want to know step by step procedure to start with bugcrowd and what are the known issue mentioned in program, should we ignore thore vulnerabilities. basically want to see bugcrowd and start attack on any program. doesn't matter if you find vulnerability or not.
I didn't came to the comment section for the giveaway... my guess was right.. every comment is worth reading. I got so much useful stuffs from here...there was 195 comment when i wrote this.... I don't have any great tips as others have... Happy hacking, Happy learning... that's it..
My Tip for Bug bounty 1.Don't run for Burpsuite pro, community edition is also good. (chrome tools aswell) 2. In case you feel VM is heavy for your system use docker (make sure save your data before exiting docker). kali is also available in docker and many other images available. 3.Running out of memory because of burp add "-Xmx2g" i.e "java -jar -Xmx2g" (2g is memory allocated to burp). 4.Give more time to your learning 5.Place to inject payloads Cookie,host header,Referal header. 6.Invest in your self 7.Keep yourself mently and physical fit. Twitter handle @mt_ins
1. Recon is very important so that extract all possible information about our target. 2.always try to find vulnerability on a subdomain because big scope to find vuln on a subdomain. 3. Properly read the policy of the program. 4. Keep patience. 5. Always ready to face failures but don't lose your confidence. 5. Don't rely on automation expect(proxy, subdomain finder), always try the manual testing. 6. Not focus on money just focus on learning. 7. Once the bug is found then make a clever report and make by your self don't copy on the google.
That was a quick video giving quite a good insight on GraphQL. Thanks Farah, About the Tip: No point in just watching or reading thru hacktivity / blog, One has to step into action on Bugbounty (Open browser and start cracking) ;)
We asked and you heard. Thank you for the video. That was amazingly explained. 🙌 There are few things that I learnt over the time while doing the bug bounty hunting: 1. Recon is one of the most important steps while understanding the application. There are many parts of the application that people forget to look for and those things can cause pretty serious damage to the organization if not found and reported. So, always do the recon first and do it effectively. As Abraham Lincoln famously quoted, “If I had eight hours to chop down a tree, I'd spend six sharpening my axe.” 2. Always write crisp and clear reports. I cannot stress this enough. Always write the reports that are easy to understand and can provide a good learning experience to everyone reading that report. We all learn from each other. @PranavGadekar9
Automate everything, apply all concepts recursively, do things that nobody else is, research, be persistent, macro recon, micro focus, read bug reports, community learning, collaboration, keep it fun, don't sacrifice wellbeing! Good luck! Grinning face with smiling eyes What do you mean by Automate everything take this example: Suppose we have like 600k URLs , then what bugs can we look for if we go breadth wise and how? Write bash script to Send standard headers along with 'Origin' in every request. git folder common resources e.g. .git info from headers e.g. Jenkins instance, bad CORS page classification e.g. if 'type="password"' in response: login page elseif response == '': blank page subdomain takeover One of the best secret for finding bugs is to never assume anything i feel 100 people can look same features on that application and they will go na sure that is not vulnerable and the 101 people will find the bug. Loook at this article below , he did what 100 people didn't actually missed out to do blog.dewhurstsecurity.com/2014/12/09/how-i-hacked-facebook.html
My tip : use shodan extension so you can easily find ip , host , port, services running on , 2. If you wanna use GitHub, gitlab tools without downloading in your system usr gitpod.io it's really fast give it a try . 3. Must use container extension so you don't need many browser ,.
my fav bug bounty tip is: review source code as much you can this can leads sometime advanced exploitation such as : RCE through insecure desirialization :)
This video was very helpful. I just came across an application today that utilized graphql and I had no idea where to begin testing it. And then I found you're channel while surfing youtube looking for some anime to watch later in the day. Imagine that! Lol Great stuff. Thanks.
A suggestion: Can you please keep the mouse pointer visible? It'd help us follow along. Otherwise, viewers might miss things if you clicked some button they weren't looking at. My Bug Bounty Tip: Follow Farah Hawa' YT channel. haha kidding. My tip would be, to explore every single functionality and end point like a normal user before attacking. Read every single request, every single response. You never know a redirect page's response might give you something interesting. The more you know about your target, the more you will find bugs. The time spend understanding the target really pays off.
I would like to mention two very important tips: Firstly, be more elaborate and focus on writing good quality reports. Be more precise in formatting and writing steps in detail which is easy to read because think from two perspectives one of the researchers who will reproduce your report and other researchers who gain valuable insights from it. I come across a lot of reports and it's easy for me to understand. Secondly, I see a lot of people working for monetary purposes without possessing prior knowledge. Money is a part of the process but rather focus on upgrading your skills and watching a lot of videos or reading reports. Get your hands dirty by working on labs and getting sound practice. There will always be bugs out there. Work on your skills it'll help you in the long run. I see people learning bug bounty hunting and making courses to benefit out from it. I guess education should be freely accessible by everyone. Focus on your skills. This is coming from someone who has 4 years of experience in this industry. This girl out there is doing a fab job. Support her and learn something valuable from her.
Pickup One Vulnerability and put rigorous amount of effort and not to take the report lightly because it's one of the major component ! Thanks @SabujMaity9
Farah awesome video this seems like SQL coding with some kind of web based manipulation. I'm new to the bug bounty game but some of the things your teaching are familiar to me. Again great video keep it up
#ProTips 1. Fingerprinting tools and techniques 2.Prince' s started git hub projects 3. AWS metadata API 4. Learn about CVE's from bug bounty twitter account 5. Minimize false positive using meme types
My Fav tip:"Before you ask anyone any questions, make sure you've looked it up and then go back when you've done research but got stuck on actual hard problems" I learned that in my hackerspace, it was hard at first because there was so much to look up but I wouldn't have become who I am without it. Love your stuff Farah, for some reason the music was shifting my concentration from your voice and explanations but that GrpahQL was really good. I'll need to watch it a couple of times will doing a lab to really get the feel of it but it's really good. @GGTioNogu
Regardless of video and content, which is awesome anyway, the comments below are so awesome as all bug hunter gave their tips to stay motivated. I think this is the best ninjaTecinque to help other hunters. Kudos to you guys..
My favorite BB tip is: Go through the application manually and try to know how it works and how its supposed to function, this may help in two ways: 1. You might find a logic flaw and report it or maybe you can exploit it to get a greater hold of the application. 2. You may prevent the clause of "Its the intended functionality". Twitter-handle: @ujjwaltyagi355 Well, I am learning web application testing, so a pentester lab subscription will be really helpful for me. Thank you.
didi apne english me bola kush samaj me aya kush nahi magar ap ki awaj kitani ashi he hy raba ap kitani sundar ho didi mene hacking shikhana habi suru kiya he me class9 me hu magar suru kase karu is par ak video banado didi
1) clear your mindset about bugbounty ( learning > money) 2) Always focus the target as it’s a fresh one 3) Always look at the path less visited. Hunt on subdomain rather than main domain Twitter - @Hacker4u5
Bug bounty is all about gaining and sharing. I would like to thank all the people who have contributed their knowledge and made this easier. :) “When you move your focus from competition to contribution life becomes a celebration. Never try to defeat people, just win their hearts.” --Buddha @kira_dhakal
Well the tip i would give is recon as much as possible and also look for endpoints in javascript as they are more vulnerable then endpoints defined in webpages. Also do look for bussiness logical bugs as they cannot be technically be patched easily. Don't have twitter btw lol 😅
Tip: always remember in life. recon is key is the cybersecuriy field. Give more time to sharp the axe then cutting the tree.this will reduce your efforts and time. Funfact: The clock behind you tells that u took 42 minutes to make this video.
"------- JUST -A- TIP ------" 1.Don't focus on money 2.Spend 3/4 of your time in recon.Because its good to know about your enemy before attacking him! 3.Don't get burnout by admiring the Top bug hunters .They were a beginner at once they've started.....Just like u..... 4.Don't Relay on tools except for a proxy.... 5.Ready to face failures and try to learn from it and give a fresh start... 6.write a clever report that makes the onlooker to give a big bounty,Rep and response 7.Lastly,..Don't Wait for someone to help you. Go from scratch and Google it all.!!!........ By->@CyberPirate9
For Subdomain Takeover always look for CMS as well and not only CNAME. Recently i saw that CMS was netlify but CNAME was not there so i went ahead to takeover and it was successfull. Just you have to upload .html on github account because it takes input from github and that's it. @rajesh1kumawat
Focus on one target & one vulnerability at a time & try to find it everywhere, say xss ..find every input field , parameters on pages, js variables then inject payloads, see what's filtering & try to bypass that. Twitter : @Samarth03_
First of all, thank you for the video. One question that I have for you is, the inQL scanner you are using, is it only used for converting the GraphQL query into a more readable format or does it provides some other functionalities as well?
If you are testing an application then you should check the application that how is it working? And check each and every request of the application because any of the requests may be vulnerable with any of the vulnerability. Twitter handle: @sengarharshit1
Tip : 1. Always check the functionality of the application to get a better picture of the application 2. Try to recon to get all the information 3. Test the basic vulnerability before going to bigger ones 4. Never give up Twitter handle : @airbender123321
music is little high. can u reduce volume of music in next video.(just a little bit). even this lvl is not a problem at all, however here i have to put little effort to isolate your voice and concentrate on that rather than music.
!!!!!..my best advice to all the begginers is don't waste your hard earned money in any courses all the content you want to learn is free online so dont waste a single currency on any course
Firstly start exploring the application without jumping to the pen testing tool ofcourse u can make use of browser dev tools. Always look at the path less travelled but sometimes u may find something in the normal path(frequently travelled) as an example Whatsapp bug discovered in 2019 which allowed the receiver to upgrade it to a video call without the knowledge of the individual making the voice call. It was a serious security issue. The reporter was an engineer graduate and made in to the Facebook Hall of Fame 2019. Twitter handle: @I_m_Saj
I am just starting learning about web applications can you recommend me any good book for learning web application architecture and the technologies used. Up untill now i have been reading web application hacker's handbook and searching about the terms on youtube or on google. Do you think it is good way to learn it?
I loved the way u simplify the concept and deliver that. Your videos are very helpful for beginners and intermediate too. My tip to hacker is: Always focus the target as it's a fresh one and try all you know. Read and read a lot. I saw your recent tall and also stok said about you which is great. I want to practice on pentester lab but lack of money. If i win i will be thankful to you and bug crowd. That's all from my side
1.Always read source code and java script files 2. Stick to one program for long time. 3. For beginners start with vdp and start hunting for idor , csrf, xss , ssrf. 4. WebSecAcademy is great for beginners and to get advanced , pentesterlab is also very good. @hemanth1261
Favt Bug Bounty Tip - Trying to get user password reset link: id=attacker - 200 id=victim - 403 id=victim&id=attacker - 200 Will give victim's password reset link to attackers email.
My bug bounty tip :Clear basic first , then build a good foundation , read write ups and resources where you can build up a good command over topic. Twitter handle :@think4indie
As a beginner, all hakluke tips are very useful to me. If I have to pick only one, then this would be my favourite "Never assume anything". Check every feature in the app, DONT assume that the feature might not be vulnerable as many people already tested it or it seems silly. twitter handle: @Thatanos789
New to bug bounty so haven't found much... I have learnt about IDORs and csrf attacks which are pretty interesting... thanks for the videos and help❤️ and if i am lucky then contact me through linkedin(we had a chat recently)
Hi Farha, those are new like me, dont know how to use github repository, could you please make a video to show how to setup lab with github repository.
My favorite tip from this video was how you used InQL, I had been previously hacking on a graphQL target without using that and it helps so much now. @JoelMonteres
Comment and let me know your favourite bug bounty tip as well as your own Twitter handle! The giveaway closes on 22nd July 2020. :)
You made comment section a blog post. .......
Cyber Pirate 😇😇
want to know step by step procedure to start with bugcrowd and what are the known issue mentioned in program, should we ignore thore vulnerabilities. basically want to see bugcrowd and start attack on any program. doesn't matter if you find vulnerability or not.
@@cyberpirate007 hey dude what r u doing here 😂😂
@@aviralgupta9869 Hey I think i know this guy......🤔🤔
I didn't came to the comment section for the giveaway...
my guess was right.. every comment is worth reading. I got so much useful stuffs from here...there was 195 comment when i wrote this....
I don't have any great tips as others have...
Happy hacking, Happy learning...
that's it..
My Tip for Bug bounty
1.Don't run for Burpsuite pro, community edition is also good. (chrome tools aswell)
2. In case you feel VM is heavy for your system use docker (make sure save your data before exiting docker). kali is also available in docker and many other images available.
3.Running out of memory because of burp add "-Xmx2g" i.e "java -jar -Xmx2g" (2g is memory allocated to burp).
4.Give more time to your learning
5.Place to inject payloads Cookie,host header,Referal header.
6.Invest in your self
7.Keep yourself mently and physical fit.
Twitter handle @mt_ins
i feel like i learned more from this video than an entire day of graphql documentation reading lol thank you so much for uploading this!
Yes, documentation is often overrated. They are good in case we want to find specific details though.
1. Recon is very important so that extract all possible information about our target.
2.always try to find vulnerability on a subdomain because big scope to find vuln on a subdomain.
3. Properly read the policy of the program.
4. Keep patience.
5. Always ready to face failures but don't lose your confidence.
5. Don't rely on automation expect(proxy, subdomain finder), always try the manual testing.
6. Not focus on money just focus on learning.
7. Once the bug is found then make a clever report and make by your self don't copy on the google.
Hi, I’m just newbie to this bug hunting and I’m doing lot recon and googling to understand the web apps. Your videos are lot of informative. Bravo!
That was a quick video giving quite a good insight on GraphQL. Thanks Farah,
About the Tip:
No point in just watching or reading thru hacktivity / blog, One has to step into action on Bugbounty (Open browser and start cracking) ;)
We asked and you heard. Thank you for the video. That was amazingly explained. 🙌
There are few things that I learnt over the time while doing the bug bounty hunting:
1. Recon is one of the most important steps while understanding the application. There are many parts of the application that people forget to look for and those things can cause pretty serious damage to the organization if not found and reported. So, always do the recon first and do it effectively.
As Abraham Lincoln famously quoted, “If I had eight hours to chop down a tree, I'd spend six sharpening my axe.”
2. Always write crisp and clear reports. I cannot stress this enough. Always write the reports that are easy to understand and can provide a good learning experience to everyone reading that report. We all learn from each other.
@PranavGadekar9
Automate everything, apply all concepts recursively, do things that nobody else is, research, be persistent,
macro recon, micro focus, read bug reports, community learning, collaboration, keep it fun,
don't sacrifice wellbeing! Good luck! Grinning face with smiling eyes
What do you mean by Automate everything take this example:
Suppose we have like 600k URLs , then what bugs can we look for if we go breadth wise and how?
Write bash script to Send standard headers along with 'Origin' in every request.
git folder
common resources e.g. .git
info from headers e.g. Jenkins instance, bad CORS
page classification e.g.
if 'type="password"' in response:
login page
elseif response == '':
blank page
subdomain takeover
One of the best secret for finding bugs is to never assume anything i feel 100 people
can look same features on that application and they will go na sure that is not vulnerable
and the 101 people will find the bug.
Loook at this article below , he did what 100 people didn't actually missed out to do
blog.dewhurstsecurity.com/2014/12/09/how-i-hacked-facebook.html
My tip : use shodan extension so you can easily find ip , host , port, services running on ,
2. If you wanna use GitHub, gitlab tools without downloading in your system usr gitpod.io it's really fast give it a try .
3. Must use container extension so you don't need many browser ,.
Oh my Twitter handle is @fuxksniper , thanks for video
my fav bug bounty tip is:
review source code as much you can this can leads sometime advanced exploitation such as : RCE through insecure desirialization :)
@hackR i know that buddy if i have to copy and paste i would pasted some good tip...this is my own tip
@hackR bany begineer skips to review source code beacause it is frustating..but if u reviwed it patiently you can get some good stuff
Feel proud to see your efforts so far! All the best Farah!
This video was very helpful. I just came across an application today that utilized graphql and I had no idea where to begin testing it. And then I found you're channel while surfing youtube looking for some anime to watch later in the day. Imagine that! Lol Great stuff. Thanks.
I just got started hacking graphql and this is so helpful thanks Farah! Keep up the awesome work ❤️
Awesome.... I literally stunned... In the end of the video I just click the subscribe button... ❤️
My Tip is, give equal time to every vulnerability in your program. You don't know what you gonna find
in short GraphQL is a query language for your API, and a server-side runtime for executing queries by using a type system you define for your data
Thank you very much for your fast and very clear explanation of these types of attacks! I really appreciate the effort you put into this video.
Cutest pentester ever .... good job Farah! Keep it up !
A suggestion: Can you please keep the mouse pointer visible? It'd help us follow along. Otherwise, viewers might miss things if you clicked some button they weren't looking at.
My Bug Bounty Tip: Follow Farah Hawa' YT channel. haha kidding. My tip would be, to explore every single functionality and end point like a normal user before attacking. Read every single request, every single response. You never know a redirect page's response might give you something interesting. The more you know about your target, the more you will find bugs. The time spend understanding the target really pays off.
I would like to mention two very important tips:
Firstly, be more elaborate and focus on writing good quality reports. Be more precise in formatting and writing steps in detail which is easy to read because think from two perspectives one of the researchers who will reproduce your report and other researchers who gain valuable insights from it. I come across a lot of reports and it's easy for me to understand.
Secondly, I see a lot of people working for monetary purposes without possessing prior knowledge. Money is a part of the process but rather focus on upgrading your skills and watching a lot of videos or reading reports. Get your hands dirty by working on labs and getting sound practice. There will always be bugs out there. Work on your skills it'll help you in the long run. I see people learning bug bounty hunting and making courses to benefit out from it. I guess education should be freely accessible by everyone. Focus on your skills. This is coming from someone who has 4 years of experience in this industry.
This girl out there is doing a fab job. Support her and learn something valuable from her.
Amazing Farah!!! 🌸💕💕💕
The music makes it feel like I am watching Khana Khazana but for Hacking lol
Pickup One Vulnerability and put rigorous amount of effort and not to take the report lightly because it's one of the major component !
Thanks
@SabujMaity9
Farah awesome video this seems like SQL coding with some kind of web based manipulation. I'm new to the bug bounty game but some of the things your teaching are familiar to me. Again great video keep it up
I learned a lot from this video, thank you Farah
#ProTips
1. Fingerprinting tools and techniques
2.Prince' s started git hub projects
3. AWS metadata API
4. Learn about CVE's from bug bounty twitter account
5. Minimize false positive using meme types
My Fav tip:"Before you ask anyone any questions, make sure you've looked it up and then go back when you've done research but got stuck on actual hard problems" I learned that in my hackerspace, it was hard at first because there was so much to look up but I wouldn't have become who I am without it.
Love your stuff Farah, for some reason the music was shifting my concentration from your voice and explanations but that GrpahQL was really good. I'll need to watch it a couple of times will doing a lab to really get the feel of it but it's really good. @GGTioNogu
Very informative...I needed this . Short and to the point
Don’t feel your starting late.its never late to do anything @AnubhavSingh_
Am I late now
Regardless of video and content, which is awesome anyway, the comments below are so awesome as all bug hunter gave their tips to stay motivated. I think this is the best ninjaTecinque to help other hunters. Kudos to you guys..
Funny short story I did MySQL coding assignments on an LG optimus screen🤣😆 which riding in a work truck on an icy Michigan road 😆🤣
You gave me a free 500 points on CTF, thank you!
My tip is that donot look for bugs where everyone is looking, think and find a place where no one had looked for
My favorite BB tip is:
Go through the application manually and try to know how it works and how its supposed to function, this may help in two ways:
1. You might find a logic flaw and report it or maybe you can exploit it to get a greater hold of the application.
2. You may prevent the clause of "Its the intended functionality".
Twitter-handle: @ujjwaltyagi355
Well, I am learning web application testing, so a pentester lab subscription will be really helpful for me.
Thank you.
Keep target in mind and work for it and search everything and always have latest information in IT @phoenix
didi apne english me bola kush samaj me aya kush nahi
magar ap ki awaj kitani ashi he hy raba ap kitani sundar ho didi
mene hacking shikhana habi suru kiya he me class9 me hu magar suru kase karu is par ak video banado didi
1) clear your mindset about bugbounty ( learning > money)
2) Always focus the target as it’s a fresh one
3) Always look at the path less visited. Hunt on subdomain rather than main domain
Twitter - @Hacker4u5
Bug bounty is all about gaining and sharing. I would like to thank all the people who have contributed their knowledge and made this easier. :)
“When you move your focus from competition to contribution life becomes a celebration. Never try to defeat people, just win their hearts.” --Buddha
@kira_dhakal
Well the tip i would give is recon as much as possible and also look for endpoints in javascript as they are more vulnerable then endpoints defined in webpages. Also do look for bussiness logical bugs as they cannot be technically be patched easily. Don't have twitter btw lol 😅
Tip: always remember in life. recon is key is the cybersecuriy field. Give more time to sharp the axe then cutting the tree.this will reduce your efforts and time.
Funfact: The clock behind you tells that u took 42 minutes to make this video.
Great job! 🎉
"------- JUST -A- TIP ------"
1.Don't focus on money
2.Spend 3/4 of your time in recon.Because its good to know about your enemy before attacking him!
3.Don't get burnout by admiring the Top bug hunters .They were a beginner at once they've started.....Just like u.....
4.Don't Relay on tools except for a proxy....
5.Ready to face failures and try to learn from it and give a fresh start...
6.write a clever report that makes the onlooker to give a big bounty,Rep and response
7.Lastly,..Don't Wait for someone to help you. Go from scratch and Google it all.!!!........
By->@CyberPirate9
Great Dude !!!
Nice Explanation. Ma'am can you please make videos, in which we can see working POC of different vulnerabilities.
great job farah
Hi fara really useful video... 😉
If you are not finding any bugs just take some time play ctfs learn new techniques and try again later and never give up
@ag3nt700
For Subdomain Takeover always look for CMS as well and not only CNAME.
Recently i saw that CMS was netlify but CNAME was not there so i went ahead to takeover and it was successfull. Just you have to upload .html on github account because it takes input from github and that's it.
@rajesh1kumawat
She was looking so cute in the thumbnail... ❤️❤️❤️❤️
Focus on one target & one vulnerability at a time & try to find it everywhere, say xss ..find every input field , parameters on pages, js variables then inject payloads, see what's filtering & try to bypass that.
Twitter : @Samarth03_
Here's a tip, dont be afraid to ask for help from the community
Nicely explained!!
Hello farah , kali linux or ubuntu ,which os should I use and which type of security tools you use to protect your self from getting cought ?
First of all, thank you for the video. One question that I have for you is, the inQL scanner you are using, is it only used for converting the GraphQL query into a more readable format or does it provides some other functionalities as well?
It generates some queries for us by automating Introspection. It's not as effective as manually doing it imo, but still pretty helpful.
Thanks for the info.
U r doing great sis. Keep it up.
Love frm Bangladesh
I found a introspection vulnerability in a website now should i exploit more or that much is enough
Bug Bounty Tip: "Try try try but don't cry".
I am liking your content, you should try to make the videos on more frequently.
Very useful video, thanks,
We are waiting for your next video
If you are testing an application then you should check the application that how is it working? And check each and every request of the application because any of the requests may be vulnerable with any of the vulnerability.
Twitter handle: @sengarharshit1
Tip :
1. Always check the functionality of the application to get a better picture of the application
2. Try to recon to get all the information
3. Test the basic vulnerability before going to bigger ones
4. Never give up
Twitter handle : @airbender123321
Hey, Thanks for explaining the things in easiest way possible. :)
Recon properly because it tells you where exactly you need to hunt for bug
@keerthik_krs
Focus on Testing and learning something new insted to earn money 💰 😊
You put up a video and see how "easy" it is
@@EdwardAmarh-01 go check my channel 😂
Since i am a beginner I can't help much, but I am suggested to use burpsuite as a tool for searching bugs.
@prorajnikant
music is little high. can u reduce volume of music in next video.(just a little bit). even this lvl is not a problem at all, however here i have to put little effort to isolate your voice and concentrate on that rather than music.
and please don't consider this comment for giveaway as i am a complete noobie and there is no way i will be able to make use of give-away.
!!!!!..my best advice to all the begginers is don't waste your hard earned money in any courses all the content you want to learn is free online so dont waste a single currency on any course
my twitter is raj123sunny
Firstly start exploring the application without jumping to the pen testing tool ofcourse u can make use of browser dev tools. Always look at the path less travelled but sometimes u may find something in the normal path(frequently travelled) as an example Whatsapp bug discovered in 2019 which allowed the receiver to upgrade it to a video call without the knowledge of the individual making the voice call. It was a serious security issue. The reporter was an engineer graduate and made in to the Facebook Hall of Fame 2019.
Twitter handle: @I_m_Saj
can you please do this kind of video for grpc services?
suggest turn off the bgm...sound a little noisy
I am just starting learning about web applications can you recommend me any good book for learning web application architecture and the technologies used. Up untill now i have been reading web application hacker's handbook and searching about the terms on youtube or on google. Do you think it is good way to learn it?
so pretty (explaination)
Have a insight of the place where you are planning to attack and dig as much as possible..
"Persistence is very important. You should not give up unless you are forced to give up" - Elon Musk
@p0i5on8
I loved the way u simplify the concept and deliver that. Your videos are very helpful for beginners and intermediate too.
My tip to hacker is: Always focus the target as it's a fresh one and try all you know. Read and read a lot.
I saw your recent tall and also stok said about you which is great.
I want to practice on pentester lab but lack of money. If i win i will be thankful to you and bug crowd.
That's all from my side
@Cipher_942
Use shodan for looking out of vulnerable IP's of the target to smbv3 (RCE)
I'm not sure if you already did but I think you'd be a great guest via zoom on Paul Security Weekly 😁👍🌞🖖
Bug Bounty Tip: Always use a screen recorder cause sometimes mind works on moments that we miss while writing reports.
Twitter handle:@vivekray903
1.Always read source code and java script files
2. Stick to one program for long time.
3. For beginners start with vdp and start hunting for idor , csrf, xss , ssrf.
4. WebSecAcademy is great for beginners and to get advanced , pentesterlab is also very good.
@hemanth1261
Always focus the target as it’s a fresh one
So you also tech hacking,ceber security course?
My favorite tip is: clear your mindset about bug bounty ( learning > money)
@vs_luther
Favt Bug Bounty Tip -
Trying to get user password reset link:
id=attacker - 200
id=victim - 403
id=victim&id=attacker - 200
Will give victim's password reset link to attackers email.
Twitter handle-X, coz I don't want it😅
IDOR !! it's BOLA in the context of APIs
My bug bounty tip :Clear basic first , then build a good foundation , read write ups and resources where you can build up a good command over topic.
Twitter handle :@think4indie
would you like to tell us that what are your qualifications?
Good content, thanks for share with the community.
As a beginner, all hakluke tips are very useful to me. If I have to pick only one, then this would be my favourite "Never assume anything". Check every feature in the app, DONT assume that the feature might not be vulnerable as many people already tested it or it seems silly. twitter handle: @Thatanos789
New to bug bounty so haven't found much... I have learnt about IDORs and csrf attacks which are pretty interesting... thanks for the videos and help❤️ and if i am lucky then contact me through linkedin(we had a chat recently)
Never throw away your data
Focus on learning one bug class one at a time and go really deep on that bug @ahmedlshnawy2
Always assume that you know nothing and be curious to learn anything.
@TheAmanSanghai
Hi Farha, those are new like me, dont know how to use github repository, could you please make a video to show how to setup lab with github repository.
KING乡Akii you’ll find instructions to set it up on the github repository, it’s different for every lab.
In your early days don't run for money, go for knowledge it will pay you back - Heath Adams(TCM)
Twitter - amoljaiin
My favorite tip from this video was how you used InQL, I had been previously hacking on a graphQL target without using that and it helps so much now. @JoelMonteres
Don't think that company is big so it may not have vulnerability. Big one are mostly like to have it.
@spctr01
Please make a video on RESTful APIs, that would be helpful :)
Be hungry for knowledge, give back to the community, don’t be afraid to fail, and enjoy the ride...
@_vivekkamble_
Awesome video
I like your video Farah, me I know what is that lab you are using? Thanks in advance
ML gcstriker check description :)
@@FarahHawa ohh, sorry. I got excited to msg you and forgot to check the description. hehehe. anyways thank you.
Start from basic. Go step by step. Don't loose hope. Keep trying. @Hardeek_Patel
Today giveaway close waiting for result