I received my first bounty by targeting a small, relatively unknown, sub domain connected to a large public program. It used to belong to a small company that was recently bought out by the big one so I figured it might be an “untapped resource” if you will.
It might help to force yourself to pick a program and just say "this week I am going to work on X, and I'm going to look for bug type Y and Z" like go deep
Ahaha my dissertation was on deciphering ancient languages, my wallpaper is a graphic I made for my dissertations, not Egyptian but greek! The writing system is called Linear B
I have mixed opinions, I think a few years ago XSS was great! But now there's a lot involved to finding an XSS bug and most are being found by pros with significantly more expertise in bypassing WAFs. However, other people tell me that this gives beginners a good chance to learn how javascript/hacking can work. So if you ask me XSS is dead or dying for beginners. If you ask others XSS is a good first bug still.
zeus cybersec 0: How the web works (Web application hackers handbook - free at HackerOne is great for this) 1: How to use burp (my videos + practice) 2: What bugs are out there and the signs of them (my videos) 3: How to exploit these bugs (practice on CTFs /real targets)
@@InsiderPhD thing is I am in this field for 1 year.Preparing for oscp and done many oscp like ctfs.I am more of a network guy but I love web security too.I have done dvwa and Over the wire Natas challenge.I have a good idea on advancd used of Burpsuite.What ctfs/books do you recommend for Getting good in web?Also I don't feel confident as I have given most of my time to ctfs be it network or web.Please help me Katie🙁How can I boost my confidence and what web related books/ctfs should I finish before dipping my feet into bug bounty?
I think given your experience you need to START HACKING. It’s always going to be tough but that’s eventually where you want to be so pick a bug, pick a target and just START HACKING. Will it be hard, of course! But nothing worth doing is easy!
You can find this in my Finding Your First Bug series or my video on Live API Hacking, both have step by step guides. To find websites to hack you register on a bug bounty platform like HackerOne, Bugcrowd, Intigriti etc, and choose a target like I'm showing on this video
hbbss hbbss IDORs for sure, not that technically complex, and you can just methodically test endpoints one by one. Relies more on determination than technical skills
Check out the whole series, especially Business Logic and IDORs which I think are great first bugs when you haven't got a lot of technical skills yet. You can also practice with CTFs
I’m unfortunately not a great RUclipsr lmao and it took me a few attempts to get the audio right, for the moment just increase the volume but in the future I have fixed this issue!
@@InsiderPhD i ran it on big speakers used earphones did eq on chrome to boost high end still was quite low. hoping to see a fix soon. thanks for resonding. #ayylmao for life.
I received my first bounty by targeting a small, relatively unknown, sub domain connected to a large public program.
It used to belong to a small company that was recently bought out by the big one so I figured it might be an “untapped resource” if you will.
Not to be intrusive or anything but what bug did you find??? I'm also starting to get into bug bounties and trying to find a good methodology 😁😁😁
Please never stop doing these
That' what I've been expecting for weeks.. Thanks!
:D Glad you like it, I intend to do a bug bounty methdology/approach video as a follow up to this one soon
Thanks, that was really informative for me as a beginner
Really doing a great job...Loved IT ..Waiting for more to come..
Thank you so much, next video will be out tomorrow :)
Thankyou Queen for being dope, Sharing your material to my newer team members has been a beauty.
It was pretty much useful. Thank you very much for your help.
you are absolutely amazing. Really appreciate the information you putting forward.Thanks!!!
Starting here and leaving this comment to check on in 12wks and hopefully already have found a a buf by then
?
So did you find one?
?
Thanks! Was informative. Keep uploading videos
I really liked this presentation, will try to take into consideration every point
an amazing video that's exactly what i was so confused about
Thank you! Now i don't roam around on h1 for 30 minutes then start a program and give up after 5 minutes lol
It might help to force yourself to pick a program and just say "this week I am going to work on X, and I'm going to look for bug type Y and Z" like go deep
@@InsiderPhD indeed!
I am speechless, thanks. it really helps.
I will watch everything content you make
you made my day. 😍😍😍😍🙏🙏🙏🙏🙏
Great video! All the scrolling up and down in the last 5minutes made me a bit dizzy, but other than that great content. Thanks a lot 😂✌️
Killer video, very useful, Thanks for taking the time to do this. :)
Sounds like aussie accent 😅😅
love your content.
British :)
Great job. Thank you. And by the way, are you going to hack in to the pyramid(31:58) as well?. :)
Ahaha my dissertation was on deciphering ancient languages, my wallpaper is a graphic I made for my dissertations, not Egyptian but greek! The writing system is called Linear B
Subscribed just now! your videos are awesome ❤️ please keep sharing
Nicee, thank you for posting this video. It was very helpful
You are everywhere bruh😂
@@SankizTime lol XD
@@eduarddd7 bro, sorry! I don't have discord on this phone, so i am not able to talk to uu these days :(
@@SankizTime Oh, it's okay buddy, text me when u can.
brilliant video mate.
Massive thanks 💛
Thank you, that’s helped me a lot
great video, im motivated.
Great video ✌🏻✌🏻
Thanks for the video, very useful !
thank you for your work!
Thank u that was really useful
Just subbed. Amazing content!
Thank you!
Thanks so much!
Thank u from Vietnam
Brilliant content
This was so good
It's a very helpful and interesting video. thanks
Glad it was helpful! That's very kind of you :)
can u make a video on spf missing with what type of information should written in it nd proof also. plzz
Wow great one ..... very help-full
Awesome !! Video :D K33p Posting .Thanks
It says 'enforces a Signal Requirement'. How I can find bug bounty programs without these requirements or how to fix them?
Thank you so much for sharing it,🙏💞🇳🇵
Will you also be making practical video's on bug hunting?
R Y I intend to make a full bug bounty methodology/how to approach targets as a follow up to this one :)
perfect thanks
Amazing! What do you think about XSS as first Bug bounty for a Beginner ?
I have mixed opinions, I think a few years ago XSS was great! But now there's a lot involved to finding an XSS bug and most are being found by pros with significantly more expertise in bypassing WAFs. However, other people tell me that this gives beginners a good chance to learn how javascript/hacking can work. So if you ask me XSS is dead or dying for beginners. If you ask others XSS is a good first bug still.
Katie pls help.What are the prior knowledge needed for bug bounties? Shoud I do vulnerable web applications?any good books
zeus cybersec
0: How the web works (Web application hackers handbook - free at HackerOne is great for this)
1: How to use burp (my videos + practice)
2: What bugs are out there and the signs of them (my videos)
3: How to exploit these bugs (practice on CTFs /real targets)
@@InsiderPhD thing is I am in this field for 1 year.Preparing for oscp and done many oscp like ctfs.I am more of a network guy but I love web security too.I have done dvwa and Over the wire Natas challenge.I have a good idea on advancd used of Burpsuite.What ctfs/books do you recommend for Getting good in web?Also I don't feel confident as I have given most of my time to ctfs be it network or web.Please help me Katie🙁How can I boost my confidence and what web related books/ctfs should I finish before dipping my feet into bug bounty?
I think given your experience you need to START HACKING. It’s always going to be tough but that’s eventually where you want to be so pick a bug, pick a target and just START HACKING. Will it be hard, of course! But nothing worth doing is easy!
@@InsiderPhD True.Thanks Katie☺️By the way can I add u on insta?I like connecting to people in the community
I don't have instagram I'm afraid! But you can follow me on twitter and @ me any time if you have questions and I will DM you :)
When showing a webpage.. could you slow down a bit? The constant scrolling doesn't allow the viewer to see what you are seeing.
Thanks for the feedback, I will definitely slow down!
i want practical demonstration of finding bugs of any vulnerabilities step by step ? and how to find the qwebsites having the bugs or not?
You can find this in my Finding Your First Bug series or my video on Live API Hacking, both have step by step guides. To find websites to hack you register on a bug bounty platform like HackerOne, Bugcrowd, Intigriti etc, and choose a target like I'm showing on this video
thanks!
Why does it matter
3:06 4:30
Things to consider
4:30 5:58
hello.. if i targeted my hacker one then how i will go their website? i will just login to their website through their link they are provided there?
Can you make a course please ?
Spoilers :) by this is something I’m actively looking into less technical more how to find your first bug and get consistent :)
best "complete beginner bug"?
hbbss hbbss IDORs for sure, not that technically complex, and you can just methodically test endpoints one by one. Relies more on determination than technical skills
Sick! Thanks again for your help, love the content!!
What is “scope”
That’s the stuff you’re allowed to hack or not allowed, it means if you find a bug in X software they will pay a bounty :)
@@InsiderPhD thanks so much
Thought it was a tool or something
Yankee with no BRIM!!
Good
Killer video, very useful, mic sucks
lol i got no skills or knowledge about coding how can i do it
Check out the whole series, especially Business Logic and IDORs which I think are great first bugs when you haven't got a lot of technical skills yet. You can also practice with CTFs
Cute voice
How old are you?
very low audio volume. had a hard time tbh
I’m unfortunately not a great RUclipsr lmao and it took me a few attempts to get the audio right, for the moment just increase the volume but in the future I have fixed this issue!
@@InsiderPhD i ran it on big speakers used earphones did eq on chrome to boost high end still was quite low. hoping to see a fix soon. thanks for resonding. #ayylmao for life.
Hi what is your age plz
Love your voice. so sweet. :)
Your voice is wery low please chenga your mic