Nice video never thought of learning about CSRF now added to my check list. thank you :) ..... and if anyone searching for a POC generator. here i found one github.com/merttasci/csrf-poc-generator
Thank you very much sister! When I am seeing this video, got an approach to find the CSRF bug. The thing that I like in this video is - example reports that you shared. They helps a lot in understanding the bug and approach. Thanks again and Happy New Year🎁🎈🎊🎉😀
Anyway you can make you microphone a bit louder? I’m having trouble hearing sometimes. Your videos are awesome keep doing what your doing and your subscribers will sky rocket! Also, some more content discovery/enumeration videos would be awesome! Thank you for your hard work.
Yup I hear the feedback about the mic, I’ve fixed this in future episodes. Thank you for your kind comments the recon series is coming really soon :) and we will cover subdomain enum, api enum, how to find bugs when you have all that data etc
I’m feeling a PTSD-like consequences of this channel (apologies for dark humor, I know it’s a serious illness but I needed this reference to make my point of how good all your vids are). Just found it and binge watched it fully (even saved this series on my gdrive and usb. Full access all the time). I’m not saying we need more girls in IT but damn I am saying now we definitely need much more girls in IT. I’m a wannabe bug bounty hunter but there’s much more bug bunny 🐰 than bounty in my hunting. How come you’re not filthy rich by just making this amazing content. I’ve watched so many bounty hunters’ vids I feel like I personally know most of them... all the courses the wide interweb (sic) has to offer... yet for the first time really understood the basics of this entire industry although I am trying hard (not so often though ... gotta do the stupid “work” stuff every weekday unfortunately;) on all the hackerone challenges and bounties (and much more definitely). I do have a question though. If you could recommend one ☝️ course or (even better) certification to someone (besides your channel) what would it be? For working class, not students... (Sorry for the rant but you caught me off guard with the quality and clarity of your videos)
I’m really fortunate that my full time job is a PhD student so I’ve had the opportunity to go to teaching courses and teach students which really helps my content. I’m still learning a ton about how to explain things, how to break them down etc. Academia is not where you go to make money ;). To answer your question; I don’t think you need a course or to spend ANY money to start bug hunting. If you made me choose I’d pick maybe Pentester Lab (paid) OR Portswigger labs (free) or invest in something like the OSCP where it’s almost universally recognised in the security industry. But honestly I didn’t spend any money learning and I don’t think money should be a barrier to education. Ps one of the reasons I’m so passionate about diversity in security is because diverse people bring diverse thinking and being able to look at a problem from another POV is invaluable to security.
Madam thank you so much for this educational content, I really find it so motivational that a lady is explaining concepts in a practical and informative way. I am not sure what is happening to your DM but im still hoping you come back to discord. Thank you :)
I have questions always open on my curious cat! I'm trying to figure out how to best do a discord community for you all. If you ever have any Qs you can always ask on twitter, I'll follow you back and DM you :)
I have a question ... I already have the knowledge on IDOR, CSRF vulnerabilities but I need to practice .. like chess ... I am happy there are softwares I can practice on relating to chess ... because I can test out ..reaarange..apply...try out anything I have learnt ... so saying that .. are there any websites or softwares I can buy that has like 100's of IDOR vulnerabilities that I can use Burp on and practice all night?? Thanks.
Yup, I’m going to do a “Finding your Next Bug” series that builds on what everyone has learned in this series, and “Bug un Focus” all about breaking down difficult and complex bugs for a more beginner audience, plus a series on recon :) lots of plans coming for 2020
ma'am can you please make one video for XSSI and JSONP. one hacker found bug on paypal (User password leak) using XSSI. please include this vuln in your next series. :)
Feel free to reach out on twitter if you want to send a private message twitter.com/insiderphd or via curiouscat (questions only) curiouscat.me/InsiderPhD
Nice video never thought of learning about CSRF now added to my check list. thank you :) ..... and if anyone searching for a POC generator. here i found one github.com/merttasci/csrf-poc-generator
I pinned your comment thanks for the great resource!
OWASP-Zed Attack Proxy (ZAP) creates a CSRF POC very nicely. And it's free!
Awesome content! They'll definitely have to renew my work contract when I hit em with this new knowledge 😈
Thank you very much sister! When I am seeing this video, got an approach to find the CSRF bug. The thing that I like in this video is - example reports that you shared. They helps a lot in understanding the bug and approach. Thanks again and Happy New Year🎁🎈🎊🎉😀
Anyway you can make you microphone a bit louder? I’m having trouble hearing sometimes. Your videos are awesome keep doing what your doing and your subscribers will sky rocket! Also, some more content discovery/enumeration videos would be awesome! Thank you for your hard work.
Yup I hear the feedback about the mic, I’ve fixed this in future episodes. Thank you for your kind comments the recon series is coming really soon :) and we will cover subdomain enum, api enum, how to find bugs when you have all that data etc
I’m feeling a PTSD-like consequences of this channel (apologies for dark humor, I know it’s a serious illness but I needed this reference to make my point of how good all your vids are). Just found it and binge watched it fully (even saved this series on my gdrive and usb. Full access all the time). I’m not saying we need more girls in IT but damn I am saying now we definitely need much more girls in IT. I’m a wannabe bug bounty hunter but there’s much more bug bunny 🐰 than bounty in my hunting.
How come you’re not filthy rich by just making this amazing content.
I’ve watched so many bounty hunters’ vids I feel like I personally know most of them... all the courses the wide interweb (sic) has to offer... yet for the first time really understood the basics of this entire industry although I am trying hard (not so often though ... gotta do the stupid “work” stuff every weekday unfortunately;) on all the hackerone challenges and bounties (and much more definitely).
I do have a question though. If you could recommend one ☝️ course or (even better) certification to someone (besides your channel) what would it be? For working class, not students...
(Sorry for the rant but you caught me off guard with the quality and clarity of your videos)
I’m really fortunate that my full time job is a PhD student so I’ve had the opportunity to go to teaching courses and teach students which really helps my content. I’m still learning a ton about how to explain things, how to break them down etc. Academia is not where you go to make money ;).
To answer your question; I don’t think you need a course or to spend ANY money to start bug hunting. If you made me choose I’d pick maybe Pentester Lab (paid) OR Portswigger labs (free) or invest in something like the OSCP where it’s almost universally recognised in the security industry. But honestly I didn’t spend any money learning and I don’t think money should be a barrier to education.
Ps one of the reasons I’m so passionate about diversity in security is because diverse people bring diverse thinking and being able to look at a problem from another POV is invaluable to security.
These are always Awesome-Sauce! Thank you!
great content. thank you so much. volume is very less though; pl look into it. thanks again.
Great Series Kate Learned a lot .......Thank you So much ........Much love from community
thenk you so much for this and the whole series too :)))
start find your second bug ma'am
Holy shit just found your stuff. Amazing content!
Thank you so much
is logout csrf have any impact?
Madam thank you so much for this educational content, I really find it so motivational that a lady is explaining concepts in a practical and informative way. I am not sure what is happening to your DM but im still hoping you come back to discord. Thank you :)
I have questions always open on my curious cat! I'm trying to figure out how to best do a discord community for you all. If you ever have any Qs you can always ask on twitter, I'll follow you back and DM you :)
@@InsiderPhD Thank you very much, I actually followed you yesterday my handle is @chain_of_command :)
I have a question ... I already have the knowledge on IDOR, CSRF vulnerabilities but I need to practice .. like chess ... I am happy there are softwares I can practice on relating to chess ... because I can test out ..reaarange..apply...try out anything I have learnt ... so saying that ..
are there any websites or softwares I can buy that has like 100's of IDOR vulnerabilities that I can use Burp on and practice all night?? Thanks.
You can check out OWASP Juice Shop owasp.org/www-project-juice-shop/
Awesome ⚘ Thank you
Thanks for this again.
Great video as usual, I'm excited for the last one. Do you plan on making more content after this series is finished?
Yup, I’m going to do a “Finding your Next Bug” series that builds on what everyone has learned in this series, and “Bug un Focus” all about breaking down difficult and complex bugs for a more beginner audience, plus a series on recon :) lots of plans coming for 2020
@@InsiderPhD That's fantastic! I know I'll be watching
@@InsiderPhD Amazing I would love to watch them
First bug in focus is next week, we’re chatting about RCEs and how to find them with a bonus chat about CVEs and how to find + exploit them
thank you
ma'am can you please make one video for XSSI and JSONP. one hacker found bug on paypal (User password leak) using XSSI. please include this vuln in your next series. :)
Definitely will!
Your voice is very cute but....its very low...please increase the volume
Sorry for that! It's fixed in later episodes :)
@@InsiderPhD could u please help me ....i am very confused ...how i start doing bug bounty...
19:11 CORS
Ma'am please start your discord channel .
Soon I am trying to figure out the best way to set it up :)
🦋
Plz discord channel mam
Soooon, I am trying to figure out the best way to set it up :)
i CAN'T HEAR UR VOICEE , please increase the VOLUME VOICE IN NEXT VIDEO :))))))))))))))
I'm so sorry! I will fix this in the next video!
@@InsiderPhD thank you ill wait ur next video :)
Too quiet, turn up your mic or something
thank you so much
Ma'am i have a query regarding the privilege escalations ?
Feel free to reach out on twitter if you want to send a private message twitter.com/insiderphd or via curiouscat (questions only) curiouscat.me/InsiderPhD