3236319b9d0b
💬 Social Media
- / nahamsec
- / nahamsec
- twitch.com/nahamsec
- / nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
Thank you for putting your thoughts into this. Those are valuable tips, though it's worth mentioning time management, scheduling, noting, constant learning, burnout prevention, etc, which are important for long-time success. Bug bounty has been my main source of income for 4 years already, where 3 years were part-time, 1 year was full-time bug hunting while nomading, and I can confirm that having an established fund before getting started in such a venture is crucial, and not doing so might be reckless. The problem isn't only not finding a bug but also an inability to get a payout because the program pays in a Resolved state - e.g., I was waiting for 4 months to get a bounty from Salesforce.
@@oppenheimer11, I started on an external program - a private bank's bug bounty where I found around 250 bugs and moved to h1. I hacked to learn and used resources available publicly on the internet.
Really solid content as usual. You're a massive inspiration mate and we appreciate everything you do for the community man
I appreciate that! Thanks for watching!
New subscriber here. Really glad you touched on the money management piece. Working towards getting my first bounty! Lets go!
Thank you for this video man really appreciate it 🥰
I needed this, thanks!
"Hey @NahamSec , I just wanted to say a big thank you for all the knowledge and insights you've been sharing with the bug bounty community. Your expertise has been incredibly valuable in helping many of us grow in this field.
I've been following your journey and absorbing as much information as I can, but I must admit I'm feeling a bit frustrated about getting started myself. The world of bug hunting seems both exciting and intimidating. Do you have any tips or guidance for newcomers like me who are eager to take that first step? Your advice would mean a lot.
Thank you so much for your time and your help.
You are very welcome and thanks for watching!
i love the honesty about spending habits right off the bat. Luckily my job is slow enough that i have had tons of time to train, so i think i will have a good base to start off with. That way i don't have to build up a runway and can start supplementing some income.
Thank for the heads up. Much appreciated
Any time! thanks for watching!
so to sum up your vid and blog post, it s possible but you need an initial runaway cash bundle to feel safe and a bunch of friends to push you further away from your soft limit.
i definitely recommend to every one here to go read your blog post if interested in the subject, it gives more insight on the how and what, like your initial thought on 50% hunting only or the fact that attending conferences / hackathon made you understand how to handle a big hunting program correctly.
thanks for sharing m8
hey naham, its a great video
This is my first video of NahamSec. I love how he just talks to us like actual "people".
Awesome naham 🔥
1:44 - The idea of doing BB full time has crossed my mind a few times but have to see if it makes financial sense so that I can support my family.
11:01 After watching to the end, I need to have a plan if I make this move.
But I can plan this well and get a good pay from a few bugs I’ll give it a shot.
❤❤❤great as usual
Hello Naham, can we ask you to create a video where you share your screen with us and showing us step by step how you subscribe into a bug bounty program and also what we need to take into account when we start, matters of regulation etc. How to contain your findings, so other hackers won't exploit these findings. The reason why I am asking is first to understand how relevant doing bug bounty still is in 2023 and how hard it has become. Hopefully you can find the time to do this, thanks again for the video.grts
Maybe soon :)
I'm 61, retired, and like all baby boomers I need extra income but the economy is bad a lot of business won't hire someone of my age, etc, etc. So I'm left up to my own resource to provide some income for myself and I have chosen to take on this task simply because I love challenges and this seems like a good one to undertake. I'm going to document my whole journey on TH-cam hopefully for other old people to see and learn from because there is a huge shortage of trained people in the security industry. You're my first video I'm watching after searching on "bug bountry" yea I know very broad but you were #1
how''s your journey sir
I'm your biggest fan ..from Nigeria 🇳🇬 thanks alot..despite my country I try to be like you
Bro, I'm also from Nigeria, Nahamsec is a genius ❤
Awesome as usual
🥂
hey man, i love your content my only problem was your mic doesn't seem good, the sound is inconsistent or maybe just the way you speak? I always tend to raise the volume a little bit when watching your videos.
I've been thinking of taking a week or two of unpaid leave and put this time into bug bounty hunting. This should give me time ane hopefully motivation, cause I would not get money from my employee. Just as an experiment.
Hi @nahamsec, need to buy new labtop for bug bounty . Which one you recommend to buy?
A lot of automation lioe Snyk to remove vulnerabilities, but still many bug bounties exist, and pentesting is hugely in demand, paying a ton, too! Very confusing though.
Tbanks bro! Fellow Middle Eastern descent. I'm part Jewish, maybe part Arab, mostly White, and some other background, too. 🤝🤓💚🌱
I would like to do bug bounty full time. I think it is possible to get independent with bug bounty hunting. Maybe some extra skills are needed especially for money plan usage.
Hello Naham .Any chance you could make some videos with one liners .I am a big fan of them. Great video mate. Thanks
what one liners?
@@NahamSec I mean bash bugbounty oneliner like command | comand | command .etc.
I think Freelancing is a better option. Building a brand in the long run is better.
Maybe I'll try both. Get clients and bug bounty on the side.
I like how you're optimistic about full time bug bounty. Is your course on udemy updated?
Started recently, hopefully to work them out based on your pointers, making money out of it while also having fun hacking!
How’s it going?
Bug bounty hunting full course zero to hero
This one is from phd security
th-cam.com/video/Rp69edBmFFo/w-d-xo.htmlfeature=shared
Lol 😂
😂😂😂
does mean in future still worth to focus on bug bounty , i think now there are alot of bug hunters , most of reporting happened duplicates , because alot of hunters report it at every time , with this condition does it mean still worth it?
I'm wanting to figure out how to make this a full time possibility. I feel like even just $500/wk doing this part time outside of my full time job would be proof enough it might work.
It's a important topic for everyone. if you will get some more information about it, so please share with us
nahamsec.com/posts/hacking-full-time
It depends where you live. I live in the countryside where regional minimum wage is around US$155 per month.
Until October this year I got US$5.550 from bug bounty. My job is merchant on the market. I prefer BB as a part time job although being a full time BB hunter is worth financially.
What I'm afraid of BB if I go full time is I will face a lot of burn out. So I do BB in my free time & do it for fun.
Hi,
Can you please give me some short list where to start? I know python html css some js
@@bayezidtalukdar
If you are beginner in this field, i recommend you to learn from various resources such as portswigger web security academy, ctf from hackerone.
At first, choose VDP rather than VRP, because finding bug in VDP is easier than VRP. You will get some experiences at writing report & make a good communication with the triagers.
Enhance your debugging skill, because in my experience I have found lot of bugs by debugging javascript on the front end. This is because people generally avoid reading minified javascript file.
Choose at least 1 complex BBP and you stick with it for months, understand the features, you will get some bugs if you are persistence because complex programs produce more bugs rather than the simple ones.
Never stop learning
How many years you have of expereince?
@@aymcorporation3456 May Allah reward you with goodness
@@Jesus88818
More than 3 years
That's remind me all the smoke sellers, maybe we need a Lambo behind and a bit of money 😂😂
Can you pls guide me for big bounty big fan sir
yeah, I think it's worth it
Hey Ben, quick question for you. I'm a senior cybersec student. I'm trying to get into bug bounty but I am a little bit overwhelmed. I do have experience with general security which will cover most of the security principles and concepts. There are tons of labs and vulnerable apps to learn bug bounty/web security, but there are sooo many of them which I start to feel overwhelmed, I don't know which one to start and finish due to amount of resources. My question is that should I just dive right into bug bounty by choosing a target and learn as I go? I am not sure if this is good way to start since I won't be that much knowledgeable at first. What are your opinions on that? I would be really appreciate if you take your time and write back to me. Thank you in advance. Best luck!
I am trying to as a Full time bugbounty huntar, hope all is well.
Good luck bro
200 ok 😁
@SumitSangrampurkar alert (me also)🥲
@@ComputerGoat Thank you buddy
@@Safvanviber-xm3pn thank you bro❤️
hows it going 4 months later? hope youre doing well with it
youtube's volume full, pc volume full but still not able to hear clearly i think you should increase the volume of video during editing
Same 😂😂😂😂
Bug bounty or API hacking
Especially API hacking course
I know you are busy take your time.
We will really appreciate it.
Like a paid course ;)?
hey currently I'm full time at bugcrowd .. I think it's a great option if you're living on this country like India , Bangladesh , Pakistan and so on .. I'm from India and here 1 USD = 83.21 INR .. and in general my expense per month is less than 8000 INR . and if you got 20-25k INR , it is good for general monthly expense .. and more over a full time bug hunter can get more than 500 USD and it's enough ... so I'm full time for now ...
How long have you been doing bug bounty ?
Teach me bug bounty bro 🥹
Nice! that's awesome!
ye bhi sahi he
it's worth it
Sometimes I think of this is probably an illusion like doing Forex trading or criptos, it was lost time for 3+ years, well, I hope that bug bounty worth so effort (sorry for my english jejeje), greetings
u need some tahdig to make you happy :3
🤤
Since I never got a reward for my reports I lived off the whole 2022 with money I had saved up from previous year-2021
i will post all xss on spotify ? how that !!
Secure that bag 💰
It's my retirement plan.
same
There is something we say in India : Risk hai toh Ishq hai
What does it mean?
@@NahamSec it means " if there's risk there's love " , something like that, basically mean risk is a cool thing, its a saying from a famous web series ''Scam1992' that was released in 2021,
as you sir said in this video that " if you are willing to go and you can survive in those days when you don't get a bug and you are frustrated, instead a job is like you get a guarantee of payment, but in job you have to stick at one place and bug bounty lets you fly free anywhere, but with that frustration days of not finding anything, if you are willing to do then go ahead, do it full time "
so i said if there's risk there's fun/love 😂😂
@@NahamSecif there's a risk, then there's fun/love. In this situation , Risk as in focusing/dedicating a lot of time on bug bounties, whereas at the same time you dedicate could be used in other things. It's just like opportunity cost.
For guys like us (from India) skilled but unemployed due to economic downturn and lack of hiring from woke corporations, we can spend time on bug bounties or learning something to upgrade our resume to be an efficient corporate labourer.
Indian corporations are different than US. As less stringent legislations and more supply of corporate labourers than demand, our market is doomed.
We are turned into YES men!
Hacking is the solution or a place where guys like me can find solace, don't forget marijuana and mathematics especially pure mathematics!
I've said enough!
If you can’t get a solid job in cyber security it’s not worth the time cut your loses.
The amount of time you would spend learning bug bounty hunting you could learn to live off grid lol.
Amazing Video.
What you think can I can earn min 300$ in a month I am self teach cyber security I start 3 mouth ago. I have Comptia A+ , olmoust finish Network+. And learn 3mouth a python & Javascript.
Everything is patched thats a total waste of time.
Bug bounty as a living is financial suicide. Companies aren't fair, they require you to PoC or even deliver exploits to absolutely everything. They establish weird scope, and platforms can claim your finding is duplicate without ever disclosing the initial report. Only the top 0.1% can make a living out of this. Content creator (sponsored by platforms) should be more honest about the hard reality of bug huntings and stop selling dreams to newcomers.
I'm still well alive and kicking. It's not hard to get in the top 1% if you put in the effort and find good bugs. I'm not sponsored by any platforms and never have been outside of my conference.
Set up a budget and put away for retirement.
Well we like it or not bug bounties are for the very few leet hackers out there,that they 've been doing it for a long time like Ben. The newcomers that can make a living out of bb are very few too.The competition is huge, the automation from the leets plays a crucial role and i don't believe there is more than 40-50 hackers globally than can make a living out of bb's. You can confirm that if you see the hackers that go to the live hacking events. They are always the same. Ben,Todayisnew,rhynorator,zseano etc....Don't get me wrong but for me this is the hard reality,you can do it part time and have more fan but i believe if you choose to do it full time the frustration will be devastating. Cheers for the great content as always Ben!!
I disagree, I know a lot of new hackers that are making good money by doing bug bounty. You get what you put in. The more you are willing to invest your time, the more you are going to get out of it. It's never an overnight success. I have also seen a bunch of new hackers at the live events that have came in for the first time and made a killing.
@@NahamSec I agree and disagree if you get it. Of course there will be new hackers that are killing it but the they are so few. Have you ever thought what is the percentage of the people that do bug bounties and those who actually make a living out of it.? This must not be more than 0.5%. For me bb are a good gateway to enter the cyber security industry, some good bugs to a big company will boost you resume for sure.
Personally, I think there is probaby a lot of misconception out there, regarding the difficulty of getting started. Which perhaps causes a lot of beginners to give up after some early frustrations. We are talking about security for often Global corporations here, so straight up, It is difficult and prob should be. On the other hand, there are plenty of bounties out there to be had for everyone. Not claiming to have had great success myself as of yet, but I would like to think that most people with the "Hacker mentality" and a real desire to learn about cyber security would be able to develop ther own individual path to be sucessful here, given enough time, effort, and practical experience..................In my mind, The question then becomes......How many actually take it that far? @@panagiotismitkas5526
i agree with u but think about the big company which u will work on, what will happen if it lays off u and u have more and more to pay ?
@@panagiotismitkas5526
just spent more time and learn more and more and more and practice
I just keep working on networking, databases, and programming and then study cyber security to put it all together. Idk why, but i always forget about bug bounty but it seens right up my alley. Thank you for making these videos 🦾🥳