Purchase my course and learn about bug bounty hunting with over 11 hours of content, 100+ labs, and 15+ vulnerability types bugbounty.nahamsec.training
01:15 == Mindset - Through negativity out of the room when you are hunting, there are always bugs - Show some Impact on the company, No impact = no value of your bug - CTF approach 04:20 == Approach 07:34 == The right vehicle / Think before you pick a program 09:58 == Collaboration is the key 10:41 == Celebrate the Success / Enjoy the little moments Love you Nahamsec sir ! 🙌🙌💖💖
00:04 Bug bounty hunting can change our lives and provide a new career path with significant financial opportunities. 01:36 Approach bug bounty hunting with a positive attitude and focus on finding vulnerabilities. 03:00 Bug bounty hunters have a relentless mindset and are always looking for solutions to problems 04:28 Choosing between manual and automated bug hunting determines your approach 05:53 Manual approach is recommended for new bug bounty hunters 07:14 Choosing the right bug bounty program is crucial 08:40 Use metrics to choose a good bug bounty program and consider the minimum bounty amount 10:03 Collaborate with others to find more vulnerabilities and make more money together.
1:50 | Looking For The Right Bugs (Mentality) 4:21 | How Will You Look For Bugs? (Automated Approach) 5:53 | (Manual Approach) 7:32 | Picking the Right Bug Bounty Programs 10:39 | Celebrate 🎉
I bet you've had feed back from noobs where ppl are frustrated that they are not finding vulns, but you should emphasize that ppl who have found a bug, written it up, submitted it to the bug program, and received a 'Duplicate,' should be praised for their progress. Think of all the skills that went into producing just the first report. > Recon > Training on what to look for > Mindset, CTF attitude of not giving up > Investigating the vagueness of information ( digging for diamonds in dirt) tuning your bounty senses > Hypothesis, investigation, and proof of concept > Writing a report. All of these things together need to be developed in concert in order to produce a report that could even qualify for a submission. Forget about the fact that in the end it turned out to be a "Duplicate," first time bug hunters should be proud that they are writing a turning in a report at all!!! 😍😍
where's the blog post where you talk about how to select a good BB target, also, would love to see a video on the automated method you briefly mentioned.
Nahamsec, regarding some hunters that are running a scan in the background and aggregating their data to find better vulnerabilities, can you talk you talk about how people setup systems that support their niche interests. It seems like we need to double down on the TTPs (tactics, techniques, procedures) that we are familiar with and learn how to leverage those interests when summing up the impact in our vulnerability reports.
honestly we can't choose between those two. So please please please do both, and if it's possible add a third video showing how you can mixte the two of them. thank you.
the more i learn, the more i realize i don't know anything, but it motivates me, so i dedicate more hours each day, i don't feel nowhere near ready to start doing bug bounty, but i know it will come.
Eventually you'll be familiar with 100 things and you won't know how to use those things well but you'll know what they are after learning about 100 more things you'll start to realize how they work together and how you can chain the things you know together to get results it's a long process but each day it will get easier. The best thing you can do is just keep learning and really go deep look at other peoples comments and advice because it will really help you start making those connections in what you know and what to look for.
7:18 YES we want to hear from you about this, If you have made a video please update description, comment section and the, I Button (recommendation/suggestion etc).
It is really great man. Don't get tired of us. We are working hard to get there... btw...what chair are you using? Maybe that can be a starting point lol
I would love to learn Manual testing, I've been struggling for over a year now haven't even started hacking still trying to understand vulns please teach us the manual approach
You're all retards. First off OP, that logic is there because people look up videos too much and otherwise piss away time. It's resolved by going out and jumping in to it. RUclipsr isn't making 1,000 a month from bounties. He never said how much he's making, you're just rudely assuming. And while I'm sure hes getting revenue from these videos, I doubt it is much. tl;dr stfu and do bug bounties
In next video please give us more information about both manual and automated approach and if possible please tell some tools for both approach which are used commonly, and one more thing you are creating great videos hacking and bug bounty programs , thank you for sharing great contents
Sometimes i find p1 bugs ( example: ssti ) that cannot be exploited at all despite all my efforts . It is weird because i find these bugs very quickly but since i cannot exploit them i do not report and i get very frustrated. I know i should collaborate but for now i prefer learning on my own .
My latest example: I could inject a ssti payload in email , playing with the "change email function". The payload was like +something{{7*7}} then i checked my emails and i received +something49 . Then i tried to read some template variables with this payload +something{{var1}}{{var2}}{{var3}} i received : +somethingFalseFalseFalse Obviously i didn't report since i could'nt go any further. As you mentioned for me it is not a real bug but though :(
both manual and automated approach like combination and make also some videos on some rare internal bug which is not disclosed by companies which was highest paid so talk about that also. thank you
@@avainnovations587 sorry I have to be able to do this on my own. Maybe after I'm comfortable knowing that I'm good enough to bring something to the table for collaboration.
found my first bug, but couldn't move any further :(, should I quit hacking for a while and learn Web development and get back to hacking? or should I do both in parallel? what would you do if you were in my place?
To days most of the companys before posting bug platform they are doing lot automated scannings using ai tools and internal security teams testings even 3rd party audits, after they are posting bug platforms me like new beginners can find any bug in real world success rate ???
I don't freaking understand why man ? just why ? i mean Nahamsec sir posts a video and maybe he will be thinking : "Ohh let me give this knowledge to my community people ", but here whenever i watch his new video i get the Motivation to hack more and more with the right positive mindset of a bug bounty hunter like Nahamsec 😂😂, also with new and crystal-clear knowledge and critical thinking,, Thank you very very much sir, i don't know if you have this idea that your content is helping this much to the newbies out there like me, really thank you very much by heart 💖💖💖💖
@@NahamSec For sure sir ! Sir i have a doubt if you can answer me please, sir i have a bug bounty program, but this web application has very less functionality, the product of this company is mainly the android app of games (gambling games), but they do have this website in scope, but this website doesn't have any login/upload/download functionality, but what it has is apis, api of payment api and other 2 apis, and simply the android app, and currently i am not into android apps, so should i hack this website for findinf my first valid bug ?? this website in based in my country india and this program is on indian bug bounty platform so many less people from outside india have looked on it, i tried, but should i spend some days into this program to find hidden assets if there are any, or just leave this and find a new program on hackerone ?
Because when I first started hacking, there wasn't a lot of resources for me to learn from. If it wasn't for me peers and friends publishing their write ups, I wouldn't have learned all the stuff I did! Those write-ups pushed me to the right direction. Not everyone has an agenda to teach you stuff to become their competition. :) And honestly, I don't think me giving you advice on how to approach bug bounties and learning how to hack is going to make someone my competition overnight.
Thank you for the video NahamSec, I would like to see a manual recorded approach how to for a target. I started like from your video How to (Bug Bounty Hunting in 2023)[ruclips.net/video/FDeuOhE5MhU/видео.html] with a VDP program (DoD) and trying to find any Bugs to build up confidence. For other viewers, you can re-evaluate your comfort level after watching the video by answering the following questions: 1. Mindset for Bug Bounty Hunting How does a positive mindset impact bug bounty hunting? Why is it essential to leave negativity behind when approaching bug bounties? How do CTF players' mindsets benefit them in bug bounty hunting? 2. Approach to Bug Bounty Hunting What are the pros and cons of automated vs. manual bug hunting? How can someone ensure their automated tools are up-to-date? Why might a manual approach be better for beginners? 3. Choosing the Right Bug Bounty Program How can one determine if a bug bounty program is active and worthwhile? Why might larger companies or applications be more lucrative for bug hunters? How can metrics like the number of bugs paid and average bounty amounts influence one's choice of a program? 4. Celebrating Small Wins Related Questions: Why is it important to celebrate small achievements in bug bounty hunting? How can celebrating small wins impact one's motivation and drive? What are some ways to celebrate these wins?
Purchase my course and learn about bug bounty hunting with over 11 hours of content, 100+ labs, and 15+ vulnerability types
bugbounty.nahamsec.training
Can you please provide a voucher for this if any?
Can you please provide a voucher for this one ?
01:15 == Mindset
- Through negativity out of the room when you are hunting, there are always bugs
- Show some Impact on the company, No impact = no value of your bug
- CTF approach
04:20 == Approach
07:34 == The right vehicle / Think before you pick a program
09:58 == Collaboration is the key
10:41 == Celebrate the Success / Enjoy the little moments
Love you Nahamsec sir ! 🙌🙌💖💖
true true true true true
00:04 Bug bounty hunting can change our lives and provide a new career path with significant financial opportunities.
01:36 Approach bug bounty hunting with a positive attitude and focus on finding vulnerabilities.
03:00 Bug bounty hunters have a relentless mindset and are always looking for solutions to problems
04:28 Choosing between manual and automated bug hunting determines your approach
05:53 Manual approach is recommended for new bug bounty hunters
07:14 Choosing the right bug bounty program is crucial
08:40 Use metrics to choose a good bug bounty program and consider the minimum bounty amount
10:03 Collaborate with others to find more vulnerabilities and make more money together.
1:50 | Looking For The Right Bugs (Mentality)
4:21 | How Will You Look For Bugs? (Automated Approach)
5:53 | (Manual Approach)
7:32 | Picking the Right Bug Bounty Programs
10:39 | Celebrate 🎉
I bet you've had feed back from noobs where ppl are frustrated that they are not finding vulns, but you should emphasize that ppl who have found a bug, written it up, submitted it to the bug program, and received a 'Duplicate,' should be praised for their progress.
Think of all the skills that went into producing just the first report.
> Recon
> Training on what to look for
> Mindset, CTF attitude of not giving up
> Investigating the vagueness of information ( digging for diamonds in dirt) tuning your bounty senses
> Hypothesis, investigation, and proof of concept
> Writing a report.
All of these things together need to be developed in concert in order to produce a report that could even qualify for a submission.
Forget about the fact that in the end it turned out to be a "Duplicate," first time bug hunters should be proud that they are writing a turning in a report at all!!! 😍😍
I feel motivated even though i haven't found one yet.
@@therelatableladka Bro could we connect on discord
This is my goal. I've been studying so hard to reach it. Hope to find my first bug soon :)
Best of luck!
Can we be an accountable partners on bug bounty
@@camelotenglishtuition6394
Can we be accountable partners on bug bounty
@bxnny0374 did you find bug ?
Thanks so so much Naham. Overwhelming for me as a beginner. But exciting and interesting. Thanks
where's the blog post where you talk about how to select a good BB target, also, would love to see a video on the automated method you briefly mentioned.
Here you go! nahamsec.com/posts/hacking-full-time
Thanks! you're a G@@NahamSec
Nahamsec, regarding some hunters that are running a scan in the background and aggregating their data to find better vulnerabilities, can you talk you talk about how people setup systems that support their niche interests.
It seems like we need to double down on the TTPs (tactics, techniques, procedures) that we are familiar with and learn how to leverage those interests when summing up the impact in our vulnerability reports.
Large scopes is where the gold is and mix manual with automation that will make you a better hacker and focus on one vulnerability class at a time.
honestly we can't choose between those two. So please please please do both, and if it's possible add a third video showing how you can mixte the two of them. thank you.
You are one of the best, thnak you very much for all what you are offering to the comunity
Would love to see a video on using both manual and automated methods combined
This. A combined or hybrid method, aggregating info to find higher value bugs.
the more i learn, the more i realize i don't know anything, but it motivates me, so i dedicate more hours each day, i don't feel nowhere near ready to start doing bug bounty, but i know it will come.
Eventually you'll be familiar with 100 things and you won't know how to use those things well but you'll know what they are after learning about 100 more things you'll start to realize how they work together and how you can chain the things you know together to get results it's a long process but each day it will get easier. The best thing you can do is just keep learning and really go deep look at other peoples comments and advice because it will really help you start making those connections in what you know and what to look for.
You're a true inspiration, Ben! ❤
hey Ben i would like to see both aproaches in order to be able to adapt to every single situation possible
MANUAL APPRAOCH VIDEO NEEDED ASAP , THANKS
7:18 YES we want to hear from you about this, If you have made a video please update description, comment section and the, I Button (recommendation/suggestion etc).
We're waiting the manual vs automated video ❤❤
Soon :)
It is really great man. Don't get tired of us. We are working hard to get there...
btw...what chair are you using? Maybe that can be a starting point lol
Awesome video my mentor ❤❤🎉🎉
I definitely want to hear more about combining automation with manual hacking.
I would love to learn Manual testing, I've been struggling for over a year now haven't even started hacking still trying to understand vulns please teach us the manual approach
Thank you so much for an awesome video..!!
Eagerly waiting for nahamsec to release his new membership video on hacking a target
It seems simple as you're saying when you're saying it like this, but it's intimidating out there...
If it was easy everyone would be doing it
It's RUclips. He's the one making 1k a month from bug bounties but it actually from bug bounty vids RUclips ad revenue 😂
@@anotherguy9402 shut up bro 😂😂😂😂
You're all retards.
First off OP, that logic is there because people look up videos too much and otherwise piss away time. It's resolved by going out and jumping in to it.
RUclipsr isn't making 1,000 a month from bounties. He never said how much he's making, you're just rudely assuming.
And while I'm sure hes getting revenue from these videos, I doubt it is much.
tl;dr stfu and do bug bounties
Hi nahamsec, how you deal with frustration when you started bbh ?
Thanks for the video =)
Definitely would love to know more about manual and automated. I am brand new to this.
In next video please give us more information about both manual and automated approach and if possible please tell some tools for both approach which are used commonly, and one more thing you are creating great videos hacking and bug bounty programs , thank you for sharing great contents
Though automation is good, but I made more with manual
Thank you!
Sometimes i find p1 bugs ( example: ssti ) that cannot be exploited at all despite all my efforts . It is weird because i find these bugs very quickly but since i cannot exploit them i do not report and i get very frustrated. I know i should collaborate but for now i prefer learning on my own .
if you cant exploit them then they probably arent bugs 😊
My latest example: I could inject a ssti payload in email , playing with the "change email function". The payload was like +something{{7*7}} then i checked my emails and i received +something49 . Then i tried to read some template variables with this payload +something{{var1}}{{var2}}{{var3}} i received : +somethingFalseFalseFalse
Obviously i didn't report since i could'nt go any further. As you mentioned for me it is not a real bug but though :(
ho the payload was in fact ...{{var1 != null}}...
I hope someday i'll be commenting here again celebrating my very first bounty.
Thank you for this informative video, do you think it is good idea to pursue bug bounty after getting the OSCP?
wait full time and you only make a 1000 bucks?
thanks man🙏
Awesome! Will you update your coursev or create some more? 😊
Love you ben ❤️
Thanks Nahamsec, I very appreciate if you go next video with manual method.
@NahamSec is your Udemy course still relevant, where do I start learning?
both manual and automated approach like combination and make also some videos on some rare internal bug which is not disclosed by companies which was highest paid so talk about that also. thank you
i would like manual more than automated I am looking at packet type bugs
I want to know more about manaul bug bounty hunting. Can you upload thats type of videos
i want to know how much time should spend before given a up finding a vulnerability on a specific target.
Wish me a luck for my first bounty
I've been studying my ass off. I'll be happy if I find a $100 bounty.
Care to collaborate on the journey? Studying my ass off here too.
@@avainnovations587 sorry I have to be able to do this on my own. Maybe after I'm comfortable knowing that I'm good enough to bring something to the table for collaboration.
Studying my ass here also! I am I interested !
@@codeinspector what's your Twitter handle or email?
Studying my ass ass off man. I can feel you
Traditional approach, same thing. But what if one don't have any machine to do further, the condition where I am standing 😢
Can you teach me im semi retired and been learnings python with no direction. Id like to make 1-2k month while doing ethical hacking.
Am the first to comment you are my mentor ❤🎉❤🎉 I love your great work bro
I follow you every social media platform I have and the notifications are always on 😂😂😂😂
You are the best
How to buy course
found my first bug, but couldn't move any further :(, should I quit hacking for a while and learn Web development and get back to hacking? or should I do both in parallel? what would you do if you were in my place?
@@camelotenglishtuition6394 it was blind xss
Thanks
To days most of the companys before posting bug platform they are doing lot automated scannings using ai tools and internal security teams testings even 3rd party audits, after they are posting bug platforms me like new beginners can find any bug in real world success rate ???
you are the best
Are you active on twitch !!!
I will be back soon :)
Any idea when the course will get an update?
Soon! Working on labs is taking a bit longer than expected
@@NahamSec No worries. I've owned it a while and I'll wait for the update to go through it. Thanks for what you do man. Take it easy
New to this comment section and a new subscriber. Would you recommend TCM bug bounty course or Hack The Box CBBH before trying
Manual vs. Automatic
thanks
1st manual
Then auto
BRO CAN CORS INCREASE IMPACT OF SUBDOMAIN TAKEOVER
First again ❤
عاشقتم
1:18
manual like arch angel dougles day mindset .................
Hello, if I'm new to Bug Bounty Hunting, would you recommend Web 2 or Web 3 bug hunting?
I don't do any web3.0, so Web 2 forsure
Both videos
Bug Bounty is a Myth. Don’t fall in to it by hearing these guys
manual
Duuude 1000$/mo in Poland and im reach AF
Manual pls
manuel plz or 50 / 50
I don't freaking understand why man ? just why ? i mean Nahamsec sir posts a video and maybe he will be thinking : "Ohh let me give this knowledge to my community people ", but here whenever i watch his new video i get the Motivation to hack more and more with the right positive mindset of a bug bounty hunter like Nahamsec 😂😂, also with new and crystal-clear knowledge and critical thinking,, Thank you very very much sir, i don't know if you have this idea that your content is helping this much to the newbies out there like me, really thank you very much by heart 💖💖💖💖
get to hacking!
@@NahamSec For sure sir !
Sir i have a doubt if you can answer me please, sir i have a bug bounty program, but this web application has very less functionality, the product of this company is mainly the android app of games (gambling games), but they do have this website in scope, but this website doesn't have any login/upload/download functionality, but what it has is apis, api of payment api and other 2 apis, and simply the android app, and currently i am not into android apps, so should i hack this website for findinf my first valid bug ??
this website in based in my country india and this program is on indian bug bounty platform so many less people from outside india have looked on it, i tried, but should i spend some days into this program to find hidden assets if there are any, or just leave this and find a new program on hackerone ?
Manual
these videos are all the same. Nothing new. Same things repeated again again and again.
Manual. 😅
Avengers Assemble 😁😁
❤❤❤
i am late 😮💨
Noice
First!
😮💨
Free Palestine 🇵🇸
Free Playstation
HEHEEE yoo
if you don't mind can you please make a video in the MANUAL approach. i feel like manual is harder to wrap the head around than automation
Will do!
Ask yourselves people why would someone teach people to become his competition?
Because when I first started hacking, there wasn't a lot of resources for me to learn from. If it wasn't for me peers and friends publishing their write ups, I wouldn't have learned all the stuff I did! Those write-ups pushed me to the right direction. Not everyone has an agenda to teach you stuff to become their competition. :) And honestly, I don't think me giving you advice on how to approach bug bounties and learning how to hack is going to make someone my competition overnight.
manual approach please..........................!!!!!!!!!!!!!!!!!!!!!!!!
Thank you for the video NahamSec, I would like to see a manual recorded approach how to for a target.
I started like from your video How to (Bug Bounty Hunting in 2023)[ruclips.net/video/FDeuOhE5MhU/видео.html] with a VDP program (DoD) and trying to find any Bugs to build up confidence.
For other viewers, you can re-evaluate your comfort level after watching the video by answering the following questions:
1. Mindset for Bug Bounty Hunting
How does a positive mindset impact bug bounty hunting?
Why is it essential to leave negativity behind when approaching bug bounties?
How do CTF players' mindsets benefit them in bug bounty hunting?
2. Approach to Bug Bounty Hunting
What are the pros and cons of automated vs. manual bug hunting?
How can someone ensure their automated tools are up-to-date?
Why might a manual approach be better for beginners?
3. Choosing the Right Bug Bounty Program
How can one determine if a bug bounty program is active and worthwhile?
Why might larger companies or applications be more lucrative for bug hunters?
How can metrics like the number of bugs paid and average bounty amounts influence one's choice of a program?
4. Celebrating Small Wins
Related Questions:
Why is it important to celebrate small achievements in bug bounty hunting?
How can celebrating small wins impact one's motivation and drive?
What are some ways to celebrate these wins?
Thank you for the info! 🦾🥳
Manual