Damn I watched "How to start Bug Bounty 2023" last year, passed my PJWT cert this year, found recently my first bug, but I'm still gonna watch this year edition, always something new to learn!
Hi! Congratulations on your PJWT certification. I have a question to ask you. When you finished "How to start Bug Bounty 2023" last year, what did you do next? Because right now, I'm a bit lost. I don't know where to learn new things and where to practice for free. Hack The Box seems interesting, but it paid. If you can help me, thank you.
At 8:03:33 "i:0" works for the access token because the server is comparing the access_token that is in our cookie to a valid one on the server. When it compares the two it uses the "==" operator. This operator behaves differently in PHP, basically our token is stored as a string normally, but if we modify the token in our cookie it to be an integer 0, it will cause the server to compare an integer to a string. PHP is weird in that it automatically tries to convert strings to integers if you ever try to compare the two with the "==" operator. If the string happens to start with a nonnumerical character it'll just convert the string to the integer 0. So 0=0 will evaluate as true and the access_token will be valid.
In addition to this, whenever a string is compared to an integer with the operator "==" in php it checks if the first character is a letter if it is. If so, It ignores the other character and takes the first character as it value to compare. So if the first character is 2 in the alphanumeric string in this case , 2 will be taken as the value and be compared to the number. If there isn't any number at the beginning and the string is compared to a number then php will assume the string is zero in other to compare it with a number.
Many many thanks for this. This is awesome. I would prefer each chapter as a separate video in a playlist as trying to work along at the same time searching the timeline is a nightmare.
ive learned alot from the key group of ethical hackers who make content but your full free guides take the cake man! appreciate the time you all put in!
You read my mind man, thanks sir your content can't be matched on youtube, we're really glad that you provide such a quality content. Going to complete in two days anyhow, thanks a lot man : )
I just got into hacking a few months ago, and your videos have been a massive help to me. I have yet to get into the bug bounty hunting process, but I'm excited to get started! Thanks for the impressive guides!
6:03:53 , You should use -T4 or -T5 for slow scan not -T1 or -T2, it would run it even faster and make it obvious that you are scanning through their network.
8:03:28 0 == "Example string" // true In PHP, when you compare a number to a string using the == operator, PHP will attempt to convert the string to a number if possible. If the string does not start with any numeric characters, PHP will convert it to 0. So, when you compare 0 == "Example string", PHP converts the string "Example string" to a number, resulting in 0. As both sides of the comparison are now 0, the comparison evaluates to true. This behavior is part of PHP's type juggling mechanism, where it tries to make sense of comparisons between different types by converting one or both operands to a compatible type.
Boss, could you please create a comprehensive video series covering advanced topics such as advanced time based blind SQL injection injection, XSS, LFI, RFI, and RCE, including the process of uploading web shells on Apache and IIS web servers in live website scenarios? Traditional platforms like test.vulner, DVWA, bWapp, PortSwigger, etc., fail to address real-world challenges like identifying origin IPs, DNS brute force attacks, reverse IP lookups, WAF/IDS/IPS circumvention, AWS/CDN/Tor, reverse proxies, and CMS security 🤙. Your unique content would be invaluable in educating the bug bounty hunting community about genuine issues and solutions. Thanks in advance for your contributions to the community.
yeah i think there should be a real world example cuz after doing these courses we often face the difficulties that whenever we try to go for bug bounties we have seen that we are far behind to find a decent vulnerability i myself is now trying out burp suite labs to get some professional way of finding bugs i hope to get a better video or place where i can train myself to find decent vulnerabilities
thanks thanks thanks every detail of the update version of the previous version of the 11 hr course was written by hand the lines of code and references basically a lot of incredible stuff was written, I hope you read it because you are helping a lot with my work thanks we will still hunt a bug together I will be active thanks for the content really wtf bro this new version of yours is advanced vision a hug I hope you read it, a hug from a bughunter thanks again golden content
2 hours 31 minutes and 4 seconds into this video you realized you were going to info dump about the backspace idor and cut it ......but that info could have been so valuable....... i support the rambles on this journey lol hopefully that'll be me one day
"cat file | grep something" ... could be "grep something file" , the leading cat is a habit i got into too, so i understand, but its just extra typing :)
really appreciate this course if youre still looking for suggestions would love to see more in depth and advanced videos on JWT hadnt ever really encountered that topic till now and its pretty cool. are these becoming prevalent in the wild?
Hello. Thanks for the video! I have bought and am about to start your Complete Ethical Hacking Course | Bug Bounty on Udemy. Would you recommend this or the one on Udemy considering this is recently updated? Thank you
Sorry if this is a dumb question but by the end of this course will it be enough to prepare somebody with no prior cybersecurity knowledge to catch their first bug? Thanks and love your channel btw u earned a new sub!❤
at 1:07:11 it shows only sub-domains in the results here, but when i do the exact same line of code with the same flags i get lots and lots of different stuff in it too. like MX and NS servers, ip's, mac adresses , and like a 100 lines of results. There's no way i can copy/paste all of those easily by how it prints. Why is my output different? Anyone please help!
I would call this more like a demonstration rather than a course. There is a lot of good info, but a lot of it is not laid out in a very comprehensive method. For example, in the LFI section he talks about the process leading to directory traversal, but never explains what that is.
in my opinion this is baby steps man, whatever you don't understand just look it up, google will provide all the information you need. I watch and will rewatch until I understand every aspect of what I am learning. Knowledge is everything !!!
This is excellent content but if it doesn't answer your Burp question, rs0n_live has a recent, thorough video "Everything You Need to Know About Burp Suite." 😁
Hi, could you please do live bug bounty on vdp that would be really learning experience for us and we would know how a experience bug bounty hunter start a recon and then proceed further
Damn I watched "How to start Bug Bounty 2023" last year, passed my PJWT cert this year, found recently my first bug, but I'm still gonna watch this year edition, always something new to learn!
Hi! Congratulations on your PJWT certification. I have a question to ask you. When you finished "How to start Bug Bounty 2023" last year, what did you do next? Because right now, I'm a bit lost. I don't know where to learn new things and where to practice for free. Hack The Box seems interesting, but it paid. If you can help me, thank you.
what type of bug?
@@Nckstr983 I've found Reflected XSS with ATO
@@Nckstr983 Reflected XSS with ATO
Just curious what your first bug was?
11 hour course and It's free, you are god send sir, thank you so much.
At 8:03:33 "i:0" works for the access token because the server is comparing the access_token that is in our cookie to a valid one on the server. When it compares the two it uses the "==" operator. This operator behaves differently in PHP, basically our token is stored as a string normally, but if we modify the token in our cookie it to be an integer 0, it will cause the server to compare an integer to a string. PHP is weird in that it automatically tries to convert strings to integers if you ever try to compare the two with the "==" operator. If the string happens to start with a nonnumerical character it'll just convert the string to the integer 0. So 0=0 will evaluate as true and the access_token will be valid.
In addition to this, whenever a string is compared to an integer with the operator "==" in php it checks if the first character is a letter if it is. If so, It ignores the other character and takes the first character as it value to compare. So if the first character is 2 in the alphanumeric string in this case , 2 will be taken as the value and be compared to the number. If there isn't any number at the beginning and the string is compared to a number then php will assume the string is zero in other to compare it with a number.
Awesome contents! Bravo . Been going through your 😢 past courses on your bug bounty for the past couple of days while going via the HTB CPTS . Bravo!
Many many thanks for this. This is awesome. I would prefer each chapter as a separate video in a playlist as trying to work along at the same time searching the timeline is a nightmare.
ive learned alot from the key group of ethical hackers who make content but your full free guides take the cake man! appreciate the time you all put in!
Thanks man I usually don't watch this kind of content, but after seeing the length of it I got intrigued and now I'm half an hour in😅
Thank you for your hard work and quality content that you share with us
OMG, this is a massive course. Thank you so much for all your effort and commitment with our community.💗💓💖
You read my mind man, thanks sir your content can't be matched on youtube, we're really glad that you provide such a quality content. Going to complete in two days anyhow, thanks a lot man : )
I just got into hacking a few months ago, and your videos have been a massive help to me. I have yet to get into the bug bounty hunting process, but I'm excited to get started!
Thanks for the impressive guides!
How?
6:03:53 , You should use -T4 or -T5 for slow scan not -T1 or -T2, it would run it even faster and make it obvious that you are scanning through their network.
But T4 or T5 can be detected by target's security system.
I think T0 or T1 is safe.
Since you have reached this minute of explanation, is the explanation good and worth watching, and do you have any advice for a lost beginner?
Thanks for your hard work
for this version, and the 2022 version.
This is truly amazing . Thank you sir for the video
5:34:52 It's not recommended now to use var to declare a variable in javascript. Use let instead.
8:03:28
0 == "Example string" // true
In PHP, when you compare a number to a string using the == operator, PHP will attempt to convert the string to a number if possible. If the string does not start with any numeric characters, PHP will convert it to 0.
So, when you compare 0 == "Example string", PHP converts the string "Example string" to a number, resulting in 0. As both sides of the comparison are now 0, the comparison evaluates to true.
This behavior is part of PHP's type juggling mechanism, where it tries to make sense of comparisons between different types by converting one or both operands to a compatible type.
Boss, could you please create a comprehensive video series covering advanced topics such as advanced time based blind SQL injection injection, XSS, LFI, RFI, and RCE, including the process of uploading web shells on Apache and IIS web servers in live website scenarios? Traditional platforms like test.vulner, DVWA, bWapp, PortSwigger, etc., fail to address real-world challenges like identifying origin IPs, DNS brute force attacks, reverse IP lookups, WAF/IDS/IPS circumvention, AWS/CDN/Tor, reverse proxies, and CMS security 🤙. Your unique content would be invaluable in educating the bug bounty hunting community about genuine issues and solutions. Thanks in advance for your contributions to the community.
Boss he is making for beginners not for advance people
Try Harder
But boss those beginners will need advance topic some day @@AnonymousYW25
yeah i think there should be a real world example cuz after doing these courses we often face the difficulties that whenever we try to go for bug bounties we have seen that we are far behind to find a decent vulnerability i myself is now trying out burp suite labs to get some professional way of finding bugs i hope to get a better video or place where i can train myself to find decent vulnerabilities
Boss trying to flex with reverse ip lookup lol
OMG 12 hs free. You are awesome man. Thank you very much!
Wow i just got about an hour into your other bug bounty course and was loving it. Now time to switch to this course 😂
Being a hacker is like making some hidden ads with Monster energy drink! :))))))))) thanks for this course!
ty man gonna watch it throughout the next two weeks or so
Currently on the bash scripting part. Made till this far. I would just say a single word for this course and it is : marvelous
thank you so much for this! will have to watch it again for full video, after AOC
Thank you Ryan John 👏
Ryan John is a good man; and thorough.
Yep, he’s a very very good man! And so say all of us!! 😂
thanks thanks thanks every detail of the update version of the previous version of the 11 hr course was written by hand the lines of code and references basically a lot of incredible stuff was written, I hope you read it because you are helping a lot with my work thanks we will still hunt a bug together I will be active thanks for the content really wtf bro this new version of yours is advanced vision a hug I hope you read it, a hug from a bughunter thanks again golden content
Thank you very much this course is the best ❤
2 hours 31 minutes and 4 seconds into this video you realized you were going to info dump about the backspace idor and cut it ......but that info could have been so valuable....... i support the rambles on this journey lol hopefully that'll be me one day
Great content... Great to explore for beginners
Thank you for this!
Thank You a lot for all Your effort!
Thank you for such a great work 😊
You are the best
Thanks for the course!
11:09:45
Condition operators
ge - greater or equal than
le - less or equal than
shout out to you man, thanks for providing this good content
GOAT!!! 🔥🔥🔥
You are really awesome Man👍
Wow, not many people share this amount of content for free on youtube! I am subscribing just for that!
Sir could you do something to zoom the things you are doing like: Writing Kali Linux commands and showing url?
"cat file | grep something" ... could be "grep something file" , the leading cat is a habit i got into too, so i understand, but its just extra typing :)
Awesome 👍
thanks for all your hard work
Really appreciate your content.
Can i be able to discover bugs in bug bounty programs after i watch this course.?
really appreciate this course if youre still looking for suggestions would love to see more in depth and advanced videos on JWT hadnt ever really encountered that topic till now and its pretty cool. are these becoming prevalent in the wild?
Salute.... Thank you so much
Does this course cover the basic principles for beginners?
yes
Yes, it's actually for beginners happy learning happy hacking.
Thank You so much for your generosity 🙏❤️
MASSIVE, thanks a lot! Will you update your existing Udemy course as well? Or create another one? :) Thanks
This is awesome! Thanks man.
God bless you Boss
Thank you very much for your great effort!!
you have that first mentioned nmap tutorial?
Should I watch the previous version of the bug bounty or just this one ??
only this is enough
How did you achieve that smooth camera movement in this video?
Brother, is this a course for beginners? What will I benefit from when I complete this course?
Knowledge
This course is designed for someone who doesn't know anything and wants to get started in cybersecurity.
Should I finish this one first before taking your course in Udemy?
i finished the old one , should i watch this again?
I wouldn't. Just check out the section on API's that will probably be the most benefit from this course vs the old one.
Is it a nice video for begginers who know how to do basic things with linux ?
This course is designed for someone who doesn't know anything and wants to get started in cybersecurity.
@@ryan_phdsec damn! exactly what I need.
Thank you so much❤
Thank you sir ❤
Can we get those slides?
between your udemy course and this one, which one should I do first or if someone could give me some guidance?
This one its free
Can i start with this course ? am a beginner in the field , I’ve studied ccna and have some security basics, thank you for the answer
yes you can. even the explaination given by this man is easy to under stand and awesome so you should go for it.
Please I want to download your Udemy bug bounty. But it isn’t updated over there, what do I do, or can you please update it?
What about Prototype Pollution?
While I am using postbox after forwarding and signup it is not showing anything
Amazing content
Great video
Bro you saved us really time and money thnx man.
thank you in my bottom of my heart
This is GOLD 🤯❤
Do you have a bug bounty pathway you recommend?
hi i was following you video and i have a question is it better to use nmap or another tool call rustscan thanks love the video i learnt a lot 😄😄😄😄😄
Man you legend...
Hello. Thanks for the video! I have bought and am about to start your Complete Ethical Hacking Course | Bug Bounty on Udemy. Would you recommend this or the one on Udemy considering this is recently updated? Thank you
which one did you later go for??
Legend ❤ thanks
hi, when I typed " shodan host (ip address)", it said "403 forbidden". Could you help me on this?
want more content on jwt
hey currently at the jucie shop part, is it okay that I do all of these challenges on my normal desktop(windows) not a virtual machine ?
thanks sir🙏
Bro I love you
Legend ❤
Sorry if this is a dumb question but by the end of this course will it be enough to prepare somebody with no prior cybersecurity knowledge to catch their first bug? Thanks and love your channel btw u earned a new sub!❤
at 1:07:11 it shows only sub-domains in the results here, but when i do the exact same line of code with the same flags i get lots and lots of different stuff in it too.
like MX and NS servers, ip's, mac adresses , and like a 100 lines of results. There's no way i can copy/paste all of those easily by how it prints.
Why is my output different?
Anyone please help!
oh its an older version on display, i wonder how i would go about on the latest version
I would call this more like a demonstration rather than a course. There is a lot of good info, but a lot of it is not laid out in a very comprehensive method. For example, in the LFI section he talks about the process leading to directory traversal, but never explains what that is.
Do you recommend or know more advanced resource?
I want to start in the field of cybersecurity, how to follow the roadmap, please answer me,thanks !
I am a Newbie. Is this a beginner friendly course? I mean what things should i know before jumping into this course?
Btw, thanks for the course 🖤
hey i would love to know if i should follow this course only or take the one from tcm security
If you want to be a penetration tester do TCM.
Thank you very very much!
Thanks
need some videos on splunk
Where would I find tutorials from a newbie perspective in a form of baby steps?
in my opinion this is baby steps man, whatever you don't understand just look it up, google will provide all the information you need. I watch and will rewatch until I understand every aspect of what I am learning. Knowledge is everything !!!
Amazing video. A request. It's 2024 almost. Can you please make the videos in 4k? Sorry if it sounds rude. :(
Tnx sir how to be install burp suite ??
This is excellent content but if it doesn't answer your Burp question, rs0n_live has a recent, thorough video "Everything You Need to Know About Burp Suite." 😁
is this for learning Bug Bounty Hunting?
hmmmmm
Hi, could you please do live bug bounty on vdp that would be really learning experience for us and we would know how a experience bug bounty hunter start a recon and then proceed further
Now am on 3hours I hope to find my first bug in 2025
amazing please put proxy config tutorial at the beginning of this video to avoid ip-ban as one follows along.