Recon in Cybersecurity course: bit.ly/cybersecrecon Python for Pentesters course: bit.ly/2I0sRkm Python Basics course: bit.ly/37cmhlx Hands-On Training with PentesterLab PRO: bit.ly/awesomepentester For coaching in pentesting and bug bounty: dgtsec.com/cybersec-pentesting-training/
actually im too stuck in some bullshit and make that mistake again and again, almost 2 year(1 and 8 months) of my time i waste on some f-vid , in late 2019 i stated again but this time i have a goal , being a 'pen tester' currently im not learning too much , only a hour or so, but now im asking myself , what i want to be, bc now i realize how IT is big, and i just need some tips, sorry for my poor English/comment bye
@l , that's the most solid advice I ever got. However, you said bare metal and I feel like I know what you mean but I really need to be exact on what you mean. You mean make install Kali on a dedicated device as the only OS. A dedicated Kali Linux machine basically?
@@CristiVladZ Eh, it's good, but it helped me see how far ahead I am than most cysec people because I am interested in operating systems and tinkering, and not the abstract idea of 'cybersecurity'. I originally started out in cysec, but in doing that I found a new passion in OS development, too the point that I'm trying too create my own OS on top of a microkernal I like. All these people are doing are learning crap like Hack the box. All that canned shit is going too do is teach you how too be a soydev script kiddie. Instead of doing all that, install gentoo, become a power-user, make your own server, practicing hardening and attacking it. *Thats* how you get good. If you want too be a good Cysec guy, you *must* be very passionate about computers for computers. I don't even do this for a job, its just a hobby, you must be at that level too actully succeed.
@@thegreatnihil7854 Wow, ive never seen a gate-keeping/humble-brag hybrid before, your statements are not entirely true, there's many roads to success, just look at the diverse background and skillset of the most prolific hackers on hackerones leaderboard and listen to their journey into cybersec - some were deliberate, someone were completely by chance, and some were just tinkerers from a young age . And also, you don't need passion to succeed in this, that's something that's constantly regurgitated by people in cybersec and comp-sci (looking at you game-devs) you need hard-work, perseverance and a good foundation to build upon, passion is a bonus but definitely not a prereq for success. P.S almost every "l337" starts off as a script-kiddie.
"The never ending beginner courses"- The most truth you've told. Internet is full of beginner things, because those instructors don't know above beginner level. The pro levels are busy with their work, they don't show off
not because the instructors but influencer, those ppl are just exploited for money so they keep attached to that "beginner content" keep buying courses/merch, instructor and influencer is different, there is a lot of harvard free youtube that teach u IT but nobody interested their vid always boring because that is the point of learning IT field, u need to get used to boring/frustate stuff cybersec or not they are just matter of creativity, instead of doing hacking u ppl make IT memes, being edgy, keep learning the same courses and procastinating, if they actually support ur productivity u might be most likely less attached to them/problaby quit the community because u gain more, if u were not, that is bad influence.
I recently decided to stop reproducing steps from tweets or hacktivities on random targets and start studying android app development and thus go into android app hacking. On watching this video I'm more motivated. Thank u
This is the actual Truth about Bug bounty, Many peoples Mostly teens join this field because it is low barrier and think they can also find bugs like that person on Twitter who said "RCE in 10 min", "P1 in 5 min" all these guys show there Reward like they got xxxx$ bounty but never reveal how much they worked for that 5 min finding how much time they spend for that 10 min RCE, i don't know but many people mostly popular hackers on social media Represent this field as something Fancy rather than showing how hard it is................
I'm studying to become a fullstack developer to get just enough to pay for my rent and live by myself. Then I will keep learning to become something better. Your advice is so much true. The more boring is the content that we are currently studying, the less people will do it, and the more we might get payed for it. Don't ever give up.
@@maximkulakov5359 I learned a lot. Working for a startup now. Revenue is decent. I must have applied to 2k jobs and got rejected by almost all of them. I feel bad for anyone starting now.
Realest vid on bounties ever. Too many people watching the regular type of vids expecting to become millionaires overnight. Well done for adding perspective 👏
The most honest video, there was a teacher from a US university who mentioned what you've said during a talk and one of his slowest student ended up becoming a key player because he was writing down on paper to visualise all of his attacks/defense code to be executed before putting them into practice, correcting them and fine tuning them which has paid off because his knowledge is invaluable now.
So true, me as someone that owns a software company and writes code every day, working with different languages and tools. I feel like finding out many details and problems about the things you are hacking, such as reading and fully understanding how things work at a low level is so valuable. Its true, the experts are busy working, be it hackers or programmers, this industry needs people that are ever evolving towards being better and thats why so many dont make it.
ALL that has been said in this video is 1000% correct. I can vouch for that. BBH is apparently HARD. From my experience as a person who has started doing it quite some time ago, it requires LOTS of up-skilling. Those who say that BBHing does NOT require programming knowledge, then I will tell you that they are LYING. This is a very-well put together video of some hard facts to digest. Thanks for making it. Keep'em coming. Cheers!!
Oh good someone finally said it. Honestly I have several years as a pentester and thus can focus on lesser known bugs/quirks, and write my own custom recon scripts and wordlists and still sometimes struggle a bit to find a bug. The idea you can learn how XSS works and then run a 3 line bash script to find a bunch of XSS bugs stopped being viable in like 2012
@@CristiVladZ Thanks for the offer! I'm not really well versed on the whole youtube video making dynamic right now but am planning on making some educational content in the future. If it kicks off would love to do a collab! Either way thanks for actually telling it how it is, earned a sub from me.
This is something I've been having in the back of my mind for quite some time... When it comes to Web App bug bounty hunting the secret lies in being a full stack web dev and dominating multiple popular stacks. Thanks for that.
Ok, I gonna tell my history: I am 16, I learn programming since I was 10 or 9. Yes, at least 6 years. I started learning game hacking (aimbot and others stuffs), cuz I was always wander me: how tf they do hacks, this is amazing. After billions of Google searches, I found a tutorial about cheat engine (really good tool). I started to learn CE. This use lua script for a bunch of things, so I learned it. After I learn lua, I was able to do simple things like: teleport hack, no recoil, etc. In this point, I had to learn C++, to make trainers and etc (I was about 13 yo). So I did it. I payed an udemy course for less than 5$ (22 BRL). I was able to make aimbot, internal and external cheats. Then, after practice and hard work I learned Assembly (yes, the low level programming language). I am not any expert in assembly, but I can understand and debugging code. My hacks get really better, my knowledge had a bigg upgrade. I started to cracking. With 15 I was cracking others cheats and putting free in a website with ads. I learned a lot with this. When I was about 13, I also started to learn HTML, css, JavaScript, PHP and sql. Since I was a little boy, I always wanted to be a hacker (this may be odd, but yeah, it was my dream), so I was watching a lot a videos showing vulnerabilities like buffer overflow, xss, csrf, etc. This was like a dream to me. So in this year I started with trying to find vulnerabilities in small websites. I found out a lot of them, really cool, I was learning with practice. I found out a storage xss in a game's support website. So I exploited it. I got access to GM account and etc. It was really amazing for me. I also learned a lot. After some time 'having fun', I realise that it was not ethical. I already knew this, but this time it really grab me. I thought a lot about it. I really love to learn game hacking, pentest and hacking stuffs, but it was just not ethical. So I tried hackerone. In my first website that I tried to hack, I found a XSS storage. I reported it and received $1k. Really cool. It is not much money, since this could execute a massive XSS and hack a lot of accounts, but I it is ok. In this video I realise that I was never like the others. I never followed a path, always made my own. So, try to follow the white way, really. Thanks for read til here!
I am so happy I found this video. Actually I recently stopped spending time on the mentioned programs and instead started learning the languages js, python, php. And listening it from expert makes me happy to be in right direction. Thanks🌹
Hi, @Cristi Vlad, thank you for sharong, I like to ask is there possible to learn JS, Bash, Python in 1 year, if possible how many hours do you suggest we spend to learn those language per day, thank you
So true. I think this applies for a lot of things on social media that promise big payouts fast. We are so used to instant gratification, we see a bug bounty video and think "Hey I could do that too!". People don't realize the time and effort (and expertise) it takes to find even one bug. I admire people who do this and put the work in, I am a programmer myself. But I have realized that I don't have the motivation and dedication to be one of these guys. I have other projects and skills that interest me, which are easier for me to work on in the long run. Great video!
this is true for almost every position related to software engineering, as a self taught web dev myself I know the road is long and lonely. At first I obsessed over the latest "best practices" like it was the words of RNGsus himself but in doing so I took a back seat in the development of my own applications which always made me feel like a beginner. I'm glad to say I broke out of that loop by creating something on my own, it's like removing the stabilisers on your bike for the first time as a child, you almost don't even realise how fast you're going until you turn a sharp corner and crash... That's the moment that defines you, do you get your hands back on the handlebars? or just lie there crying on the roadside?
I don't know which person disliked it but if I could, I would give this video a 1000 likes. Very well said. I have been doing hunting for 2 years but I have always felt that I am not improving. Time to deep dive on each topic and make our own hunting style
I am learning and very much engaged in security for about 6 months, and i fell in love with it, i now know my passion, but again i am struggling cause there is no straight path, i am practising from these beginners platform but your video made sense, i will try things now differently, i will do whatever it takes to reach that level, cause i love hacking.
You are absolutely right. Although, I am a newbie but I have this same goal to find bugs (like business logics error, idor etc) for a specific amount of time and then instead of being sticking to this loop, move on to learn new technologies, tools, programming languages. The idea behind learning all of this is to find some big peice of meat, to automate repeatitive tasks, to build something and so on.
Ive found some leaks and ended up getting a P2 on bugcrowd, which allowed me to find more bugs using the same long hanging fruit technique, and i was unable to find something more technical since the findings were made using google dorks, then tried to find more "advanced" bugs however, the lack of technical knowledge was like a brickwall, now im doing a fullstack course, to understand from the dev side and learn new skills. And theres also another big important side, which is time, usually i preffer working on upwork for example, than waste hours on bug bounty with no pay.
What a lot of people don't understand, is that you need to start by knowing programming in various languages AND be able to make any kind of program you want, to THEN try to use that knowledge to find vulnerabilities. If you don't know how to program and what are the best practices of programming / most common design patterns, you'll never be able to do anything.
Damn i knew this but not found anyone telling about this, you told it and you are my Hero now. But surely you have saved the time of over 19k viewers, you are definitely going to heaven.
This applies to every aspect of the “get rich scheme”. Maturity is when you understand that if getting rich was this easy the entire world would be full of millionaires
TBH, I started getting seriously in information security about a year ago, as a university student. I've found my interest in penetration testing and have basic skills to jump into these things. But, every time I learn something new, more I don't know about it. Deep down, I still feel like a noob in terms of knowledge and skill even though I learn many things for the past 7 years little by little. I'm glad you make this video and speak about the ugly truth in cybersecurity.
This is what which makes this field more interesting not a pro tho. But i am exploring for more then 2 years as of now and felt same half a year back. Keep crawling and a suggestion if you don't mind just take big plain sheets and draw concepts like ddos or osi model and many defination like threat, risk , CIA triad on that and stick that in your room and just look that once a week. And you can also compare that old architecture with new released which will help you alot in understanding new technology with ease. This was what i did and it worked for me. Good luck :)
Yup this is the explanation I was looking for. I started learning the basics of programming as well as Linux. I also used and Kali Linux and messed around with it by watching a lot of RUclips tutorials. This was all done in the past 2 years during my side job. But I gotta say right now I am nowhere near where I want to be in this field. I'm considering switching my goals but I will give it one last go by studying for the oscp cert which definitely is a real one. I'm glad you made this video, cyber security is a maze in which you need to match the pieces. Just takes time but if it don't match then then it's not worth wasting time.
My favorites when a vetted black hat puts an 0day up for sale on forum somewhere on the net, then before being archived all traces deleted then hackerone has some "Magical out of nowhere person who gets a nice payout for s bounty that was never even posted to begin with but it's the same 0day you randomly ran into on that random forum" priceless. Brings a tear to my eye. They grow up so fast. So proud
Basically become a web app developer(no need to be as good as a pro dev. Just know OOP and basics of software design) to become a web app hacker. You never know what mistakes devs can make unless you think like one. Learn system languages and programming plus some assembly and hardware if you want to write your own malware or crack/reverse engineer software Learn networking as much as at least CCNA/network+ but the more you know the better since most security breaches are exploited remotely thus networking knowledge is key. If you had to choose one field to master i guess better chose this one. Learn how CCTV cameras work to come up with a way to hack them. All the available exploits and hackme tricks are public knowledge and patched already, companies need people who can come up with their own exploits so following online tuts gives you the basics but that's it. You can't possible live long enough to master all those topics so pick 1 or two to master and learn the basics of the rest. Do you guys agree?
A lot of fake bugbounty tips in twitter make the beginner keep busy with their oneliner thing and the elite doing the real thing on a bugbounty target and harvest bounty 😂. i love this video
I think the biggest thing people overlook is that in order to exploit a computer, you need to understand the computer. I was very lucky, coming in with extensive knowledge of windows, Linux, python, bash, SQL and html, as well as years of experience. However, I think it's fundamental to understand networking, Linux, windows and a programming language before you should even consider anything to do with hacking
This is was so accurate and well worded. I've seen a huge amount of posts in various communities of people following the path of x, y, z. to get into bug bounty with a goal of pursuing it full time and it's just not realistic for most people.
this is all i wanted to hear.. after months of failed attempts to learn bug bounty hunting, i know where to focus on. those people who says coding isn't important to start, thats a hoax. those people themselves are good coders.
So true. I never completed a single lab or ctf but i still manage to find bugs every month and im happy with it. I just dont want to spend my time doing what everybody does. Why have to learn same thing that everyone is learning when i can learn alot more from google.
@@nikhilt3755 lol when did i say that I'm different from others. Everyone is finding bugs yes true. Why the fuck people want to be limited when they can learn so much from the internet instead of wasting money(yes there are free ones also). I'm not saying people are wasting their time by doing ctf,labs etc. I just said my thing not yours. Please grow up. In some case everyone is beg bounty hunter how come you can say you're not.
Nice work. How did you learn? Cuz I can see there are several types of bugs. Also do you concentrate one a few types of bugs or you check for everything.
@@rujotheone you can use tools for that in beginning but try doing that manually. You can use portswigger.net and also hackerone you can get good web security knowledge on those website.
I see this video 3 month ago and I really upset about my inadequacy it was sound really hard to me starting coding. finally I start 2 months ago and I learned html and css (I know its design language) in this time I realize coding was fun and that motivate me and I am still learning javascript (once I stop learning programming because it was really boring) and soon I will learn nodejs. I am still didn't quit because of learning new things hard and boring. Infact I want to full-stack javascript developer then start bug bounty. I found my way and I am really happy about it I can even spend years programming maybe I will forget starting hacking. thank you Cristi Vlad this video was really helpfull to me I hope the others will start programming. BY the way sorry for my language English is not my native language and I am learning it too :)
OMG! one of the greatest advice that I could ever received. thank you so much mate. I am currently a web developer so as you said, maybe its good for me to start on security source code reviewer since that is what I do most everyday staring at the source code of my team doing code review but not on security aspect. honestly, I am really weak at doing black box testing. so maybe focusing on my strength first will do the job? cheers
i stopped hacking and bug bounty hunting when i took a step back and realised that i didn't really enjoy it, i was doing it because i liked the fact that i could call myself a "hacker" even a newbie one, i know its pathetic but i was at that time, trying to find myself, maybe one of you are right now in the same situation that i was, think about it guys.
@@thwahirmahammed4334 sorry for that, this isn't the goal of my comment but really ask yourself this question not only in bug bounty hunting but other areas of your life too :)
Be unique, make your own path, don't get into trap of advertised online courses of other sites, follow right people , and don't feel shame in asking easy methods too , Every Night on bed ask yourself what you've learnt , it pushes you next day
honestly, got carried away with the good old fashion marketing going on about cyber security for a while, to only find out it was just a boring job like any other, you will end up doing 9 to 5 daily tasks looking for bugs and get paid like any other dude in the industry. they will make it sound cool cause they have a gap and its well paid cause they dont have enough people doing it thats why they wanna make it look like the best opportunity , so they can pay less for the same task and have enough specialised manpower to get rid of you anytime they want
Thank you for this video, I'm just starting out, but there is soooo much beginner stuff out there, someone like me doesn't really know where to go to get some proper learning tools to get into the industry. I will make it to the top, so it's nice to know that if someone can go alone, become competent and get to the top without following the crowd.
Well, don't do any coding or hacking at all unless your motivation comes 90% from the excitement of the moment when you press enter and find out if what you did or thought makes something work - or break. In my experience, people that don't feel that excitement never make it anywhere in informatics. Can be tested easily by letting a person compile Hello World, then tell them to change something and recompile.
i seriously do need help i'm depressed.. ahh i'm about to explode with the thought of what shall i do i'm trying on graphic designing, thinking of getting into ethical hacking and cyber security another here is also related to cyber.. none of the doors are opening for me.. i just graduated highschool and will be joining university i'm really confused on what shall i be studying or stop studying it really harsh ahh MAN!! sorry couldn't find anywhere to express it sorry for my bad grammar
I was almost givin up from that. so something make me watching a last video from a unsubscribed channel and here I am... fullcharged of dopamine again, but genuine dopamine this time like that one what made gohan become super sayajin 2. Thank you bro!
holy shit dude, u just said what i was thinking for like months , i just didnt had the correct words , thanks for clearing it up for me and everyone else
Wow talk about a reality check because i started this Ethical hacker world in May 2020 i sent 4 reports in they were duds my confidence fell threw the floor and i was like a deer in the head wind. I am now taking a step back and learning the foundations of XSS and applying it to the wild and one day hope to earn my first bounty. Of course i dont expect any of this to be easy at all its tough and there are many people out there chasing the same bug. I do listen to other bug hunters take their advise with a grain of salt and apply it to me and see what works and what doesn't. I also been told dont rely on tools and become nothing more than a "Script Kiddie". This was a honest video that does not magically coat the world of bug bounties this made me wake up the reality and how i failed to earn anything so i need to figure something out.
@@CristiVladZ Thanks man for the confidence boost. As a former data scientist I can tell you there is no comparison this is harder but also more fun. I know one day with patience and persistence I will earn my first bounty. Also I am only specializing in one bug not all of them.
Thanks for the honest advice, now i get a clear path about where should i start i want to be a webapp pentester so im going to master web development and js first ✌️
Totally agree with you. Someone I found whom i can relate more - otherwise most of the people who got in security are mainly driven by the money. Interest is the first thing which require in bug bounty. I am pretty sure, people who have interest should have found this true and informative.
In india almost 80k bug hunters created there profile on bugcrowd in 2019-2020 that happened because some silly hunters and institution providing such stupid courses in which they giving there students unresolved reports for points . Cheap courses in 500rs, 2000rs. Like courses are easily available in which they don't clear the basics and start directly with reporting and provide Vulnerability templates , automated tools, onliner and I'm against this type of institutes & trainers
yes, in part there is the truth that that are "beginner friendly", and at first look the most common security breaches at hackerone and other sites are just "security testing", like software testing with automated tools, but at the end because the systems are diferent and you need to bypass them, you need to know to program malware and to use scripts languages. But yes, the media just sell the bigger bounties as the easiest ones, but there are bountys from work to work, so i think is just not fake, it just need to watch over the lines to know the first courses are just to be a "security tester", like a "software tester", you just need to use your computer to do some tasks and if you find something you will get some money, this is pretty rough with the ones who start at it because the company basically is using your computer power and capabilities to find something specifically, and then pay only for that thing, is pretty bad that, but at the start of most jobs that is what someone find specially in jobs that pay you the things you can do, and not the time you are in. And yes, to go more far, you need to develop your own tools to get access or bypass specific versions and systems, that is why after doing some test, one should start programming, because you are gonna need scripts and languages like nim who are becoming popular because you can almost make a virus or malware from 1 file to the 3 main operative systems (windows, linux and macOS). I just think the media and some websites just sell the idea like the programing ones, where a lot of people want to develop the new "facebook" or the new "instagram" or a better one just in less than a week. Yes it just not takes only for those that the product are good but they have the market to use it and do not be bought at halfway by bigger ones, or not be destroy by bigger ones. I take it really hard your first chosing words to comunicate that, because you just say that starting at one point like everyone is bad, and i do not think that is bad, because you just jumped to freeCodeCamp as recomendation and i was like "hey, you just say we should be different, then you go for the biggest and cheapest way to start programming" i think that were pretty stvpid. Maybe you just had to use other words instead selling the idea of being "different", as "you need to know to program malware", instead of "you just need to be different and unique" then you just drop the most common way to start programming,... Is like say "if you start programming where everyone does it is good, but if you start hacking where everyone does it then is bad".
thank you for making this video as a students who is interested and passionate about these topics, this video gave a good insite and direction that i need to follow
Deeply thinking about this lately, but then a question rises, where to start, cuz there are somuch to learn then, from dev side from security side and also to keep up with the latest vulnerability
I still think the thing I'm struggling with the most is understanding how to get into hacking. Me and a team of my friends want to start bug bountys however we need to learn more, and knowing all the terminology and functions and stuff is so hard.
Recon in Cybersecurity course: bit.ly/cybersecrecon
Python for Pentesters course: bit.ly/2I0sRkm
Python Basics course: bit.ly/37cmhlx
Hands-On Training with PentesterLab PRO: bit.ly/awesomepentester
For coaching in pentesting and bug bounty: dgtsec.com/cybersec-pentesting-training/
thanks for your kind word, my dear sir(senpai-san)
love from "#BHAI"
actually im too stuck in some bullshit and make that mistake again and again, almost 2 year(1 and 8 months) of my time i waste on some f-vid , in late 2019 i stated again but this time i have a goal , being a 'pen tester' currently im not learning too much , only a hour or so, but now im asking myself , what i want to be, bc now i realize how IT is big, and i just need some tips, sorry for my poor English/comment bye
It's true !!!
My problem is getting started to learn the programming languages first.
@l , that's the most solid advice I ever got. However, you said bare metal and I feel like I know what you mean but I really need to be exact on what you mean. You mean make install Kali on a dedicated device as the only OS. A dedicated Kali Linux machine basically?
Probably the only HONEST RUclips about bug bounty advice I ever saw..
thank you
@@CristiVladZ no thank you
For realistic views .
@@CristiVladZ Eh, it's good, but it helped me see how far ahead I am than most cysec people because I am interested in operating systems and tinkering, and not the abstract idea of 'cybersecurity'.
I originally started out in cysec, but in doing that I found a new passion in OS development, too the point that I'm trying too create my own OS on top of a microkernal I like.
All these people are doing are learning crap like Hack the box. All that canned shit is going too do is teach you how too be a soydev script kiddie.
Instead of doing all that, install gentoo, become a power-user, make your own server, practicing hardening and attacking it. *Thats* how you get good. If you want too be a good Cysec guy, you *must* be very passionate about computers for computers. I don't even do this for a job, its just a hobby, you must be at that level too actully succeed.
@@thegreatnihil7854 Wow, ive never seen a gate-keeping/humble-brag hybrid before, your statements are not entirely true, there's many roads to success, just look at the diverse background and skillset of the most prolific hackers on hackerones leaderboard and listen to their journey into cybersec - some were deliberate, someone were completely by chance, and some were just tinkerers from a young age . And also, you don't need passion to succeed in this, that's something that's constantly regurgitated by people in cybersec and comp-sci (looking at you game-devs) you need hard-work, perseverance and a good foundation to build upon, passion is a bonus but definitely not a prereq for success.
P.S almost every "l337" starts off as a script-kiddie.
What did he told ?
I couldn't understand.
"The never ending beginner courses"- The most truth you've told. Internet is full of beginner things, because those instructors don't know above beginner level. The pro levels are busy with their work, they don't show off
Ain't that right?!
No bug hunter who have earned 40 million have also course abiut bug bounty
not because the instructors but influencer, those ppl are just exploited for money so they keep attached to that "beginner content" keep buying courses/merch, instructor and influencer is different, there is a lot of harvard free youtube that teach u IT but nobody interested their vid always boring because that is the point of learning IT field, u need to get used to boring/frustate stuff cybersec or not they are just matter of creativity, instead of doing hacking u ppl make IT memes, being edgy, keep learning the same courses and procastinating, if they actually support ur productivity u might be most likely less attached to them/problaby quit the community because u gain more, if u were not, that is bad influence.
@@werren894 Hello, "here is a lot of harvard free youtube that teach u IT " can you tell me where can i find that?
@@camila3110 CS 50
"Become someone unlike everyone" damn that hit hard
the whole point :)
Im gonna put it in my fb bio
this guy is speaking facts.
I recently decided to stop reproducing steps from tweets or hacktivities on random targets and start studying android app development and thus go into android app hacking. On watching this video I'm more motivated. Thank u
This is what I'm talking about!
Same here!
Damn that's inspiring :)
Honestly I find android apps to be so much easier to find vulns in for the simple reason it's hard to get into and everyone ignores it
This is the actual Truth about Bug bounty, Many peoples Mostly teens join this field because it is low barrier and think they can also find bugs like that person on Twitter who said "RCE in 10 min", "P1 in 5 min" all these guys show there Reward like they got xxxx$ bounty but never reveal how much they worked for that 5 min finding how much time they spend for that 10 min RCE, i don't know but many people mostly popular hackers on social media Represent this field as something Fancy rather than showing how hard it is................
Well said!
This!
I commented on a video last time saying that hacking is hard and nobody really tells you that.
I'm studying to become a fullstack developer to get just enough to pay for my rent and live by myself. Then I will keep learning to become something better. Your advice is so much true. The more boring is the content that we are currently studying, the less people will do it, and the more we might get payed for it. Don't ever give up.
I'm a security student but I'm too learning full stack on the side
@@HK-sw3vi What is it like being a security student?.
How's it going?
@@maximkulakov5359 I learned a lot. Working for a startup now. Revenue is decent. I must have applied to 2k jobs and got rejected by almost all of them. I feel bad for anyone starting now.
Realest vid on bounties ever. Too many people watching the regular type of vids expecting to become millionaires overnight. Well done for adding perspective 👏
thanks Chris. cheers ;)
The most honest video, there was a teacher from a US university who mentioned what you've said during a talk and one of his slowest student ended up becoming a key player because he was writing down on paper to visualise all of his attacks/defense code to be executed before putting them into practice, correcting them and fine tuning them which has paid off because his knowledge is invaluable now.
that's interesting. thanks for sharing
@@CristiVladZ I've found the link, watch this ruclips.net/video/6vj96QetfTg/видео.html & attack.mitre.org
So true, me as someone that owns a software company and writes code every day, working with different languages and tools. I feel like finding out many details and problems about the things you are hacking, such as reading and fully understanding how things work at a low level is so valuable. Its true, the experts are busy working, be it hackers or programmers, this industry needs people that are ever evolving towards being better and thats why so many dont make it.
To be honest this video make me wake up
In what sense?
@@CristiVladZ I just mean good advice
ALL that has been said in this video is 1000% correct. I can vouch for that. BBH is apparently HARD. From my experience as a person who has started doing it quite some time ago, it requires LOTS of up-skilling. Those who say that BBHing does NOT require programming knowledge, then I will tell you that they are LYING. This is a very-well put together video of some hard facts to digest. Thanks for making it. Keep'em coming. Cheers!!
Oh good someone finally said it. Honestly I have several years as a pentester and thus can focus on lesser known bugs/quirks, and write my own custom recon scripts and wordlists and still sometimes struggle a bit to find a bug. The idea you can learn how XSS works and then run a 3 line bash script to find a bunch of XSS bugs stopped being viable in like 2012
If you want to collab, send me a message
@@CristiVladZ Thanks for the offer! I'm not really well versed on the whole youtube video making dynamic right now but am planning on making some educational content in the future. If it kicks off would love to do a collab! Either way thanks for actually telling it how it is, earned a sub from me.
@@-bubby9633 I'm not talking about RUclips, but hunting
This is something I've been having in the back of my mind for quite some time... When it comes to Web App bug bounty hunting the secret lies in being a full stack web dev and dominating multiple popular stacks. Thanks for that.
Yeah dude you should become a web developer then you will understand
Ok, I gonna tell my history:
I am 16, I learn programming since I was 10 or 9. Yes, at least 6 years.
I started learning game hacking (aimbot and others stuffs), cuz I was always wander me: how tf they do hacks, this is amazing. After billions of Google searches, I found a tutorial about cheat engine (really good tool). I started to learn CE. This use lua script for a bunch of things, so I learned it. After I learn lua, I was able to do simple things like: teleport hack, no recoil, etc.
In this point, I had to learn C++, to make trainers and etc (I was about 13 yo). So I did it. I payed an udemy course for less than 5$ (22 BRL). I was able to make aimbot, internal and external cheats.
Then, after practice and hard work I learned Assembly (yes, the low level programming language). I am not any expert in assembly, but I can understand and debugging code. My hacks get really better, my knowledge had a bigg upgrade.
I started to cracking.
With 15 I was cracking others cheats and putting free in a website with ads. I learned a lot with this.
When I was about 13, I also started to learn HTML, css, JavaScript, PHP and sql.
Since I was a little boy, I always wanted to be a hacker (this may be odd, but yeah, it was my dream), so I was watching a lot a videos showing vulnerabilities like buffer overflow, xss, csrf, etc. This was like a dream to me.
So in this year I started with trying to find vulnerabilities in small websites. I found out a lot of them, really cool, I was learning with practice.
I found out a storage xss in a game's support website. So I exploited it. I got access to GM account and etc. It was really amazing for me. I also learned a lot.
After some time 'having fun', I realise that it was not ethical. I already knew this, but this time it really grab me.
I thought a lot about it. I really love to learn game hacking, pentest and hacking stuffs, but it was just not ethical.
So I tried hackerone. In my first website that I tried to hack, I found a XSS storage. I reported it and received $1k. Really cool. It is not much money, since this could execute a massive XSS and hack a lot of accounts, but I it is ok.
In this video I realise that I was never like the others. I never followed a path, always made my own.
So, try to follow the white way, really.
Thanks for read til here!
Also, if u don't know English, try to learn it, cuz it will help u a lot, even if it is a basic English like mine. Btw I am Brazilian.
Truly inspiring Sir.
amazing.learning at an early age and finding your own path without a teacher. wow.
I am so happy I found this video. Actually I recently stopped spending time on the mentioned programs and instead started learning the languages js, python, php. And listening it from expert makes me happy to be in right direction. Thanks🌹
Glad it was helpful!
Hi, @Raghav Gupta, will you share which platform you learn Js, bash, python and PHP, thank you
Hi, @Cristi Vlad, thank you for sharong, I like to ask is there possible to learn JS, Bash, Python in 1 year, if possible how many hours do you suggest we spend to learn those language per day, thank you
A great saying I once heard and tried to apply that to every aspect of life: "To live like no one else, you have to start living like no one else"
So true. I think this applies for a lot of things on social media that promise big payouts fast. We are so used to instant gratification, we see a bug bounty video and think "Hey I could do that too!". People don't realize the time and effort (and expertise) it takes to find even one bug. I admire people who do this and put the work in, I am a programmer myself. But I have realized that I don't have the motivation and dedication to be one of these guys. I have other projects and skills that interest me, which are easier for me to work on in the long run.
Great video!
this is true for almost every position related to software engineering, as a self taught web dev myself I know the road is long and lonely. At first I obsessed over the latest "best practices" like it was the words of RNGsus himself but in doing so I took a back seat in the development of my own applications which always made me feel like a beginner. I'm glad to say I broke out of that loop by creating something on my own, it's like removing the stabilisers on your bike for the first time as a child, you almost don't even realise how fast you're going until you turn a sharp corner and crash... That's the moment that defines you, do you get your hands back on the handlebars? or just lie there crying on the roadside?
well said my friend. Thanks for the intervention!
currently learning this the hard way, started web dev 4 months ago
I like honesty. Refreshing to hear someone like you. You covered it a way others don't. I might consider subscribing but will look for more first.
Glad you liked it
I don't know which person disliked it but if I could, I would give this video a 1000 likes. Very well said. I have been doing hunting for 2 years but I have always felt that I am not improving. Time to deep dive on each topic and make our own hunting style
good reminder!
Did you improve now?
@@CristiVladZ tell him to do click jacking
Those advices are precious! To be honest I tried to reject them to encourage my self but now I need to be more determine
good luck
I am learning and very much engaged in security for about 6 months, and i fell in love with it, i now know my passion, but again i am struggling cause there is no straight path, i am practising from these beginners platform but your video made sense, i will try things now differently, i will do whatever it takes to reach that level, cause i love hacking.
This is the spirit
You are absolutely right. Although, I am a newbie but I have this same goal to find bugs (like business logics error, idor etc) for a specific amount of time and then instead of being sticking to this loop, move on to learn new technologies, tools, programming languages. The idea behind learning all of this is to find some big peice of meat, to automate repeatitive tasks, to build something and so on.
Ive found some leaks and ended up getting a P2 on bugcrowd, which allowed me to find more bugs using the same long hanging fruit technique, and i was unable to find something more technical since the findings were made using google dorks, then tried to find more "advanced" bugs however, the lack of technical knowledge was like a brickwall, now im doing a fullstack course, to understand from the dev side and learn new skills.
And theres also another big important side, which is time, usually i preffer working on upwork for example, than waste hours on bug bounty with no pay.
How do you guys get motivation on this field? I gave up learning how to montage a video within 10minutes of trying ...
What a lot of people don't understand, is that you need to start by knowing programming in various languages AND be able to make any kind of program you want, to THEN try to use that knowledge to find vulnerabilities. If you don't know how to program and what are the best practices of programming / most common design patterns, you'll never be able to do anything.
Damn i knew this but not found anyone telling about this, you told it and you are my Hero now. But surely you have saved the time of over 19k viewers, you are definitely going to heaven.
i sure hope so :)
This applies to every aspect of the “get rich scheme”. Maturity is when you understand that if getting rich was this easy the entire world would be full of millionaires
TBH, I started getting seriously in information security about a year ago, as a university student. I've found my interest in penetration testing and have basic skills to jump into these things. But, every time I learn something new, more I don't know about it. Deep down, I still feel like a noob in terms of knowledge and skill even though I learn many things for the past 7 years little by little. I'm glad you make this video and speak about the ugly truth in cybersecurity.
thanks for sharing your thoughts :)
This is what which makes this field more interesting not a pro tho. But i am exploring for more then 2 years as of now and felt same half a year back. Keep crawling and a suggestion if you don't mind just take big plain sheets and draw concepts like ddos or osi model and many defination like threat, risk , CIA triad on that and stick that in your room and just look that once a week. And you can also compare that old architecture with new released which will help you alot in understanding new technology with ease. This was what i did and it worked for me.
Good luck :)
Yup this is the explanation I was looking for. I started learning the basics of programming as well as Linux. I also used and Kali Linux and messed around with it by watching a lot of RUclips tutorials. This was all done in the past 2 years during my side job. But I gotta say right now I am nowhere near where I want to be in this field. I'm considering switching my goals but I will give it one last go by studying for the oscp cert which definitely is a real one. I'm glad you made this video, cyber security is a maze in which you need to match the pieces. Just takes time but if it don't match then then it's not worth wasting time.
i gave up after 3 years just trying to get an entry-level SOC analyst job.
My favorites when a vetted black hat puts an 0day up for sale on forum somewhere on the net, then before being archived all traces deleted then hackerone has some "Magical out of nowhere person who gets a nice payout for s bounty that was never even posted to begin with but it's the same 0day you randomly ran into on that random forum" priceless. Brings a tear to my eye. They grow up so fast. So proud
Best answer I ever seen.
Basically become a web app developer(no need to be as good as a pro dev. Just know OOP and basics of software design) to become a web app hacker. You never know what mistakes devs can make unless you think like one.
Learn system languages and programming plus some assembly and hardware if you want to write your own malware or crack/reverse engineer software
Learn networking as much as at least CCNA/network+ but the more you know the better since most security breaches are exploited remotely thus networking knowledge is key. If you had to choose one field to master i guess better chose this one.
Learn how CCTV cameras work to come up with a way to hack them.
All the available exploits and hackme tricks are public knowledge and patched already, companies need people who can come up with their own exploits so following online tuts gives you the basics but that's it.
You can't possible live long enough to master all those topics so pick 1 or two to master and learn the basics of the rest.
Do you guys agree?
thanks for the insightful comment! :)
the best comment!
The way you demotivated now i am sure i will make it to the top thanks.
Im not here to demotivate anyone, but to talk about my perspective on things...
A lot of fake bugbounty tips in twitter make the beginner keep busy with their oneliner thing and the elite doing the real thing on a bugbounty target and harvest bounty 😂.
i love this video
I think the biggest thing people overlook is that in order to exploit a computer, you need to understand the computer. I was very lucky, coming in with extensive knowledge of windows, Linux, python, bash, SQL and html, as well as years of experience. However, I think it's fundamental to understand networking, Linux, windows and a programming language before you should even consider anything to do with hacking
‘Be uncommon in a group of uncommon people...’
-David Goggins.
Goggins is legend
This is was so accurate and well worded. I've seen a huge amount of posts in various communities of people following the path of x, y, z. to get into bug bounty with a goal of pursuing it full time and it's just not realistic for most people.
thanks!
Dude.. You are sooo underrated!!
I salute ya buddy! Keep going!
Cheers. Share around
this is all i wanted to hear.. after months of failed attempts to learn bug bounty hunting, i know where to focus on. those people who says coding isn't important to start, thats a hoax. those people themselves are good coders.
you're on a good path!
Good gosh, what an eye opener video. Thanks for making it and then subsequently sharing it with everyone to see. I appreciate it.
"CRAFT YOUR UNIQUE APROACHE!" this is a golden advice! Thanks
We are all gonna make it brothers,never give up!!
that is the spirit!
Came for the ugly truth, stayed for the soothing voice
So true. I never completed a single lab or ctf but i still manage to find bugs every month and im happy with it. I just dont want to spend my time doing what everybody does. Why have to learn same thing that everyone is learning when i can learn alot more from google.
everyone is finding bugs , how r u different from others ? so people trying ctfs and labs are wasting time ?
grow up beg bounty hunter
@@nikhilt3755 lol when did i say that I'm different from others. Everyone is finding bugs yes true. Why the fuck people want to be limited when they can learn so much from the internet instead of wasting money(yes there are free ones also). I'm not saying people are wasting their time by doing ctf,labs etc. I just said my thing not yours. Please grow up. In some case everyone is beg bounty hunter how come you can say you're not.
Nice work. How did you learn? Cuz I can see there are several types of bugs. Also do you concentrate one a few types of bugs or you check for everything.
@@rujotheone you can use tools for that in beginning but try doing that manually. You can use portswigger.net and also hackerone you can get good web security knowledge on those website.
@@chintangajera1537 thanks
The one liners beginner courses ugh
So many are in just for the views and are misleading people like me :(
Finally someone who has the right morals! You made my day man! Seriously. You a HBH member
Thank you for the wake up call. I appreciate the honesty. It's going to take real work to that level. Was happy to hear that 'Time is on your side'.
And thats why I’ve subscribed channels like this, not big ones bcz everyone is doing that🙂✌️
Haha
I see this video 3 month ago and I really upset about my inadequacy it was sound really hard to me starting coding. finally I start 2 months ago and I learned html and css (I know its design language) in this time I realize coding was fun and that motivate me and I am still learning javascript (once I stop learning programming because it was really boring) and soon I will learn nodejs. I am still didn't quit because of learning new things hard and boring. Infact I want to full-stack javascript developer then start bug bounty. I found my way and I am really happy about it I can even spend years programming maybe I will forget starting hacking. thank you Cristi Vlad this video was really helpfull to me I hope the others will start programming. BY the way sorry for my language English is not my native language and I am learning it too :)
you've just made my day! Good luck in all your future pursuits!
A lot of people are driven into bugbounty feeling like its some short of free dollars coupons
I thought this was going to be about finding rare insects
OMG! one of the greatest advice that I could ever received. thank you so much mate. I am currently a web developer so as you said, maybe its good for me to start on security source code reviewer since that is what I do most everyday staring at the source code of my team doing code review but not on security aspect. honestly, I am really weak at doing black box testing. so maybe focusing on my strength first will do the job? cheers
Of course, leverage your strengths
thx you opened my mind about the idea to master js!!!!
Pretty comprehensive and honest opinions on your vids. Felicitări! 😎
gracias :) da mai departe.
You are an amazing human being for putting this out like that.
Teaching about something is the best business regardless if the teachers themselves applies it practically in the real world
i stopped hacking and bug bounty hunting when i took a step back and realised that i didn't really enjoy it, i was doing it because i liked the fact that i could call myself a "hacker" even a newbie one, i know its pathetic but i was at that time, trying to find myself, maybe one of you are right now in the same situation that i was, think about it guys.
Oops I'm new in cybersec and i felt demotivated by seeing this😅
@@thwahirmahammed4334 sorry for that, this isn't the goal of my comment but really ask yourself this question not only in bug bounty hunting but other areas of your life too :)
☺️👍
@@nets0und200 bro can i ask one doubt that's some long sentence?
@@thwahirmahammed4334 go ahead
Be unique, make your own path, don't get into trap of advertised online courses of other sites, follow right people , and don't feel shame in asking easy methods too ,
Every Night on bed ask yourself what you've learnt , it pushes you next day
introspection and retrospection are key
‘’Remove yourself from the crowd…’’
The road is really narrow and hard
what makes me happy is i've already been doing everything he mentioned for a few years now
ONE THING TO UNDERSTAND the reason why many people don't do that because of errors not hard working
I am not doing any of these things..
I can't get my router to work properly...
Please.. Don't hack me 😬
Promise I won't
Thanks, this was needed to be said!
honestly, got carried away with the good old fashion marketing going on about cyber security for a while, to only find out it was just a boring job like any other, you will end up doing 9 to 5 daily tasks looking for bugs and get paid like any other dude in the industry. they will make it sound cool cause they have a gap and its well paid cause they dont have enough people doing it thats why they wanna make it look like the best opportunity , so they can pay less for the same task and have enough specialised manpower to get rid of you anytime they want
This gonna be hard. But i know it will worth .........
Good video, telling the truth without demotivating and disrespecting someone.
Learn! Apply! Learn Apply!
Thanks for the feedback
Thank you for this video, I'm just starting out, but there is soooo much beginner stuff out there, someone like me doesn't really know where to go to get some proper learning tools to get into the industry. I will make it to the top, so it's nice to know that if someone can go alone, become competent and get to the top without following the crowd.
You got this!
and also there is that everyone that we all kinda competing with. and guys doing most work auto, bruh..
Well, don't do any coding or hacking at all unless your motivation comes 90% from the excitement of the moment when you press enter and find out if what you did or thought makes something work - or break. In my experience, people that don't feel that excitement never make it anywhere in informatics. Can be tested easily by letting a person compile Hello World, then tell them to change something and recompile.
I think the main problem is that there is not enough bugs for the supply.
or most hunters never being able to go below surface level stuff. bugs are there.
Basically almost every career in the nutshell.
very likely it applies to more careers you can think of
i seriously do need help i'm depressed.. ahh i'm about to explode with the thought of what shall i do i'm trying on graphic designing, thinking of getting into ethical hacking and cyber security another here is also related to cyber.. none of the doors are opening for me.. i just graduated highschool and will be joining university i'm really confused on what shall i be studying or stop studying it really harsh ahh MAN!! sorry couldn't find anywhere to express it sorry for my bad grammar
Take some time off the keyboard and spend it with family, friends and loved ones
The field being full of skids is exactly what made me become a blue teamer instead of a red teamer. I feel like its less bad there
yeah, but not entirely
One of the most honest videos on youtube i've ever seen
I was almost givin up from that. so something make me watching a last video from a unsubscribed channel and here I am... fullcharged of dopamine again, but genuine dopamine this time like that one what made gohan become super sayajin 2. Thank you bro!
Welcome back!
Finally the best advice ever, at least I think for us beginners who are lurking in Cybersecurity world ! Thanks ! And glad I discovered you!
Glad it was helpful!
Thanks man! You are truly an honest man. As u said You need to be different from others that hit me differently. 💯🥂
holy shit dude, u just said what i was thinking for like months , i just didnt had the correct words , thanks for clearing it up for me and everyone else
Great
For once the yt algorithm did something good and suggested this video.
Best. Advise. Ever.
Been thinking the same thing lately. I got to have a unique look at the scenario to strike out.
cheers!
Hello sir. Which is the best laptop for bug bounty with prosseror and ram???? Plz Suggest me. Sir
Computer does not matter.
Wow talk about a reality check because i started this Ethical hacker world in May 2020 i sent 4 reports in they were duds my confidence fell threw the floor and i was like a deer in the head wind. I am now taking a step back and learning the foundations of XSS and applying it to the wild and one day hope to earn my first bounty. Of course i dont expect any of this to be easy at all its tough and there are many people out there chasing the same bug. I do listen to other bug hunters take their advise with a grain of salt and apply it to me and see what works and what doesn't. I also been told dont rely on tools and become nothing more than a "Script Kiddie".
This was a honest video that does not magically coat the world of bug bounties this made me wake up the reality and how i failed to earn anything so i need to figure something out.
It's just a matter of time Anthony. I pounded at it for 10 months to finally finding my first bug.
@@CristiVladZ Thanks man for the confidence boost. As a former data scientist I can tell you there is no comparison this is harder but also more fun. I know one day with patience and persistence I will earn my first bounty. Also I am only specializing in one bug not all of them.
Thank you so much bro for helping me out....!!!
Appreciate your honesty!!!!
You're welcome
I'm building it knowledge in prep not there yet but the info was Def appreciated man
edabit and codewars.com ...................... well, everybody is doing it. PERIOD.
no more edabit...they've gotten greedy
Thanks for the honest advice, now i get a clear path about where should i start i want to be a webapp pentester so im going to master web development and js first ✌️
Actually you are the one who has cleared my path, Thanks
For
Everything.
@@thecreator8353 yeah ! stay focus
Totally agree with you. Someone I found whom i can relate more - otherwise most of the people who got in security are mainly driven by the money. Interest is the first thing which require in bug bounty. I am pretty sure, people who have interest should have found this true and informative.
well said
Become someone unlike everyone!
3:36
a yes i see you using hacker typer like an intellectual on the right screen
In india almost 80k bug hunters created there profile on bugcrowd in 2019-2020 that happened because some silly hunters and institution providing such stupid courses in which they giving there students unresolved reports for points . Cheap courses in 500rs, 2000rs. Like courses are easily available in which they don't clear the basics and start directly with reporting and provide Vulnerability templates , automated tools, onliner and I'm against this type of institutes & trainers
The most Realistic video about bug bounty or cyber sec... appreciate your calm boldness👍👍❤
For me personally bug bounties is an introduction to future contracts without a middle man
Also car hacking and embedded hacking is completely different in bug bounty in comparison to web stuff
Definitely! Code review as well
yes, in part there is the truth that that are "beginner friendly", and at first look the most common security breaches at hackerone and other sites are just "security testing", like software testing with automated tools, but at the end because the systems are diferent and you need to bypass them, you need to know to program malware and to use scripts languages.
But yes, the media just sell the bigger bounties as the easiest ones, but there are bountys from work to work, so i think is just not fake, it just need to watch over the lines to know the first courses are just to be a "security tester", like a "software tester", you just need to use your computer to do some tasks and if you find something you will get some money, this is pretty rough with the ones who start at it because the company basically is using your computer power and capabilities to find something specifically, and then pay only for that thing, is pretty bad that, but at the start of most jobs that is what someone find specially in jobs that pay you the things you can do, and not the time you are in.
And yes, to go more far, you need to develop your own tools to get access or bypass specific versions and systems, that is why after doing some test, one should start programming, because you are gonna need scripts and languages like nim who are becoming popular because you can almost make a virus or malware from 1 file to the 3 main operative systems (windows, linux and macOS).
I just think the media and some websites just sell the idea like the programing ones, where a lot of people want to develop the new "facebook" or the new "instagram" or a better one just in less than a week.
Yes it just not takes only for those that the product are good but they have the market to use it and do not be bought at halfway by bigger ones, or not be destroy by bigger ones.
I take it really hard your first chosing words to comunicate that, because you just say that starting at one point like everyone is bad, and i do not think that is bad, because you just jumped to freeCodeCamp as recomendation and i was like "hey, you just say we should be different, then you go for the biggest and cheapest way to start programming" i think that were pretty stvpid.
Maybe you just had to use other words instead selling the idea of being "different", as "you need to know to program malware", instead of "you just need to be different and unique" then you just drop the most common way to start programming,... Is like say "if you start programming where everyone does it is good, but if you start hacking where everyone does it then is bad".
I like to read books so much i got 23 books
Watching this video and trying to be unlike others, Everyone does this.
The only way to become different, is to do what you feel is hard.
thank you for making this video as a students who is interested and passionate about these topics, this video gave a good insite and direction that i need to follow
first learn development then go for breaking it...
I'm actually doing that right now :)
Deeply thinking about this lately, but then a question rises, where to start, cuz there are somuch to learn then, from dev side from security side and also to keep up with the latest vulnerability
I still think the thing I'm struggling with the most is understanding how to get into hacking. Me and a team of my friends want to start bug bountys however we need to learn more, and knowing all the terminology and functions and stuff is so hard.
you dont need to learn more, just do