When I decided to watch the video I didn't even knew what RCE was. I was in the mood for a technical video even though RCE was not on my bug list to study. I was disappointed for a split second but the video made me decide to reset my goals and got me knowledge for other points as well. Sooooo... great video! Don't be sad about the clickbait, sometimes what a person wants it's not what they need at a given time.
Exactly, but that would only demotivate the one who's here only for the cold cash rather than the knowledge. When I do bounty programs I never see the profit being my top prior. Overall i see it as a challenge, to see how far i could go and faster than any other, then eventually money will get to you anyway
I can't explain how much I relate to this video, before exactly a year my goal was to find an RCE, I started as a complete beginner in the sec field, and here I am today full of frustration, tho I really learend a lot this year about RCEs and low level stuff, but it sucks not to meet your goals. Thank you for making me re think about my goals, this really helps in keep a good mental health. Keep it up, cheers.
What a great video! I am watching the "finding your first bug" series and almost skipped this one. I don't know why but I thought RCEs somehow didn't fit at this stage. But man am I glad that I did not skip it. I took so much from this video. Great job! I love your way of teaching. Thank you and please keep up the great work!
Great video actually wanted to do a big rce until I finally researched but I still want to just will take more time like you are saying Great video and also very good lessons on Bug Crowd University :)
This is true but I want people to not feel burned out because they're 'x months into bounty hunting and found no RCE' it's seriously demotivating to struggle on something presented as easy. Personally I want to empower people to reach achivable goals within their ability level.
I found a SSTI vuln using ERB template and succeeded spawning shell using tplmap --os-shell. However, I have no idea how I can use system() function or other command injection to get shell with out using tplmap. I tried having reverse shell using nc but failed. Any suggestions?
i had a goal of getting my first bug and i found 3 (1 XSS, 1 IDOR, 1 logic) bugs now i have a goal before moving to next bug type i wanna get my first bounty for that i have been looking at a target for 4 days and found nothing, should i move to other program or stay in this ?
Woah, fantasric that's a serious achivement you should be so proud of yourself! I think the decision has to be yours BUT it's okay to give up, it's fine to go "this is above my skill level" part of being a great bounty hunter is about cutting your loses. Ask yourself "Have I tested every endpoint?" "Have I reached the limit of my knowledge?", working on hard targets is good, it's good to push yourself, make sure you are taking "giving up" as a learning opportunity.
I have found RCE twice on different private programs. You really need to think as a developer and what could go wrong. Image tragic exploits are worth checking out. Work hard people, RCEs are really hard to find.
I agree Image Tragick is the best place to look for RCEs as a beginner, lots of write ups, documentation AND PoCs for you to use. Though the best RCEs will always be custom payloads Image Tragick is a great first RCE
I wanna ask something; I'm really confused. I want to test on for ex. 100 report resolved program but when i'm testing I think like this "oh 100 bugs already were found i can't find more" and I can't continue testing. I'm not full beginner and I don't always want to test on new programs but when i started testing on some "100-200 bugs found" programs I can't escape from this thought. How should i think or do?
My first bug was on Uber, on one of their main applications. There are bugs out there sometimes all it takes is someone from a different background, or a different point of view or different brain to find them. The important thing to realise is that you aren't like every other bounty hunter because no one has your brain. And so what if you find a dupe, a dupe means you're doing the right thing, you're finding bugs, yeah it sucks you don't get a bounty but finding a bug is actually bloody difficult. Maybe through that process, you learn more about how to find the next one in a new way.
Absolutely love Katie's tutorials since they also cover soft skills for progressive improvement.
It was no real clickbait in my opinion, i was like "lets start with a RCE" too, i changed my mind at thats pretty important, thank u!
When I decided to watch the video I didn't even knew what RCE was. I was in the mood for a technical video even though RCE was not on my bug list to study. I was disappointed for a split second but the video made me decide to reset my goals and got me knowledge for other points as well. Sooooo... great video! Don't be sad about the clickbait, sometimes what a person wants it's not what they need at a given time.
Exactly, but that would only demotivate the one who's here only for the cold cash rather than the knowledge. When I do bounty programs I never see the profit being my top prior. Overall i see it as a challenge, to see how far i could go and faster than any other, then eventually money will get to you anyway
I can't explain how much I relate to this video, before exactly a year my goal was to find an RCE, I started as a complete beginner in the sec field, and here I am today full of frustration, tho I really learend a lot this year about RCEs and low level stuff, but it sucks not to meet your goals.
Thank you for making me re think about my goals, this really helps in keep a good mental health.
Keep it up, cheers.
What a great video! I am watching the "finding your first bug" series and almost skipped this one. I don't know why but I thought RCEs somehow didn't fit at this stage. But man am I glad that I did not skip it. I took so much from this video. Great job! I love your way of teaching. Thank you and please keep up the great work!
Great video actually wanted to do a big rce until I finally researched but I still want to just will take more time like you are saying
Great video and also very good lessons on Bug Crowd University :)
Excellent video ! made me laugh although i had a feeling this is where it was going - only way to gain technical bugs is through hard work / study
Not gonna lie. Came for RCE. Left with so much more.
Great subject matter. You are doing a fantastic service for the community. Thank you and good luck for 2020
Never under estimate ppls abilities, some one can find an RCE more quicker then some one doing it for years
This is true but I want people to not feel burned out because they're 'x months into bounty hunting and found no RCE' it's seriously demotivating to struggle on something presented as easy. Personally I want to empower people to reach achivable goals within their ability level.
Finding vulnerabilties always had more to do with creativity and outside the box thinking.
>"Never under estimate ppls abilities"
She isn't underestimating people's abilities. She's *correctly* estimating people's abilities.
sis can you plz tell me what are wayback urls and why they are important
You are the best person in the bug hunting community keep up the good work :))
thanks so much for the useful content!
:o thank you :))))
Awesome work ❤❤
Btw did you found any rce on BB program??
No RCE for me yet, but this year I wanna focus on learning more about chaining bugs, I'll work my way up to it!
I found a SSTI vuln using ERB template and succeeded spawning shell using tplmap --os-shell. However, I have no idea how I can use system() function or other command injection to get shell with out using tplmap. I tried having reverse shell using nc but failed. Any suggestions?
Lol alright you got me perfect title😂
I'm sorry BUT I did make a real RCE video :D ruclips.net/video/P_ZQKeXf-gM/видео.html
@@InsiderPhD No problem, watched that too
I am waiting for this video.Thank You
A good video for beginners before new year. Good advice!
the very first time I am happy to be...hoodwinked :)
i had a goal of getting my first bug and i found 3 (1 XSS, 1 IDOR, 1 logic) bugs now i have a goal before moving to next bug type i wanna get my first bounty for that i have been looking at a target for 4 days and found nothing, should i move to other program or stay in this ?
Woah, fantasric that's a serious achivement you should be so proud of yourself! I think the decision has to be yours BUT it's okay to give up, it's fine to go "this is above my skill level" part of being a great bounty hunter is about cutting your loses. Ask yourself "Have I tested every endpoint?" "Have I reached the limit of my knowledge?", working on hard targets is good, it's good to push yourself, make sure you are taking "giving up" as a learning opportunity.
Try crlf or templates injection or html injection to raise your bounty bro🙃🙏
Thanks for uploading this >3
It's a great video
cool
My first bug was RCE it's not impossible it's just super rare to happen
This is amazing!!
I have found RCE twice on different private programs. You really need to think as a developer and what could go wrong. Image tragic exploits are worth checking out. Work hard people, RCEs are really hard to find.
I agree Image Tragick is the best place to look for RCEs as a beginner, lots of write ups, documentation AND PoCs for you to use. Though the best RCEs will always be custom payloads Image Tragick is a great first RCE
@@InsiderPhD RCEs need a lot of homework to be done. It's not a low hanging fruit. Doing some hack the box machines help
I'm also looking for RCE just read a lot and focus on cves DB LFI/RFI is the best
Atul Gautam completely agree, well said!
@@borhangherbi8189 RCE is often found by chaining a lot of vulns
Thanks mate
Lol I was so suppicious abt this video, I knew it
I wanna ask something; I'm really confused. I want to test on for ex. 100 report resolved program but when i'm testing I think like this "oh 100 bugs already were found i can't find more" and I can't continue testing. I'm not full beginner and I don't always want to test on new programs but when i started testing on some "100-200 bugs found" programs I can't escape from this thought. How should i think or do?
My first bug was on Uber, on one of their main applications. There are bugs out there sometimes all it takes is someone from a different background, or a different point of view or different brain to find them. The important thing to realise is that you aren't like every other bounty hunter because no one has your brain. And so what if you find a dupe, a dupe means you're doing the right thing, you're finding bugs, yeah it sucks you don't get a bounty but finding a bug is actually bloody difficult. Maybe through that process, you learn more about how to find the next one in a new way.
@@InsiderPhD Thank you so much motivated
Such a great advices! Thank you :)
are you angela yu?
Keep on making Video
Big fan of your videos
Didn't think they were that easy... but if someone thinks they can teach me in one 30-min video, I'm game. :D
RCE is hard
U r amazing mate....great explanation and motivation...
Is it possible to connect with you via mail,reddit or discord?
Thank you! You can find me on Twitter twitter.com/InsiderPhD or I have a discord you can join discord.gg/V8EXEkr
@@InsiderPhD thanks alot I joined discord
looking with interest on your posts! I invite to our discord if you'd like :)
I hope I found this earlier
U looks confused by ur face too😎
@@e1Pr0f3ss0r Go see you bakri videos.
patience is great
RCEs are very easy to find even a blind monkey can find them. Make sure you have aged abit before you post another vid pal
I am interested in the depth of your avatar. 923? know anything?
@@the1windwaker freemason avatar you like i have been a member for 4 year now and i enjoy it
improve the audio quality its very low
You should clean up your ears because the volume is great you are the only one complaining
@@ark3r745 touggourt is here
@@borhangherbi8189 welcome bro (from Algiers)
Use headphones, I hear her perfectly.
Dee Dee nope he is right.
No thanks I don't learning from this