The Ugly Truth about Bug Bounty Hunting

Поделиться
HTML-код
  • Опубликовано: 17 дек 2024

Комментарии • 420

  • @CristiVladZ
    @CristiVladZ  4 года назад +37

    Recon in Cybersecurity course: bit.ly/cybersecrecon
    Python for Pentesters course: bit.ly/2I0sRkm
    Python Basics course: bit.ly/37cmhlx
    Hands-On Training with PentesterLab PRO: bit.ly/awesomepentester
    For coaching in pentesting and bug bounty: dgtsec.com/cybersec-pentesting-training/

    • @ncb4_69
      @ncb4_69 4 года назад +1

      thanks for your kind word, my dear sir(senpai-san)
      love from "#BHAI"

    • @ncb4_69
      @ncb4_69 4 года назад +1

      actually im too stuck in some bullshit and make that mistake again and again, almost 2 year(1 and 8 months) of my time i waste on some f-vid , in late 2019 i stated again but this time i have a goal , being a 'pen tester' currently im not learning too much , only a hour or so, but now im asking myself , what i want to be, bc now i realize how IT is big, and i just need some tips, sorry for my poor English/comment bye

    • @arjunn7683
      @arjunn7683 3 года назад

      It's true !!!

    • @t.k.8406
      @t.k.8406 3 года назад

      My problem is getting started to learn the programming languages first.

    • @t.k.8406
      @t.k.8406 3 года назад

      @l , that's the most solid advice I ever got. However, you said bare metal and I feel like I know what you mean but I really need to be exact on what you mean. You mean make install Kali on a dedicated device as the only OS. A dedicated Kali Linux machine basically?

  • @ayansinha4039
    @ayansinha4039 4 года назад +598

    "The never ending beginner courses"- The most truth you've told. Internet is full of beginner things, because those instructors don't know above beginner level. The pro levels are busy with their work, they don't show off

    • @CristiVladZ
      @CristiVladZ  4 года назад +62

      Ain't that right?!

    • @highlightchannel7845
      @highlightchannel7845 4 года назад +13

      No bug hunter who have earned 40 million have also course abiut bug bounty

    • @werren894
      @werren894 4 года назад +23

      not because the instructors but influencer, those ppl are just exploited for money so they keep attached to that "beginner content" keep buying courses/merch, instructor and influencer is different, there is a lot of harvard free youtube that teach u IT but nobody interested their vid always boring because that is the point of learning IT field, u need to get used to boring/frustate stuff cybersec or not they are just matter of creativity, instead of doing hacking u ppl make IT memes, being edgy, keep learning the same courses and procastinating, if they actually support ur productivity u might be most likely less attached to them/problaby quit the community because u gain more, if u were not, that is bad influence.

    • @camila3110
      @camila3110 4 года назад

      @@werren894 Hello, "here is a lot of harvard free youtube that teach u IT " can you tell me where can i find that?

    • @prajjwal3127
      @prajjwal3127 4 года назад +2

      @@camila3110 CS 50

  • @RN-kl4kp
    @RN-kl4kp 4 года назад +349

    Probably the only HONEST RUclips about bug bounty advice I ever saw..

    • @CristiVladZ
      @CristiVladZ  4 года назад +16

      thank you

    • @RN-kl4kp
      @RN-kl4kp 4 года назад +13

      @@CristiVladZ no thank you
      For realistic views .

    • @thegreatnihil7854
      @thegreatnihil7854 4 года назад +4

      @@CristiVladZ Eh, it's good, but it helped me see how far ahead I am than most cysec people because I am interested in operating systems and tinkering, and not the abstract idea of 'cybersecurity'.
      I originally started out in cysec, but in doing that I found a new passion in OS development, too the point that I'm trying too create my own OS on top of a microkernal I like.
      All these people are doing are learning crap like Hack the box. All that canned shit is going too do is teach you how too be a soydev script kiddie.
      Instead of doing all that, install gentoo, become a power-user, make your own server, practicing hardening and attacking it. *Thats* how you get good. If you want too be a good Cysec guy, you *must* be very passionate about computers for computers. I don't even do this for a job, its just a hobby, you must be at that level too actully succeed.

    • @UnknownSend3r
      @UnknownSend3r 3 года назад +6

      @@thegreatnihil7854 Wow, ive never seen a gate-keeping/humble-brag hybrid before, your statements are not entirely true, there's many roads to success, just look at the diverse background and skillset of the most prolific hackers on hackerones leaderboard and listen to their journey into cybersec - some were deliberate, someone were completely by chance, and some were just tinkerers from a young age . And also, you don't need passion to succeed in this, that's something that's constantly regurgitated by people in cybersec and comp-sci (looking at you game-devs) you need hard-work, perseverance and a good foundation to build upon, passion is a bonus but definitely not a prereq for success.
      P.S almost every "l337" starts off as a script-kiddie.

    • @muudus_tv
      @muudus_tv 3 года назад

      What did he told ?
      I couldn't understand.

  • @swapnilpawar2311
    @swapnilpawar2311 4 года назад +215

    "Become someone unlike everyone" damn that hit hard

    • @CristiVladZ
      @CristiVladZ  4 года назад +13

      the whole point :)

    • @3rdNumberOfPi
      @3rdNumberOfPi 4 года назад +2

      Im gonna put it in my fb bio

    • @reo4680
      @reo4680 3 года назад

      this guy is speaking facts.

  • @rickdalton9773
    @rickdalton9773 4 года назад +86

    I recently decided to stop reproducing steps from tweets or hacktivities on random targets and start studying android app development and thus go into android app hacking. On watching this video I'm more motivated. Thank u

    • @CristiVladZ
      @CristiVladZ  4 года назад +10

      This is what I'm talking about!

    • @fenilshah9221
      @fenilshah9221 4 года назад +1

      Same here!

    • @chintangajera1537
      @chintangajera1537 4 года назад +3

      Damn that's inspiring :)

    • @-bubby9633
      @-bubby9633 3 года назад

      Honestly I find android apps to be so much easier to find vulns in for the simple reason it's hard to get into and everyone ignores it

  • @tanujbaware2530
    @tanujbaware2530 4 года назад +53

    This is the actual Truth about Bug bounty, Many peoples Mostly teens join this field because it is low barrier and think they can also find bugs like that person on Twitter who said "RCE in 10 min", "P1 in 5 min" all these guys show there Reward like they got xxxx$ bounty but never reveal how much they worked for that 5 min finding how much time they spend for that 10 min RCE, i don't know but many people mostly popular hackers on social media Represent this field as something Fancy rather than showing how hard it is................

    • @CristiVladZ
      @CristiVladZ  4 года назад +2

      Well said!

    • @jhde9067
      @jhde9067 4 года назад +6

      This!
      I commented on a video last time saying that hacking is hard and nobody really tells you that.

  • @michaelgraf6773
    @michaelgraf6773 4 года назад +12

    So true, me as someone that owns a software company and writes code every day, working with different languages and tools. I feel like finding out many details and problems about the things you are hacking, such as reading and fully understanding how things work at a low level is so valuable. Its true, the experts are busy working, be it hackers or programmers, this industry needs people that are ever evolving towards being better and thats why so many dont make it.

  • @rumplstiltztinkerstein
    @rumplstiltztinkerstein 4 года назад +64

    I'm studying to become a fullstack developer to get just enough to pay for my rent and live by myself. Then I will keep learning to become something better. Your advice is so much true. The more boring is the content that we are currently studying, the less people will do it, and the more we might get payed for it. Don't ever give up.

    • @HK-sw3vi
      @HK-sw3vi 3 года назад

      I'm a security student but I'm too learning full stack on the side

    • @QuestForGood
      @QuestForGood Год назад

      @@HK-sw3vi What is it like being a security student?.

    • @Maxim_Kulakov
      @Maxim_Kulakov 11 месяцев назад

      How's it going?

    • @rumplstiltztinkerstein
      @rumplstiltztinkerstein 11 месяцев назад

      @@Maxim_Kulakov I learned a lot. Working for a startup now. Revenue is decent. I must have applied to 2k jobs and got rejected by almost all of them. I feel bad for anyone starting now.

  • @IamAnandJambhulkar
    @IamAnandJambhulkar 2 года назад +9

    ALL that has been said in this video is 1000% correct. I can vouch for that. BBH is apparently HARD. From my experience as a person who has started doing it quite some time ago, it requires LOTS of up-skilling. Those who say that BBHing does NOT require programming knowledge, then I will tell you that they are LYING. This is a very-well put together video of some hard facts to digest. Thanks for making it. Keep'em coming. Cheers!!

  • @-bubby9633
    @-bubby9633 3 года назад +14

    Oh good someone finally said it. Honestly I have several years as a pentester and thus can focus on lesser known bugs/quirks, and write my own custom recon scripts and wordlists and still sometimes struggle a bit to find a bug. The idea you can learn how XSS works and then run a 3 line bash script to find a bunch of XSS bugs stopped being viable in like 2012

    • @CristiVladZ
      @CristiVladZ  3 года назад +3

      If you want to collab, send me a message

    • @-bubby9633
      @-bubby9633 3 года назад

      @@CristiVladZ Thanks for the offer! I'm not really well versed on the whole youtube video making dynamic right now but am planning on making some educational content in the future. If it kicks off would love to do a collab! Either way thanks for actually telling it how it is, earned a sub from me.

    • @CristiVladZ
      @CristiVladZ  3 года назад +1

      @@-bubby9633 I'm not talking about RUclips, but hunting

  • @MrTheSaxon
    @MrTheSaxon 4 года назад +2

    So true. I think this applies for a lot of things on social media that promise big payouts fast. We are so used to instant gratification, we see a bug bounty video and think "Hey I could do that too!". People don't realize the time and effort (and expertise) it takes to find even one bug. I admire people who do this and put the work in, I am a programmer myself. But I have realized that I don't have the motivation and dedication to be one of these guys. I have other projects and skills that interest me, which are easier for me to work on in the long run.
    Great video!

  • @vincebastier9815
    @vincebastier9815 4 года назад +18

    The most honest video, there was a teacher from a US university who mentioned what you've said during a talk and one of his slowest student ended up becoming a key player because he was writing down on paper to visualise all of his attacks/defense code to be executed before putting them into practice, correcting them and fine tuning them which has paid off because his knowledge is invaluable now.

    • @CristiVladZ
      @CristiVladZ  4 года назад +2

      that's interesting. thanks for sharing

    • @vincebastier9815
      @vincebastier9815 4 года назад

      @@CristiVladZ I've found the link, watch this ruclips.net/video/6vj96QetfTg/видео.html & attack.mitre.org

  • @trickwheel
    @trickwheel 2 года назад +2

    A great saying I once heard and tried to apply that to every aspect of life: "To live like no one else, you have to start living like no one else"

  • @FatherChristma5
    @FatherChristma5 4 года назад +34

    Realest vid on bounties ever. Too many people watching the regular type of vids expecting to become millionaires overnight. Well done for adding perspective 👏

  • @coderx56
    @coderx56 4 года назад +45

    To be honest this video make me wake up

    • @CristiVladZ
      @CristiVladZ  4 года назад +3

      In what sense?

    • @coderx56
      @coderx56 4 года назад +3

      @@CristiVladZ I just mean good advice

  • @eonraider
    @eonraider 3 года назад +10

    This is something I've been having in the back of my mind for quite some time... When it comes to Web App bug bounty hunting the secret lies in being a full stack web dev and dominating multiple popular stacks. Thanks for that.

    • @Cognitoman
      @Cognitoman 2 года назад +1

      Yeah dude you should become a web developer then you will understand

  • @theraghavgupta
    @theraghavgupta 4 года назад +12

    I am so happy I found this video. Actually I recently stopped spending time on the mentioned programs and instead started learning the languages js, python, php. And listening it from expert makes me happy to be in right direction. Thanks🌹

    • @CristiVladZ
      @CristiVladZ  4 года назад

      Glad it was helpful!

    • @arbayloji
      @arbayloji 2 года назад

      Hi, @Raghav Gupta, will you share which platform you learn Js, bash, python and PHP, thank you

    • @arbayloji
      @arbayloji 2 года назад

      Hi, @Cristi Vlad, thank you for sharong, I like to ask is there possible to learn JS, Bash, Python in 1 year, if possible how many hours do you suggest we spend to learn those language per day, thank you

  • @jhde9067
    @jhde9067 4 года назад +5

    I like honesty. Refreshing to hear someone like you. You covered it a way others don't. I might consider subscribing but will look for more first.

  • @bsmakoro
    @bsmakoro 2 года назад

    Thank you for the wake up call. I appreciate the honesty. It's going to take real work to that level. Was happy to hear that 'Time is on your side'.

  • @trinity2725
    @trinity2725 3 года назад +5

    Those advices are precious! To be honest I tried to reject them to encourage my self but now I need to be more determine

  • @circleclips8429
    @circleclips8429 4 года назад +5

    I am learning and very much engaged in security for about 6 months, and i fell in love with it, i now know my passion, but again i am struggling cause there is no straight path, i am practising from these beginners platform but your video made sense, i will try things now differently, i will do whatever it takes to reach that level, cause i love hacking.

  • @ayushmayekar9098
    @ayushmayekar9098 4 года назад +3

    Damn i knew this but not found anyone telling about this, you told it and you are my Hero now. But surely you have saved the time of over 19k viewers, you are definitely going to heaven.

  • @anandjambhulkar8432
    @anandjambhulkar8432 3 года назад +2

    Good gosh, what an eye opener video. Thanks for making it and then subsequently sharing it with everyone to see. I appreciate it.

  • @jordanski5421
    @jordanski5421 4 года назад +5

    this is true for almost every position related to software engineering, as a self taught web dev myself I know the road is long and lonely. At first I obsessed over the latest "best practices" like it was the words of RNGsus himself but in doing so I took a back seat in the development of my own applications which always made me feel like a beginner. I'm glad to say I broke out of that loop by creating something on my own, it's like removing the stabilisers on your bike for the first time as a child, you almost don't even realise how fast you're going until you turn a sharp corner and crash... That's the moment that defines you, do you get your hands back on the handlebars? or just lie there crying on the roadside?

    • @CristiVladZ
      @CristiVladZ  4 года назад +1

      well said my friend. Thanks for the intervention!

    • @coupleodevs
      @coupleodevs 2 года назад

      currently learning this the hard way, started web dev 4 months ago

  • @Ghost-jx2dj
    @Ghost-jx2dj 2 года назад +2

    The way you demotivated now i am sure i will make it to the top thanks.

    • @CristiVladZ
      @CristiVladZ  2 года назад

      Im not here to demotivate anyone, but to talk about my perspective on things...

  • @kfreedom470
    @kfreedom470 4 года назад +4

    Yup this is the explanation I was looking for. I started learning the basics of programming as well as Linux. I also used and Kali Linux and messed around with it by watching a lot of RUclips tutorials. This was all done in the past 2 years during my side job. But I gotta say right now I am nowhere near where I want to be in this field. I'm considering switching my goals but I will give it one last go by studying for the oscp cert which definitely is a real one. I'm glad you made this video, cyber security is a maze in which you need to match the pieces. Just takes time but if it don't match then then it's not worth wasting time.

  • @hasnainabidkhanzada3754
    @hasnainabidkhanzada3754 4 года назад +15

    You are absolutely right. Although, I am a newbie but I have this same goal to find bugs (like business logics error, idor etc) for a specific amount of time and then instead of being sticking to this loop, move on to learn new technologies, tools, programming languages. The idea behind learning all of this is to find some big peice of meat, to automate repeatitive tasks, to build something and so on.

  • @gtgt8564
    @gtgt8564 4 года назад +10

    Ive found some leaks and ended up getting a P2 on bugcrowd, which allowed me to find more bugs using the same long hanging fruit technique, and i was unable to find something more technical since the findings were made using google dorks, then tried to find more "advanced" bugs however, the lack of technical knowledge was like a brickwall, now im doing a fullstack course, to understand from the dev side and learn new skills.
    And theres also another big important side, which is time, usually i preffer working on upwork for example, than waste hours on bug bounty with no pay.

    • @ayoubzahiri1918
      @ayoubzahiri1918 4 года назад

      How do you guys get motivation on this field? I gave up learning how to montage a video within 10minutes of trying ...

  • @pratheeku4467
    @pratheeku4467 4 года назад +3

    Dude.. You are sooo underrated!!
    I salute ya buddy! Keep going!

  • @FreakinKatGaming
    @FreakinKatGaming 4 года назад

    My favorites when a vetted black hat puts an 0day up for sale on forum somewhere on the net, then before being archived all traces deleted then hackerone has some "Magical out of nowhere person who gets a nice payout for s bounty that was never even posted to begin with but it's the same 0day you randomly ran into on that random forum" priceless. Brings a tear to my eye. They grow up so fast. So proud

  • @behradtaher6779
    @behradtaher6779 4 года назад +4

    This is was so accurate and well worded. I've seen a huge amount of posts in various communities of people following the path of x, y, z. to get into bug bounty with a goal of pursuing it full time and it's just not realistic for most people.

  • @hackersguild8445
    @hackersguild8445 4 года назад +40

    I don't know which person disliked it but if I could, I would give this video a 1000 likes. Very well said. I have been doing hunting for 2 years but I have always felt that I am not improving. Time to deep dive on each topic and make our own hunting style

    • @CristiVladZ
      @CristiVladZ  4 года назад +3

      good reminder!

    • @arthathome
      @arthathome 2 года назад +4

      Did you improve now?

    • @LetsGoTech
      @LetsGoTech 2 года назад

      @@CristiVladZ tell him to do click jacking

  • @telnobynoyator_6183
    @telnobynoyator_6183 4 года назад +2

    What a lot of people don't understand, is that you need to start by knowing programming in various languages AND be able to make any kind of program you want, to THEN try to use that knowledge to find vulnerabilities. If you don't know how to program and what are the best practices of programming / most common design patterns, you'll never be able to do anything.

  • @namenone8387
    @namenone8387 4 года назад +8

    OMG! one of the greatest advice that I could ever received. thank you so much mate. I am currently a web developer so as you said, maybe its good for me to start on security source code reviewer since that is what I do most everyday staring at the source code of my team doing code review but not on security aspect. honestly, I am really weak at doing black box testing. so maybe focusing on my strength first will do the job? cheers

    • @CristiVladZ
      @CristiVladZ  4 года назад +1

      Of course, leverage your strengths

  • @armincal9834
    @armincal9834 4 года назад +3

    Basically become a web app developer(no need to be as good as a pro dev. Just know OOP and basics of software design) to become a web app hacker. You never know what mistakes devs can make unless you think like one.
    Learn system languages and programming plus some assembly and hardware if you want to write your own malware or crack/reverse engineer software
    Learn networking as much as at least CCNA/network+ but the more you know the better since most security breaches are exploited remotely thus networking knowledge is key. If you had to choose one field to master i guess better chose this one.
    Learn how CCTV cameras work to come up with a way to hack them.
    All the available exploits and hackme tricks are public knowledge and patched already, companies need people who can come up with their own exploits so following online tuts gives you the basics but that's it.
    You can't possible live long enough to master all those topics so pick 1 or two to master and learn the basics of the rest.
    Do you guys agree?

    • @CristiVladZ
      @CristiVladZ  4 года назад

      thanks for the insightful comment! :)

    • @xbrook5490
      @xbrook5490 2 года назад

      the best comment!

  • @nointro5284
    @nointro5284 4 года назад +4

    So true. I never completed a single lab or ctf but i still manage to find bugs every month and im happy with it. I just dont want to spend my time doing what everybody does. Why have to learn same thing that everyone is learning when i can learn alot more from google.

    • @nikhilt3755
      @nikhilt3755 4 года назад +1

      everyone is finding bugs , how r u different from others ? so people trying ctfs and labs are wasting time ?
      grow up beg bounty hunter

    • @nointro5284
      @nointro5284 4 года назад

      @@nikhilt3755 lol when did i say that I'm different from others. Everyone is finding bugs yes true. Why the fuck people want to be limited when they can learn so much from the internet instead of wasting money(yes there are free ones also). I'm not saying people are wasting their time by doing ctf,labs etc. I just said my thing not yours. Please grow up. In some case everyone is beg bounty hunter how come you can say you're not.

    • @rujotheone
      @rujotheone 4 года назад +2

      Nice work. How did you learn? Cuz I can see there are several types of bugs. Also do you concentrate one a few types of bugs or you check for everything.

    • @chintangajera1537
      @chintangajera1537 4 года назад +2

      @@rujotheone you can use tools for that in beginning but try doing that manually. You can use portswigger.net and also hackerone you can get good web security knowledge on those website.

    • @rujotheone
      @rujotheone 4 года назад +1

      @@chintangajera1537 thanks

  • @fritzeyok
    @fritzeyok 3 года назад +1

    "CRAFT YOUR UNIQUE APROACHE!" this is a golden advice! Thanks

  • @luqmanhamdan9285
    @luqmanhamdan9285 4 года назад +21

    TBH, I started getting seriously in information security about a year ago, as a university student. I've found my interest in penetration testing and have basic skills to jump into these things. But, every time I learn something new, more I don't know about it. Deep down, I still feel like a noob in terms of knowledge and skill even though I learn many things for the past 7 years little by little. I'm glad you make this video and speak about the ugly truth in cybersecurity.

    • @CristiVladZ
      @CristiVladZ  4 года назад +1

      thanks for sharing your thoughts :)

    • @chintangajera1537
      @chintangajera1537 4 года назад +2

      This is what which makes this field more interesting not a pro tho. But i am exploring for more then 2 years as of now and felt same half a year back. Keep crawling and a suggestion if you don't mind just take big plain sheets and draw concepts like ddos or osi model and many defination like threat, risk , CIA triad on that and stick that in your room and just look that once a week. And you can also compare that old architecture with new released which will help you alot in understanding new technology with ease. This was what i did and it worked for me.
      Good luck :)

  • @faruky9197
    @faruky9197 3 года назад +2

    I see this video 3 month ago and I really upset about my inadequacy it was sound really hard to me starting coding. finally I start 2 months ago and I learned html and css (I know its design language) in this time I realize coding was fun and that motivate me and I am still learning javascript (once I stop learning programming because it was really boring) and soon I will learn nodejs. I am still didn't quit because of learning new things hard and boring. Infact I want to full-stack javascript developer then start bug bounty. I found my way and I am really happy about it I can even spend years programming maybe I will forget starting hacking. thank you Cristi Vlad this video was really helpfull to me I hope the others will start programming. BY the way sorry for my language English is not my native language and I am learning it too :)

    • @CristiVladZ
      @CristiVladZ  3 года назад

      you've just made my day! Good luck in all your future pursuits!

  • @abdilahrf
    @abdilahrf 3 года назад +2

    A lot of fake bugbounty tips in twitter make the beginner keep busy with their oneliner thing and the elite doing the real thing on a bugbounty target and harvest bounty 😂.
    i love this video

  • @FreakinKatGaming
    @FreakinKatGaming 4 года назад +3

    Finally someone who has the right morals! You made my day man! Seriously. You a HBH member

  • @j.b.708
    @j.b.708 4 года назад +4

    i gave up after 3 years just trying to get an entry-level SOC analyst job.

  • @darksekiro6378
    @darksekiro6378 3 года назад +3

    We are all gonna make it brothers,never give up!!

  • @TheTurbotez
    @TheTurbotez 4 года назад +1

    Thank you for this video, I'm just starting out, but there is soooo much beginner stuff out there, someone like me doesn't really know where to go to get some proper learning tools to get into the industry. I will make it to the top, so it's nice to know that if someone can go alone, become competent and get to the top without following the crowd.

  • @ahmedseleman3621
    @ahmedseleman3621 3 года назад +1

    please answer me
    what is the meaning of focusing code aspect of bounty program or security research ???????????

  • @init_6415
    @init_6415 3 года назад

    Deeply thinking about this lately, but then a question rises, where to start, cuz there are somuch to learn then, from dev side from security side and also to keep up with the latest vulnerability

  • @digitox5188
    @digitox5188 2 года назад +1

    And thats why I’ve subscribed channels like this, not big ones bcz everyone is doing that🙂✌️

  • @GGGamesBA
    @GGGamesBA 3 года назад +2

    Came for the ugly truth, stayed for the soothing voice

  • @AnthonyMcqueen1987
    @AnthonyMcqueen1987 4 года назад

    Wow talk about a reality check because i started this Ethical hacker world in May 2020 i sent 4 reports in they were duds my confidence fell threw the floor and i was like a deer in the head wind. I am now taking a step back and learning the foundations of XSS and applying it to the wild and one day hope to earn my first bounty. Of course i dont expect any of this to be easy at all its tough and there are many people out there chasing the same bug. I do listen to other bug hunters take their advise with a grain of salt and apply it to me and see what works and what doesn't. I also been told dont rely on tools and become nothing more than a "Script Kiddie".
    This was a honest video that does not magically coat the world of bug bounties this made me wake up the reality and how i failed to earn anything so i need to figure something out.

    • @CristiVladZ
      @CristiVladZ  4 года назад +1

      It's just a matter of time Anthony. I pounded at it for 10 months to finally finding my first bug.

    • @AnthonyMcqueen1987
      @AnthonyMcqueen1987 4 года назад

      @@CristiVladZ Thanks man for the confidence boost. As a former data scientist I can tell you there is no comparison this is harder but also more fun. I know one day with patience and persistence I will earn my first bounty. Also I am only specializing in one bug not all of them.

  • @dhirajx
    @dhirajx 3 года назад +3

    this is all i wanted to hear.. after months of failed attempts to learn bug bounty hunting, i know where to focus on. those people who says coding isn't important to start, thats a hoax. those people themselves are good coders.

  • @mohammedmokhtar
    @mohammedmokhtar 4 года назад +2

    You are an amazing human being for putting this out like that.

  • @Eddy1A1
    @Eddy1A1 4 года назад +4

    Pretty comprehensive and honest opinions on your vids. Felicitări! 😎

  • @GameNon-Quitters
    @GameNon-Quitters 4 года назад +1

    Finally the best advice ever, at least I think for us beginners who are lurking in Cybersecurity world ! Thanks ! And glad I discovered you!

  • @skytest1247
    @skytest1247 4 года назад +1

    Good video, telling the truth without demotivating and disrespecting someone.
    Learn! Apply! Learn Apply!

  • @danieljaeger2982
    @danieljaeger2982 2 года назад

    what makes me happy is i've already been doing everything he mentioned for a few years now

  • @mihaidinu6637
    @mihaidinu6637 4 года назад +1

    Foarte buna argumentarea, Cristi! Poate cel mai tare aspect al acestui videoclip este ca se aplica multor domenii, nu numai securitatii cibernetice! Like & Subscribe din partea mea! Esti tare, keep going!

    • @CristiVladZ
      @CristiVladZ  4 года назад

      Mersi fain Mihai!

    • @CristiVladZ
      @CristiVladZ  4 года назад

      Apropo cum ai ajuns la video asta?

    • @mihaidinu6637
      @mihaidinu6637 4 года назад +1

      @@CristiVladZ Recomandarile RUclips. Ma intereseaza subiectul, desi ma concentrez mai mult pe AI. Sunt elev intr-a 12-a si video-ul tau m-a motivat si mai mult sa dau la automatica, pentru ca e o concurenta foarte mare in domeniu, chiar si aceasta nisa a securitatii cibernetice.

    • @CristiVladZ
      @CristiVladZ  4 года назад

      @@mihaidinu6637 foarte tare. Mult succes!

    • @mihaidinu6637
      @mihaidinu6637 4 года назад +1

      @@CristiVladZ Multumesc! Numai bine!

  • @SamsuperFc
    @SamsuperFc 4 месяца назад

    This applies to every aspect of the “get rich scheme”. Maturity is when you understand that if getting rich was this easy the entire world would be full of millionaires

  • @jhde9067
    @jhde9067 4 года назад +13

    The one liners beginner courses ugh
    So many are in just for the views and are misleading people like me :(

  • @ભગવતકથાકારશ્રીપ્રમોદભાઈશા

    Hello sir. Which is the best laptop for bug bounty with prosseror and ram???? Plz Suggest me. Sir

    • @jynx3383
      @jynx3383 2 года назад

      Computer does not matter.

  • @onlyacoder
    @onlyacoder 4 года назад +1

    I was almost givin up from that. so something make me watching a last video from a unsubscribed channel and here I am... fullcharged of dopamine again, but genuine dopamine this time like that one what made gohan become super sayajin 2. Thank you bro!

  • @tech_N2999
    @tech_N2999 4 года назад +1

    Its not as hard it appears but I see a few points, but with a little picture here not a whole lotta people work with the security aspect or even know what opensource software is

  • @ekko-h7n
    @ekko-h7n 4 месяца назад +1

    thx you opened my mind about the idea to master js!!!!

  • @imkir4n
    @imkir4n 4 года назад +2

    Thanks for the honest advice, now i get a clear path about where should i start i want to be a webapp pentester so im going to master web development and js first ✌️

    • @thecreator8353
      @thecreator8353 4 года назад +1

      Actually you are the one who has cleared my path, Thanks
      For
      Everything.

    • @imkir4n
      @imkir4n 4 года назад

      @@thecreator8353 yeah ! stay focus

  • @gracia9775
    @gracia9775 2 года назад

    ‘’Remove yourself from the crowd…’’
    The road is really narrow and hard

  • @-hero-5882
    @-hero-5882 4 года назад +1

    I'm building it knowledge in prep not there yet but the info was Def appreciated man

  • @feloi3033
    @feloi3033 3 года назад +1

    i seriously do need help i'm depressed.. ahh i'm about to explode with the thought of what shall i do i'm trying on graphic designing, thinking of getting into ethical hacking and cyber security another here is also related to cyber.. none of the doors are opening for me.. i just graduated highschool and will be joining university i'm really confused on what shall i be studying or stop studying it really harsh ahh MAN!! sorry couldn't find anywhere to express it sorry for my bad grammar

    • @CristiVladZ
      @CristiVladZ  3 года назад

      Take some time off the keyboard and spend it with family, friends and loved ones

  • @adarshanand2073
    @adarshanand2073 3 года назад

    Totally agree with you. Someone I found whom i can relate more - otherwise most of the people who got in security are mainly driven by the money. Interest is the first thing which require in bug bounty. I am pretty sure, people who have interest should have found this true and informative.

  • @harishankarknair995
    @harishankarknair995 2 года назад

    thank you for making this video as a students who is interested and passionate about these topics, this video gave a good insite and direction that i need to follow

  • @Alex492r
    @Alex492r 4 года назад

    How to do it ? Im really stuck right now . I mastered metasploit, kali linux, nmap, almost half of the tools in the industry, it took me 4 hrs everyday for a year, im afraid I'll fail, waste time, how to really start ?!!

  • @nets0und200
    @nets0und200 4 года назад +1

    i stopped hacking and bug bounty hunting when i took a step back and realised that i didn't really enjoy it, i was doing it because i liked the fact that i could call myself a "hacker" even a newbie one, i know its pathetic but i was at that time, trying to find myself, maybe one of you are right now in the same situation that i was, think about it guys.

    • @thwahirmahammed4334
      @thwahirmahammed4334 4 года назад

      Oops I'm new in cybersec and i felt demotivated by seeing this😅

    • @nets0und200
      @nets0und200 4 года назад

      @@thwahirmahammed4334 sorry for that, this isn't the goal of my comment but really ask yourself this question not only in bug bounty hunting but other areas of your life too :)

    • @thwahirmahammed4334
      @thwahirmahammed4334 4 года назад

      ☺️👍

    • @thwahirmahammed4334
      @thwahirmahammed4334 4 года назад

      @@nets0und200 bro can i ask one doubt that's some long sentence?

    • @nets0und200
      @nets0und200 4 года назад

      @@thwahirmahammed4334 go ahead

  • @mrfox6662
    @mrfox6662 3 года назад

    I still think the thing I'm struggling with the most is understanding how to get into hacking. Me and a team of my friends want to start bug bountys however we need to learn more, and knowing all the terminology and functions and stuff is so hard.

    • @CristiVladZ
      @CristiVladZ  3 года назад

      you dont need to learn more, just do

  • @dezneye
    @dezneye 4 года назад +2

    A lot of people are driven into bugbounty feeling like its some short of free dollars coupons

  • @kksarnasarna5996
    @kksarnasarna5996 4 года назад +2

    holy shit dude, u just said what i was thinking for like months , i just didnt had the correct words , thanks for clearing it up for me and everyone else

  • @tiago2946
    @tiago2946 3 года назад

    Just found out your channel and you definitely have my attention.

  • @arjunsharma3248
    @arjunsharma3248 4 года назад +2

    Been thinking the same thing lately. I got to have a unique look at the scenario to strike out.

  • @shreyabanerjee1684
    @shreyabanerjee1684 4 года назад +1

    Hey Cristi can you tell me how much networking knowledge is needed for bug bounty...though I know networking a little more but I'm interested in that area too..
    Nice video👍❤️

    • @CristiVladZ
      @CristiVladZ  4 года назад

      You'd go a long way mastering networking

  • @myself.mohammed.ibrahim
    @myself.mohammed.ibrahim 4 года назад +2

    Thank you so much bro for helping me out....!!!
    Appreciate your honesty!!!!

  • @jesalpatel2270
    @jesalpatel2270 4 года назад +1

    Thanks man! You are truly an honest man. As u said You need to be different from others that hit me differently. 💯🥂

  • @DeathWhisper103
    @DeathWhisper103 Год назад

    Hi I love cyber security stuff and sth like this and I wanted to learn but i don't know how much can I make from it I don't know what I have to do and I have to make a decision and my friends are telling me to learn AI and start to learn AI and i don't know what to do heart says learn cyber security but brain says learn AI

  • @axelanderson2030
    @axelanderson2030 2 года назад +7

    I think the biggest thing people overlook is that in order to exploit a computer, you need to understand the computer. I was very lucky, coming in with extensive knowledge of windows, Linux, python, bash, SQL and html, as well as years of experience. However, I think it's fundamental to understand networking, Linux, windows and a programming language before you should even consider anything to do with hacking

  • @Natsu6000
    @Natsu6000 2 года назад

    Hi, i wanted to know if a job in IT first is good, i'm at the lvl 2 support in an company and i think understanding all the networking first is good, i'm learning programming and i learn on try hack me, hack the box/Root me, any advices ?

  • @craigofficial
    @craigofficial 4 года назад +8

    and also there is that everyone that we all kinda competing with. and guys doing most work auto, bruh..

  • @cameronball3998
    @cameronball3998 4 года назад +2

    Just hoping my CS degree is worth it lol. Sitting in a Data Structures class doesn’t seem worth it while you’re doing it but I know it’ll pay off in the long run

  • @dave4290
    @dave4290 4 года назад +1

    One of the most honest videos on youtube i've ever seen

  • @LuckyPatel
    @LuckyPatel 4 года назад +1

    Be unique, make your own path, don't get into trap of advertised online courses of other sites, follow right people , and don't feel shame in asking easy methods too ,
    Every Night on bed ask yourself what you've learnt , it pushes you next day

    • @CristiVladZ
      @CristiVladZ  4 года назад

      introspection and retrospection are key

  • @mah3sec
    @mah3sec 4 года назад +1

    In india almost 80k bug hunters created there profile on bugcrowd in 2019-2020 that happened because some silly hunters and institution providing such stupid courses in which they giving there students unresolved reports for points . Cheap courses in 500rs, 2000rs. Like courses are easily available in which they don't clear the basics and start directly with reporting and provide Vulnerability templates , automated tools, onliner and I'm against this type of institutes & trainers

  • @jabcoanthoco4056
    @jabcoanthoco4056 4 года назад +3

    I thought this was going to be about finding rare insects

  • @stephan4932
    @stephan4932 4 года назад +2

    I am not doing any of these things..
    I can't get my router to work properly...
    Please.. Don't hack me 😬

  • @saptaksaha1702
    @saptaksaha1702 4 года назад

    The most Realistic video about bug bounty or cyber sec... appreciate your calm boldness👍👍❤

  • @vin-goldi
    @vin-goldi 4 года назад

    Well, don't do any coding or hacking at all unless your motivation comes 90% from the excitement of the moment when you press enter and find out if what you did or thought makes something work - or break. In my experience, people that don't feel that excitement never make it anywhere in informatics. Can be tested easily by letting a person compile Hello World, then tell them to change something and recompile.

  • @slayerssquad6744
    @slayerssquad6744 4 года назад +1

    ONE THING TO UNDERSTAND the reason why many people don't do that because of errors not hard working

  • @francosalina9373
    @francosalina9373 4 года назад

    What do u think bout certifications like Ceh?

  • @samerbouhajja2411
    @samerbouhajja2411 4 года назад

    honestly, got carried away with the good old fashion marketing going on about cyber security for a while, to only find out it was just a boring job like any other, you will end up doing 9 to 5 daily tasks looking for bugs and get paid like any other dude in the industry. they will make it sound cool cause they have a gap and its well paid cause they dont have enough people doing it thats why they wanna make it look like the best opportunity , so they can pay less for the same task and have enough specialised manpower to get rid of you anytime they want

  • @malwarecopter4440
    @malwarecopter4440 4 года назад +1

    Teaching about something is the best business regardless if the teachers themselves applies it practically in the real world

  • @reizhustenistdoof
    @reizhustenistdoof 4 года назад

    The field being full of skids is exactly what made me become a blue teamer instead of a red teamer. I feel like its less bad there

  • @iiVitality
    @iiVitality 4 года назад +4

    3:36
    a yes i see you using hacker typer like an intellectual on the right screen

  • @LesserpandaDE
    @LesserpandaDE 4 года назад

    I think reading about vulnabilities helps. I gives you an inside whats possible and how it was achived.
    And it keeps you up to date to the latest vulns.
    But tbh im more a security awareness / SysAdmin, maybe thats why I see it that way.

    • @CristiVladZ
      @CristiVladZ  4 года назад

      If you're talking about vulnerability reports, it's very hard to find legit ones. Most are highly redacted...

  • @w3w3w3
    @w3w3w3 4 года назад +1

    Very nice and well put! So true. =D

  • @jw1ck
    @jw1ck 2 года назад

    Hey Cristi. I’ve been watching this video religiously for a week to motivate me in my studying of webapp hacking. This video made me feel sane after seeing friends make an extra $10k a month in bug bounties seemingly with low effort. I was wondering if you wouldn’t mind elaborating on developing a skillset. You gave 3 good examples in your video but I was wondering if you could provide some more? What kinds of skills does someone try to improve unlike everyone? For example, in getting great at SQLi? Does it really help to create your own database and use it like you were a developer, so you can then understand how to break it? Or is your time better spent elsewhere? Sorry it’s a long question. Thanks brotha.

    • @CristiVladZ
      @CristiVladZ  2 года назад +1

      I think one of the greatest skills one can develop is going deep

    • @jw1ck
      @jw1ck 2 года назад

      @@CristiVladZ Knowing so much that the likelihood of you succeeding is greater than the likelihood of you failing. Thank you dude. I really appreciate the reply.

  • @mohammedalmahdialjeafry8155
    @mohammedalmahdialjeafry8155 4 года назад

    just a second to be a hacker i need to be a programmer ? i am a programmer (i will not say that i am good at programming but i can create a Application in the way that required from me) . but still i have no clue about hacking .is that mean i am missing some thing or that iam just not good as programmer as i think .thanks for informative video