I Hacked Into Red Bull // Bug Bounty Stories

Oh dude! Man I love this kind of content. I’m having nostalgia of the red team days. Love the pacing, and the walkthrough. Keep it up!

please make more videos like this. it's one thing to see tutorial videos that go over the basics but it's another to see a master at work
we can learn so much from videos like this
btw thanks for taking the time to make videos like these

This is gold, man. Thanks a lot. More on this, please!

please make more videos like this really loved it

Absolutely loved this 💞

I was waiting for this video when since when I saw your post on twitter hahah!! Thankss!!

Thanks Nahamsec. It was really a thorough explanation of tomcat exploitation. Loved it. Need more contents like this.

Excellent video loved it learned a lot
thanks for sharing

Gold content! Thanks you Naham!

Really cool bug chain! Thanks for the video!!

Good tips. Thanks nahamsec :)))

Dudes content is just amazing tbh

ben you doing GREAT content, I'm really learning from you and i really enjoy what u do for us

Amazing content broo...🔥🔥

Fantastic sir you always rocks with wonderful contents 🤩🤩😎

This is amazing 🔥🔥

Great content I want know more bugs and techniques like this content 😎😎😎

excellent content !!

that so was cool 🔥🔥
I learned various things. thank you❤

All the content you make is awesome sir! Apart from that, I would love to see what are all the tools hackers usually use, how they use them, but I think you already have videos on that

Congrats, bro! 🎉🥳I'm a lover of Red Bull, and the ingredients are confirmed vegan on their site, so I've enjoyed them in recent years as a vegan. Thanks! Shalom. Salaam.

this is very nice content kindly do more of this.

Hi Nahmsec,
Thank you for all the encouragement you provide in your videos to beginners as well as the insight you consistently share. As a beginner getting into Bug Bounty Hunting, I am still a little confused about how DNS can be leveraged for both enumeration purposes, and a potential vulnerability. I know Stok has a video where he describes how he has his own DNS/BIND server to help with his target enumeration. Would you be willing to do some videos explaining how DNS should be leveraged for enumeration? I am specifically thinking about domain transfers etc. I have had a difficult time finding any videos which provide a detailed explanation for a beginner regarding this topic. Thank you for all your content and your contributions to the community, I hope to see you at Defcon next year!

hey there nahamsec love your content alot but i really want you to create a series of every vulnerability you are master in from beginner to advance playlist Thanks

Great content. Please keep making this sort of exploitation videos. Will be great to know why you decided to go after that login and not other pages and how long did it take for you to do all the process when you did it. Thanks!

Wow Nahum. Much respect. I am really excited to watch your content. How did you get from Zero to hero :( I think i am just before zero. And dont know where to start. Love your content bro.

cool, definitely like it

Thanks NahamSec

Thank you for this vid

Great video, sir. Please upload videos line these

I really like how Jason Haddix did a a video regarding Bug Bounty Methodology. Would it be possible to make a video which takes a synthesizes the approach in like a shorter video. Basically could you just break that down for us in a shorter video so I could see the forest from the trees kind of approach. I have the sense that methodology is super important. Thank you for everything you do and all the content you provide!

Congrats Ben on another Fantastic Bug Bounty find. I am busy with BBs and CTFs however they always seem to tire me out. What's your advise on how to find the correct methodology regarding exploit? Do you just decide ok let me try XSS or Brute force, Would be great if you could share a video on this please.

As someone who works in tech and software testing myself, I'd be interesting in your opinion on the following question: What would you expect of the inhouse security testing team of a software company before their software gets released? Would be a little bit a different video but maybe there's more people like me that might be interested in it. Thanks again for the bug bounty stories, always dig those.

More content like this, please!

I found this useful however trying to do this in a site where tomcat is on 443 is difficult..But hey love seeing your work keeps me motivated. Wish I can say this is easy work but from a noob to expert this is hard work havent sleep good in last 3 days Im trying lol.

thanks for sharing

0:20 live Bug Bountyyyyyyyyy !!!!!!!!!!!

Very insightful! Thanks for sharing

Man it will be helpful you make a video specifically on using burpsuite when doing bug bounty

please drop a video on effective fuzzing or creating wordlists in 2023

We would love to see you live hunting bugs😊

Very helpful

Awesome sir

Niceee 🔥

This type of content are really helpful :)
Any giveaway for Udemy Bug Bounty course ?

can you please make a video about impostor syndrome when new bug bounty hunters doesn't find a bugs.. main thing about this is they have started on wrong foot.. way too busy only watching RUclips vids not putting work on actual program and jumping programs to program thinking they will find bugs as soon as they switch a target.. so main thing is sticking to a good program and learning the app.. if you can help on this area like impostor syndrome will be good help, because they will listen to you

Please make a course on Master Bug Bounty in 2024

About question I would really like to know about privacy while bug hunting, should what setup most efficient like VPN+proxy chain and what do you particularly use?

I have bruteforced with the password list given in the lab , also some common password list, still haven't got the password.

future content Enumeration, Exploitation and persistance techniques

you didn't talk about bypassing the 403

Hi, nahamasec
This is amazing and cool write up❤, thanks for sharing, actually it'll be more interesting to have more of this kinda write ups.

Talk more about recent vulnerabilities you've found, without disclosing the program name if private

What would you do if you were forced to work in a blue team?

You said that we can find many bugs by learning how to work with reverse proxy
Please make a video on how reverse proxy works

War file is not uploading, how to get rce?

But how much redbull did you get

How to bypass 403 error? cuz when you get that error there is no login page!

You can do more business logic errors.

Not showing the brute force wth

wow

more content for beginners

🤣🤣🤣🤣🤣🤣🤣🤣🤣

:0

first one 🎉

API LIVE HACKING

First

@nahamsec. Any success with DNS rebinding you could share?

Heya!
I'm glad you found Jolokia Exploitation Toolkit useful! 🫡🌹
Remember to sponsor open-source offensive projects.. Or infosec content creators (stream/video/podcast) ? 😇🍀

how u found password for instance on :8080?

Im Sorry but where Is the First flag, i took the second by uploading revshell in .war
It seems there Is no way to take the second flag