Recon in Cybersecurity course: bit.ly/cybersecrecon Python for Pentesters course: bit.ly/2I0sRkm Python Basics course: bit.ly/37cmhlx Hands-On Training with PentesterLab PRO: bit.ly/awesomepentester For coaching in pentesting and bug bounty: dgtsec.com/cybersec-pentesting-training/
actually im too stuck in some bullshit and make that mistake again and again, almost 2 year(1 and 8 months) of my time i waste on some f-vid , in late 2019 i stated again but this time i have a goal , being a 'pen tester' currently im not learning too much , only a hour or so, but now im asking myself , what i want to be, bc now i realize how IT is big, and i just need some tips, sorry for my poor English/comment bye
@l , that's the most solid advice I ever got. However, you said bare metal and I feel like I know what you mean but I really need to be exact on what you mean. You mean make install Kali on a dedicated device as the only OS. A dedicated Kali Linux machine basically?
"The never ending beginner courses"- The most truth you've told. Internet is full of beginner things, because those instructors don't know above beginner level. The pro levels are busy with their work, they don't show off
not because the instructors but influencer, those ppl are just exploited for money so they keep attached to that "beginner content" keep buying courses/merch, instructor and influencer is different, there is a lot of harvard free youtube that teach u IT but nobody interested their vid always boring because that is the point of learning IT field, u need to get used to boring/frustate stuff cybersec or not they are just matter of creativity, instead of doing hacking u ppl make IT memes, being edgy, keep learning the same courses and procastinating, if they actually support ur productivity u might be most likely less attached to them/problaby quit the community because u gain more, if u were not, that is bad influence.
@@CristiVladZ Eh, it's good, but it helped me see how far ahead I am than most cysec people because I am interested in operating systems and tinkering, and not the abstract idea of 'cybersecurity'. I originally started out in cysec, but in doing that I found a new passion in OS development, too the point that I'm trying too create my own OS on top of a microkernal I like. All these people are doing are learning crap like Hack the box. All that canned shit is going too do is teach you how too be a soydev script kiddie. Instead of doing all that, install gentoo, become a power-user, make your own server, practicing hardening and attacking it. *Thats* how you get good. If you want too be a good Cysec guy, you *must* be very passionate about computers for computers. I don't even do this for a job, its just a hobby, you must be at that level too actully succeed.
@@thegreatnihil7854 Wow, ive never seen a gate-keeping/humble-brag hybrid before, your statements are not entirely true, there's many roads to success, just look at the diverse background and skillset of the most prolific hackers on hackerones leaderboard and listen to their journey into cybersec - some were deliberate, someone were completely by chance, and some were just tinkerers from a young age . And also, you don't need passion to succeed in this, that's something that's constantly regurgitated by people in cybersec and comp-sci (looking at you game-devs) you need hard-work, perseverance and a good foundation to build upon, passion is a bonus but definitely not a prereq for success. P.S almost every "l337" starts off as a script-kiddie.
I recently decided to stop reproducing steps from tweets or hacktivities on random targets and start studying android app development and thus go into android app hacking. On watching this video I'm more motivated. Thank u
This is the actual Truth about Bug bounty, Many peoples Mostly teens join this field because it is low barrier and think they can also find bugs like that person on Twitter who said "RCE in 10 min", "P1 in 5 min" all these guys show there Reward like they got xxxx$ bounty but never reveal how much they worked for that 5 min finding how much time they spend for that 10 min RCE, i don't know but many people mostly popular hackers on social media Represent this field as something Fancy rather than showing how hard it is................
So true, me as someone that owns a software company and writes code every day, working with different languages and tools. I feel like finding out many details and problems about the things you are hacking, such as reading and fully understanding how things work at a low level is so valuable. Its true, the experts are busy working, be it hackers or programmers, this industry needs people that are ever evolving towards being better and thats why so many dont make it.
I'm studying to become a fullstack developer to get just enough to pay for my rent and live by myself. Then I will keep learning to become something better. Your advice is so much true. The more boring is the content that we are currently studying, the less people will do it, and the more we might get payed for it. Don't ever give up.
@@Maxim_Kulakov I learned a lot. Working for a startup now. Revenue is decent. I must have applied to 2k jobs and got rejected by almost all of them. I feel bad for anyone starting now.
ALL that has been said in this video is 1000% correct. I can vouch for that. BBH is apparently HARD. From my experience as a person who has started doing it quite some time ago, it requires LOTS of up-skilling. Those who say that BBHing does NOT require programming knowledge, then I will tell you that they are LYING. This is a very-well put together video of some hard facts to digest. Thanks for making it. Keep'em coming. Cheers!!
Oh good someone finally said it. Honestly I have several years as a pentester and thus can focus on lesser known bugs/quirks, and write my own custom recon scripts and wordlists and still sometimes struggle a bit to find a bug. The idea you can learn how XSS works and then run a 3 line bash script to find a bunch of XSS bugs stopped being viable in like 2012
@@CristiVladZ Thanks for the offer! I'm not really well versed on the whole youtube video making dynamic right now but am planning on making some educational content in the future. If it kicks off would love to do a collab! Either way thanks for actually telling it how it is, earned a sub from me.
So true. I think this applies for a lot of things on social media that promise big payouts fast. We are so used to instant gratification, we see a bug bounty video and think "Hey I could do that too!". People don't realize the time and effort (and expertise) it takes to find even one bug. I admire people who do this and put the work in, I am a programmer myself. But I have realized that I don't have the motivation and dedication to be one of these guys. I have other projects and skills that interest me, which are easier for me to work on in the long run. Great video!
The most honest video, there was a teacher from a US university who mentioned what you've said during a talk and one of his slowest student ended up becoming a key player because he was writing down on paper to visualise all of his attacks/defense code to be executed before putting them into practice, correcting them and fine tuning them which has paid off because his knowledge is invaluable now.
Realest vid on bounties ever. Too many people watching the regular type of vids expecting to become millionaires overnight. Well done for adding perspective 👏
This is something I've been having in the back of my mind for quite some time... When it comes to Web App bug bounty hunting the secret lies in being a full stack web dev and dominating multiple popular stacks. Thanks for that.
I am so happy I found this video. Actually I recently stopped spending time on the mentioned programs and instead started learning the languages js, python, php. And listening it from expert makes me happy to be in right direction. Thanks🌹
Hi, @Cristi Vlad, thank you for sharong, I like to ask is there possible to learn JS, Bash, Python in 1 year, if possible how many hours do you suggest we spend to learn those language per day, thank you
I am learning and very much engaged in security for about 6 months, and i fell in love with it, i now know my passion, but again i am struggling cause there is no straight path, i am practising from these beginners platform but your video made sense, i will try things now differently, i will do whatever it takes to reach that level, cause i love hacking.
Damn i knew this but not found anyone telling about this, you told it and you are my Hero now. But surely you have saved the time of over 19k viewers, you are definitely going to heaven.
this is true for almost every position related to software engineering, as a self taught web dev myself I know the road is long and lonely. At first I obsessed over the latest "best practices" like it was the words of RNGsus himself but in doing so I took a back seat in the development of my own applications which always made me feel like a beginner. I'm glad to say I broke out of that loop by creating something on my own, it's like removing the stabilisers on your bike for the first time as a child, you almost don't even realise how fast you're going until you turn a sharp corner and crash... That's the moment that defines you, do you get your hands back on the handlebars? or just lie there crying on the roadside?
Yup this is the explanation I was looking for. I started learning the basics of programming as well as Linux. I also used and Kali Linux and messed around with it by watching a lot of RUclips tutorials. This was all done in the past 2 years during my side job. But I gotta say right now I am nowhere near where I want to be in this field. I'm considering switching my goals but I will give it one last go by studying for the oscp cert which definitely is a real one. I'm glad you made this video, cyber security is a maze in which you need to match the pieces. Just takes time but if it don't match then then it's not worth wasting time.
You are absolutely right. Although, I am a newbie but I have this same goal to find bugs (like business logics error, idor etc) for a specific amount of time and then instead of being sticking to this loop, move on to learn new technologies, tools, programming languages. The idea behind learning all of this is to find some big peice of meat, to automate repeatitive tasks, to build something and so on.
Ive found some leaks and ended up getting a P2 on bugcrowd, which allowed me to find more bugs using the same long hanging fruit technique, and i was unable to find something more technical since the findings were made using google dorks, then tried to find more "advanced" bugs however, the lack of technical knowledge was like a brickwall, now im doing a fullstack course, to understand from the dev side and learn new skills. And theres also another big important side, which is time, usually i preffer working on upwork for example, than waste hours on bug bounty with no pay.
My favorites when a vetted black hat puts an 0day up for sale on forum somewhere on the net, then before being archived all traces deleted then hackerone has some "Magical out of nowhere person who gets a nice payout for s bounty that was never even posted to begin with but it's the same 0day you randomly ran into on that random forum" priceless. Brings a tear to my eye. They grow up so fast. So proud
This is was so accurate and well worded. I've seen a huge amount of posts in various communities of people following the path of x, y, z. to get into bug bounty with a goal of pursuing it full time and it's just not realistic for most people.
I don't know which person disliked it but if I could, I would give this video a 1000 likes. Very well said. I have been doing hunting for 2 years but I have always felt that I am not improving. Time to deep dive on each topic and make our own hunting style
What a lot of people don't understand, is that you need to start by knowing programming in various languages AND be able to make any kind of program you want, to THEN try to use that knowledge to find vulnerabilities. If you don't know how to program and what are the best practices of programming / most common design patterns, you'll never be able to do anything.
OMG! one of the greatest advice that I could ever received. thank you so much mate. I am currently a web developer so as you said, maybe its good for me to start on security source code reviewer since that is what I do most everyday staring at the source code of my team doing code review but not on security aspect. honestly, I am really weak at doing black box testing. so maybe focusing on my strength first will do the job? cheers
Basically become a web app developer(no need to be as good as a pro dev. Just know OOP and basics of software design) to become a web app hacker. You never know what mistakes devs can make unless you think like one. Learn system languages and programming plus some assembly and hardware if you want to write your own malware or crack/reverse engineer software Learn networking as much as at least CCNA/network+ but the more you know the better since most security breaches are exploited remotely thus networking knowledge is key. If you had to choose one field to master i guess better chose this one. Learn how CCTV cameras work to come up with a way to hack them. All the available exploits and hackme tricks are public knowledge and patched already, companies need people who can come up with their own exploits so following online tuts gives you the basics but that's it. You can't possible live long enough to master all those topics so pick 1 or two to master and learn the basics of the rest. Do you guys agree?
So true. I never completed a single lab or ctf but i still manage to find bugs every month and im happy with it. I just dont want to spend my time doing what everybody does. Why have to learn same thing that everyone is learning when i can learn alot more from google.
@@nikhilt3755 lol when did i say that I'm different from others. Everyone is finding bugs yes true. Why the fuck people want to be limited when they can learn so much from the internet instead of wasting money(yes there are free ones also). I'm not saying people are wasting their time by doing ctf,labs etc. I just said my thing not yours. Please grow up. In some case everyone is beg bounty hunter how come you can say you're not.
Nice work. How did you learn? Cuz I can see there are several types of bugs. Also do you concentrate one a few types of bugs or you check for everything.
@@rujotheone you can use tools for that in beginning but try doing that manually. You can use portswigger.net and also hackerone you can get good web security knowledge on those website.
TBH, I started getting seriously in information security about a year ago, as a university student. I've found my interest in penetration testing and have basic skills to jump into these things. But, every time I learn something new, more I don't know about it. Deep down, I still feel like a noob in terms of knowledge and skill even though I learn many things for the past 7 years little by little. I'm glad you make this video and speak about the ugly truth in cybersecurity.
This is what which makes this field more interesting not a pro tho. But i am exploring for more then 2 years as of now and felt same half a year back. Keep crawling and a suggestion if you don't mind just take big plain sheets and draw concepts like ddos or osi model and many defination like threat, risk , CIA triad on that and stick that in your room and just look that once a week. And you can also compare that old architecture with new released which will help you alot in understanding new technology with ease. This was what i did and it worked for me. Good luck :)
I see this video 3 month ago and I really upset about my inadequacy it was sound really hard to me starting coding. finally I start 2 months ago and I learned html and css (I know its design language) in this time I realize coding was fun and that motivate me and I am still learning javascript (once I stop learning programming because it was really boring) and soon I will learn nodejs. I am still didn't quit because of learning new things hard and boring. Infact I want to full-stack javascript developer then start bug bounty. I found my way and I am really happy about it I can even spend years programming maybe I will forget starting hacking. thank you Cristi Vlad this video was really helpfull to me I hope the others will start programming. BY the way sorry for my language English is not my native language and I am learning it too :)
A lot of fake bugbounty tips in twitter make the beginner keep busy with their oneliner thing and the elite doing the real thing on a bugbounty target and harvest bounty 😂. i love this video
Thank you for this video, I'm just starting out, but there is soooo much beginner stuff out there, someone like me doesn't really know where to go to get some proper learning tools to get into the industry. I will make it to the top, so it's nice to know that if someone can go alone, become competent and get to the top without following the crowd.
Deeply thinking about this lately, but then a question rises, where to start, cuz there are somuch to learn then, from dev side from security side and also to keep up with the latest vulnerability
Wow talk about a reality check because i started this Ethical hacker world in May 2020 i sent 4 reports in they were duds my confidence fell threw the floor and i was like a deer in the head wind. I am now taking a step back and learning the foundations of XSS and applying it to the wild and one day hope to earn my first bounty. Of course i dont expect any of this to be easy at all its tough and there are many people out there chasing the same bug. I do listen to other bug hunters take their advise with a grain of salt and apply it to me and see what works and what doesn't. I also been told dont rely on tools and become nothing more than a "Script Kiddie". This was a honest video that does not magically coat the world of bug bounties this made me wake up the reality and how i failed to earn anything so i need to figure something out.
@@CristiVladZ Thanks man for the confidence boost. As a former data scientist I can tell you there is no comparison this is harder but also more fun. I know one day with patience and persistence I will earn my first bounty. Also I am only specializing in one bug not all of them.
this is all i wanted to hear.. after months of failed attempts to learn bug bounty hunting, i know where to focus on. those people who says coding isn't important to start, thats a hoax. those people themselves are good coders.
Foarte buna argumentarea, Cristi! Poate cel mai tare aspect al acestui videoclip este ca se aplica multor domenii, nu numai securitatii cibernetice! Like & Subscribe din partea mea! Esti tare, keep going!
@@CristiVladZ Recomandarile RUclips. Ma intereseaza subiectul, desi ma concentrez mai mult pe AI. Sunt elev intr-a 12-a si video-ul tau m-a motivat si mai mult sa dau la automatica, pentru ca e o concurenta foarte mare in domeniu, chiar si aceasta nisa a securitatii cibernetice.
This applies to every aspect of the “get rich scheme”. Maturity is when you understand that if getting rich was this easy the entire world would be full of millionaires
I was almost givin up from that. so something make me watching a last video from a unsubscribed channel and here I am... fullcharged of dopamine again, but genuine dopamine this time like that one what made gohan become super sayajin 2. Thank you bro!
Its not as hard it appears but I see a few points, but with a little picture here not a whole lotta people work with the security aspect or even know what opensource software is
Thanks for the honest advice, now i get a clear path about where should i start i want to be a webapp pentester so im going to master web development and js first ✌️
i seriously do need help i'm depressed.. ahh i'm about to explode with the thought of what shall i do i'm trying on graphic designing, thinking of getting into ethical hacking and cyber security another here is also related to cyber.. none of the doors are opening for me.. i just graduated highschool and will be joining university i'm really confused on what shall i be studying or stop studying it really harsh ahh MAN!! sorry couldn't find anywhere to express it sorry for my bad grammar
Totally agree with you. Someone I found whom i can relate more - otherwise most of the people who got in security are mainly driven by the money. Interest is the first thing which require in bug bounty. I am pretty sure, people who have interest should have found this true and informative.
thank you for making this video as a students who is interested and passionate about these topics, this video gave a good insite and direction that i need to follow
How to do it ? Im really stuck right now . I mastered metasploit, kali linux, nmap, almost half of the tools in the industry, it took me 4 hrs everyday for a year, im afraid I'll fail, waste time, how to really start ?!!
i stopped hacking and bug bounty hunting when i took a step back and realised that i didn't really enjoy it, i was doing it because i liked the fact that i could call myself a "hacker" even a newbie one, i know its pathetic but i was at that time, trying to find myself, maybe one of you are right now in the same situation that i was, think about it guys.
@@thwahirmahammed4334 sorry for that, this isn't the goal of my comment but really ask yourself this question not only in bug bounty hunting but other areas of your life too :)
I still think the thing I'm struggling with the most is understanding how to get into hacking. Me and a team of my friends want to start bug bountys however we need to learn more, and knowing all the terminology and functions and stuff is so hard.
holy shit dude, u just said what i was thinking for like months , i just didnt had the correct words , thanks for clearing it up for me and everyone else
Hey Cristi can you tell me how much networking knowledge is needed for bug bounty...though I know networking a little more but I'm interested in that area too.. Nice video👍❤️
Hi I love cyber security stuff and sth like this and I wanted to learn but i don't know how much can I make from it I don't know what I have to do and I have to make a decision and my friends are telling me to learn AI and start to learn AI and i don't know what to do heart says learn cyber security but brain says learn AI
I think the biggest thing people overlook is that in order to exploit a computer, you need to understand the computer. I was very lucky, coming in with extensive knowledge of windows, Linux, python, bash, SQL and html, as well as years of experience. However, I think it's fundamental to understand networking, Linux, windows and a programming language before you should even consider anything to do with hacking
Hi, i wanted to know if a job in IT first is good, i'm at the lvl 2 support in an company and i think understanding all the networking first is good, i'm learning programming and i learn on try hack me, hack the box/Root me, any advices ?
Just hoping my CS degree is worth it lol. Sitting in a Data Structures class doesn’t seem worth it while you’re doing it but I know it’ll pay off in the long run
Be unique, make your own path, don't get into trap of advertised online courses of other sites, follow right people , and don't feel shame in asking easy methods too , Every Night on bed ask yourself what you've learnt , it pushes you next day
In india almost 80k bug hunters created there profile on bugcrowd in 2019-2020 that happened because some silly hunters and institution providing such stupid courses in which they giving there students unresolved reports for points . Cheap courses in 500rs, 2000rs. Like courses are easily available in which they don't clear the basics and start directly with reporting and provide Vulnerability templates , automated tools, onliner and I'm against this type of institutes & trainers
Well, don't do any coding or hacking at all unless your motivation comes 90% from the excitement of the moment when you press enter and find out if what you did or thought makes something work - or break. In my experience, people that don't feel that excitement never make it anywhere in informatics. Can be tested easily by letting a person compile Hello World, then tell them to change something and recompile.
honestly, got carried away with the good old fashion marketing going on about cyber security for a while, to only find out it was just a boring job like any other, you will end up doing 9 to 5 daily tasks looking for bugs and get paid like any other dude in the industry. they will make it sound cool cause they have a gap and its well paid cause they dont have enough people doing it thats why they wanna make it look like the best opportunity , so they can pay less for the same task and have enough specialised manpower to get rid of you anytime they want
I think reading about vulnabilities helps. I gives you an inside whats possible and how it was achived. And it keeps you up to date to the latest vulns. But tbh im more a security awareness / SysAdmin, maybe thats why I see it that way.
Hey Cristi. I’ve been watching this video religiously for a week to motivate me in my studying of webapp hacking. This video made me feel sane after seeing friends make an extra $10k a month in bug bounties seemingly with low effort. I was wondering if you wouldn’t mind elaborating on developing a skillset. You gave 3 good examples in your video but I was wondering if you could provide some more? What kinds of skills does someone try to improve unlike everyone? For example, in getting great at SQLi? Does it really help to create your own database and use it like you were a developer, so you can then understand how to break it? Or is your time better spent elsewhere? Sorry it’s a long question. Thanks brotha.
@@CristiVladZ Knowing so much that the likelihood of you succeeding is greater than the likelihood of you failing. Thank you dude. I really appreciate the reply.
just a second to be a hacker i need to be a programmer ? i am a programmer (i will not say that i am good at programming but i can create a Application in the way that required from me) . but still i have no clue about hacking .is that mean i am missing some thing or that iam just not good as programmer as i think .thanks for informative video
Recon in Cybersecurity course: bit.ly/cybersecrecon
Python for Pentesters course: bit.ly/2I0sRkm
Python Basics course: bit.ly/37cmhlx
Hands-On Training with PentesterLab PRO: bit.ly/awesomepentester
For coaching in pentesting and bug bounty: dgtsec.com/cybersec-pentesting-training/
thanks for your kind word, my dear sir(senpai-san)
love from "#BHAI"
actually im too stuck in some bullshit and make that mistake again and again, almost 2 year(1 and 8 months) of my time i waste on some f-vid , in late 2019 i stated again but this time i have a goal , being a 'pen tester' currently im not learning too much , only a hour or so, but now im asking myself , what i want to be, bc now i realize how IT is big, and i just need some tips, sorry for my poor English/comment bye
It's true !!!
My problem is getting started to learn the programming languages first.
@l , that's the most solid advice I ever got. However, you said bare metal and I feel like I know what you mean but I really need to be exact on what you mean. You mean make install Kali on a dedicated device as the only OS. A dedicated Kali Linux machine basically?
"The never ending beginner courses"- The most truth you've told. Internet is full of beginner things, because those instructors don't know above beginner level. The pro levels are busy with their work, they don't show off
Ain't that right?!
No bug hunter who have earned 40 million have also course abiut bug bounty
not because the instructors but influencer, those ppl are just exploited for money so they keep attached to that "beginner content" keep buying courses/merch, instructor and influencer is different, there is a lot of harvard free youtube that teach u IT but nobody interested their vid always boring because that is the point of learning IT field, u need to get used to boring/frustate stuff cybersec or not they are just matter of creativity, instead of doing hacking u ppl make IT memes, being edgy, keep learning the same courses and procastinating, if they actually support ur productivity u might be most likely less attached to them/problaby quit the community because u gain more, if u were not, that is bad influence.
@@werren894 Hello, "here is a lot of harvard free youtube that teach u IT " can you tell me where can i find that?
@@camila3110 CS 50
Probably the only HONEST RUclips about bug bounty advice I ever saw..
thank you
@@CristiVladZ no thank you
For realistic views .
@@CristiVladZ Eh, it's good, but it helped me see how far ahead I am than most cysec people because I am interested in operating systems and tinkering, and not the abstract idea of 'cybersecurity'.
I originally started out in cysec, but in doing that I found a new passion in OS development, too the point that I'm trying too create my own OS on top of a microkernal I like.
All these people are doing are learning crap like Hack the box. All that canned shit is going too do is teach you how too be a soydev script kiddie.
Instead of doing all that, install gentoo, become a power-user, make your own server, practicing hardening and attacking it. *Thats* how you get good. If you want too be a good Cysec guy, you *must* be very passionate about computers for computers. I don't even do this for a job, its just a hobby, you must be at that level too actully succeed.
@@thegreatnihil7854 Wow, ive never seen a gate-keeping/humble-brag hybrid before, your statements are not entirely true, there's many roads to success, just look at the diverse background and skillset of the most prolific hackers on hackerones leaderboard and listen to their journey into cybersec - some were deliberate, someone were completely by chance, and some were just tinkerers from a young age . And also, you don't need passion to succeed in this, that's something that's constantly regurgitated by people in cybersec and comp-sci (looking at you game-devs) you need hard-work, perseverance and a good foundation to build upon, passion is a bonus but definitely not a prereq for success.
P.S almost every "l337" starts off as a script-kiddie.
What did he told ?
I couldn't understand.
"Become someone unlike everyone" damn that hit hard
the whole point :)
Im gonna put it in my fb bio
this guy is speaking facts.
I recently decided to stop reproducing steps from tweets or hacktivities on random targets and start studying android app development and thus go into android app hacking. On watching this video I'm more motivated. Thank u
This is what I'm talking about!
Same here!
Damn that's inspiring :)
Honestly I find android apps to be so much easier to find vulns in for the simple reason it's hard to get into and everyone ignores it
This is the actual Truth about Bug bounty, Many peoples Mostly teens join this field because it is low barrier and think they can also find bugs like that person on Twitter who said "RCE in 10 min", "P1 in 5 min" all these guys show there Reward like they got xxxx$ bounty but never reveal how much they worked for that 5 min finding how much time they spend for that 10 min RCE, i don't know but many people mostly popular hackers on social media Represent this field as something Fancy rather than showing how hard it is................
Well said!
This!
I commented on a video last time saying that hacking is hard and nobody really tells you that.
So true, me as someone that owns a software company and writes code every day, working with different languages and tools. I feel like finding out many details and problems about the things you are hacking, such as reading and fully understanding how things work at a low level is so valuable. Its true, the experts are busy working, be it hackers or programmers, this industry needs people that are ever evolving towards being better and thats why so many dont make it.
I'm studying to become a fullstack developer to get just enough to pay for my rent and live by myself. Then I will keep learning to become something better. Your advice is so much true. The more boring is the content that we are currently studying, the less people will do it, and the more we might get payed for it. Don't ever give up.
I'm a security student but I'm too learning full stack on the side
@@HK-sw3vi What is it like being a security student?.
How's it going?
@@Maxim_Kulakov I learned a lot. Working for a startup now. Revenue is decent. I must have applied to 2k jobs and got rejected by almost all of them. I feel bad for anyone starting now.
ALL that has been said in this video is 1000% correct. I can vouch for that. BBH is apparently HARD. From my experience as a person who has started doing it quite some time ago, it requires LOTS of up-skilling. Those who say that BBHing does NOT require programming knowledge, then I will tell you that they are LYING. This is a very-well put together video of some hard facts to digest. Thanks for making it. Keep'em coming. Cheers!!
Oh good someone finally said it. Honestly I have several years as a pentester and thus can focus on lesser known bugs/quirks, and write my own custom recon scripts and wordlists and still sometimes struggle a bit to find a bug. The idea you can learn how XSS works and then run a 3 line bash script to find a bunch of XSS bugs stopped being viable in like 2012
If you want to collab, send me a message
@@CristiVladZ Thanks for the offer! I'm not really well versed on the whole youtube video making dynamic right now but am planning on making some educational content in the future. If it kicks off would love to do a collab! Either way thanks for actually telling it how it is, earned a sub from me.
@@-bubby9633 I'm not talking about RUclips, but hunting
So true. I think this applies for a lot of things on social media that promise big payouts fast. We are so used to instant gratification, we see a bug bounty video and think "Hey I could do that too!". People don't realize the time and effort (and expertise) it takes to find even one bug. I admire people who do this and put the work in, I am a programmer myself. But I have realized that I don't have the motivation and dedication to be one of these guys. I have other projects and skills that interest me, which are easier for me to work on in the long run.
Great video!
The most honest video, there was a teacher from a US university who mentioned what you've said during a talk and one of his slowest student ended up becoming a key player because he was writing down on paper to visualise all of his attacks/defense code to be executed before putting them into practice, correcting them and fine tuning them which has paid off because his knowledge is invaluable now.
that's interesting. thanks for sharing
@@CristiVladZ I've found the link, watch this ruclips.net/video/6vj96QetfTg/видео.html & attack.mitre.org
A great saying I once heard and tried to apply that to every aspect of life: "To live like no one else, you have to start living like no one else"
Realest vid on bounties ever. Too many people watching the regular type of vids expecting to become millionaires overnight. Well done for adding perspective 👏
thanks Chris. cheers ;)
To be honest this video make me wake up
In what sense?
@@CristiVladZ I just mean good advice
This is something I've been having in the back of my mind for quite some time... When it comes to Web App bug bounty hunting the secret lies in being a full stack web dev and dominating multiple popular stacks. Thanks for that.
Yeah dude you should become a web developer then you will understand
I am so happy I found this video. Actually I recently stopped spending time on the mentioned programs and instead started learning the languages js, python, php. And listening it from expert makes me happy to be in right direction. Thanks🌹
Glad it was helpful!
Hi, @Raghav Gupta, will you share which platform you learn Js, bash, python and PHP, thank you
Hi, @Cristi Vlad, thank you for sharong, I like to ask is there possible to learn JS, Bash, Python in 1 year, if possible how many hours do you suggest we spend to learn those language per day, thank you
I like honesty. Refreshing to hear someone like you. You covered it a way others don't. I might consider subscribing but will look for more first.
Glad you liked it
Thank you for the wake up call. I appreciate the honesty. It's going to take real work to that level. Was happy to hear that 'Time is on your side'.
Those advices are precious! To be honest I tried to reject them to encourage my self but now I need to be more determine
good luck
I am learning and very much engaged in security for about 6 months, and i fell in love with it, i now know my passion, but again i am struggling cause there is no straight path, i am practising from these beginners platform but your video made sense, i will try things now differently, i will do whatever it takes to reach that level, cause i love hacking.
This is the spirit
Damn i knew this but not found anyone telling about this, you told it and you are my Hero now. But surely you have saved the time of over 19k viewers, you are definitely going to heaven.
i sure hope so :)
Good gosh, what an eye opener video. Thanks for making it and then subsequently sharing it with everyone to see. I appreciate it.
this is true for almost every position related to software engineering, as a self taught web dev myself I know the road is long and lonely. At first I obsessed over the latest "best practices" like it was the words of RNGsus himself but in doing so I took a back seat in the development of my own applications which always made me feel like a beginner. I'm glad to say I broke out of that loop by creating something on my own, it's like removing the stabilisers on your bike for the first time as a child, you almost don't even realise how fast you're going until you turn a sharp corner and crash... That's the moment that defines you, do you get your hands back on the handlebars? or just lie there crying on the roadside?
well said my friend. Thanks for the intervention!
currently learning this the hard way, started web dev 4 months ago
The way you demotivated now i am sure i will make it to the top thanks.
Im not here to demotivate anyone, but to talk about my perspective on things...
Yup this is the explanation I was looking for. I started learning the basics of programming as well as Linux. I also used and Kali Linux and messed around with it by watching a lot of RUclips tutorials. This was all done in the past 2 years during my side job. But I gotta say right now I am nowhere near where I want to be in this field. I'm considering switching my goals but I will give it one last go by studying for the oscp cert which definitely is a real one. I'm glad you made this video, cyber security is a maze in which you need to match the pieces. Just takes time but if it don't match then then it's not worth wasting time.
You are absolutely right. Although, I am a newbie but I have this same goal to find bugs (like business logics error, idor etc) for a specific amount of time and then instead of being sticking to this loop, move on to learn new technologies, tools, programming languages. The idea behind learning all of this is to find some big peice of meat, to automate repeatitive tasks, to build something and so on.
Ive found some leaks and ended up getting a P2 on bugcrowd, which allowed me to find more bugs using the same long hanging fruit technique, and i was unable to find something more technical since the findings were made using google dorks, then tried to find more "advanced" bugs however, the lack of technical knowledge was like a brickwall, now im doing a fullstack course, to understand from the dev side and learn new skills.
And theres also another big important side, which is time, usually i preffer working on upwork for example, than waste hours on bug bounty with no pay.
How do you guys get motivation on this field? I gave up learning how to montage a video within 10minutes of trying ...
Dude.. You are sooo underrated!!
I salute ya buddy! Keep going!
Cheers. Share around
My favorites when a vetted black hat puts an 0day up for sale on forum somewhere on the net, then before being archived all traces deleted then hackerone has some "Magical out of nowhere person who gets a nice payout for s bounty that was never even posted to begin with but it's the same 0day you randomly ran into on that random forum" priceless. Brings a tear to my eye. They grow up so fast. So proud
Best answer I ever seen.
This is was so accurate and well worded. I've seen a huge amount of posts in various communities of people following the path of x, y, z. to get into bug bounty with a goal of pursuing it full time and it's just not realistic for most people.
thanks!
I don't know which person disliked it but if I could, I would give this video a 1000 likes. Very well said. I have been doing hunting for 2 years but I have always felt that I am not improving. Time to deep dive on each topic and make our own hunting style
good reminder!
Did you improve now?
@@CristiVladZ tell him to do click jacking
What a lot of people don't understand, is that you need to start by knowing programming in various languages AND be able to make any kind of program you want, to THEN try to use that knowledge to find vulnerabilities. If you don't know how to program and what are the best practices of programming / most common design patterns, you'll never be able to do anything.
OMG! one of the greatest advice that I could ever received. thank you so much mate. I am currently a web developer so as you said, maybe its good for me to start on security source code reviewer since that is what I do most everyday staring at the source code of my team doing code review but not on security aspect. honestly, I am really weak at doing black box testing. so maybe focusing on my strength first will do the job? cheers
Of course, leverage your strengths
Basically become a web app developer(no need to be as good as a pro dev. Just know OOP and basics of software design) to become a web app hacker. You never know what mistakes devs can make unless you think like one.
Learn system languages and programming plus some assembly and hardware if you want to write your own malware or crack/reverse engineer software
Learn networking as much as at least CCNA/network+ but the more you know the better since most security breaches are exploited remotely thus networking knowledge is key. If you had to choose one field to master i guess better chose this one.
Learn how CCTV cameras work to come up with a way to hack them.
All the available exploits and hackme tricks are public knowledge and patched already, companies need people who can come up with their own exploits so following online tuts gives you the basics but that's it.
You can't possible live long enough to master all those topics so pick 1 or two to master and learn the basics of the rest.
Do you guys agree?
thanks for the insightful comment! :)
the best comment!
So true. I never completed a single lab or ctf but i still manage to find bugs every month and im happy with it. I just dont want to spend my time doing what everybody does. Why have to learn same thing that everyone is learning when i can learn alot more from google.
everyone is finding bugs , how r u different from others ? so people trying ctfs and labs are wasting time ?
grow up beg bounty hunter
@@nikhilt3755 lol when did i say that I'm different from others. Everyone is finding bugs yes true. Why the fuck people want to be limited when they can learn so much from the internet instead of wasting money(yes there are free ones also). I'm not saying people are wasting their time by doing ctf,labs etc. I just said my thing not yours. Please grow up. In some case everyone is beg bounty hunter how come you can say you're not.
Nice work. How did you learn? Cuz I can see there are several types of bugs. Also do you concentrate one a few types of bugs or you check for everything.
@@rujotheone you can use tools for that in beginning but try doing that manually. You can use portswigger.net and also hackerone you can get good web security knowledge on those website.
@@chintangajera1537 thanks
"CRAFT YOUR UNIQUE APROACHE!" this is a golden advice! Thanks
TBH, I started getting seriously in information security about a year ago, as a university student. I've found my interest in penetration testing and have basic skills to jump into these things. But, every time I learn something new, more I don't know about it. Deep down, I still feel like a noob in terms of knowledge and skill even though I learn many things for the past 7 years little by little. I'm glad you make this video and speak about the ugly truth in cybersecurity.
thanks for sharing your thoughts :)
This is what which makes this field more interesting not a pro tho. But i am exploring for more then 2 years as of now and felt same half a year back. Keep crawling and a suggestion if you don't mind just take big plain sheets and draw concepts like ddos or osi model and many defination like threat, risk , CIA triad on that and stick that in your room and just look that once a week. And you can also compare that old architecture with new released which will help you alot in understanding new technology with ease. This was what i did and it worked for me.
Good luck :)
I see this video 3 month ago and I really upset about my inadequacy it was sound really hard to me starting coding. finally I start 2 months ago and I learned html and css (I know its design language) in this time I realize coding was fun and that motivate me and I am still learning javascript (once I stop learning programming because it was really boring) and soon I will learn nodejs. I am still didn't quit because of learning new things hard and boring. Infact I want to full-stack javascript developer then start bug bounty. I found my way and I am really happy about it I can even spend years programming maybe I will forget starting hacking. thank you Cristi Vlad this video was really helpfull to me I hope the others will start programming. BY the way sorry for my language English is not my native language and I am learning it too :)
you've just made my day! Good luck in all your future pursuits!
A lot of fake bugbounty tips in twitter make the beginner keep busy with their oneliner thing and the elite doing the real thing on a bugbounty target and harvest bounty 😂.
i love this video
Finally someone who has the right morals! You made my day man! Seriously. You a HBH member
i gave up after 3 years just trying to get an entry-level SOC analyst job.
We are all gonna make it brothers,never give up!!
that is the spirit!
Thank you for this video, I'm just starting out, but there is soooo much beginner stuff out there, someone like me doesn't really know where to go to get some proper learning tools to get into the industry. I will make it to the top, so it's nice to know that if someone can go alone, become competent and get to the top without following the crowd.
You got this!
please answer me
what is the meaning of focusing code aspect of bounty program or security research ???????????
Deeply thinking about this lately, but then a question rises, where to start, cuz there are somuch to learn then, from dev side from security side and also to keep up with the latest vulnerability
And thats why I’ve subscribed channels like this, not big ones bcz everyone is doing that🙂✌️
Haha
Came for the ugly truth, stayed for the soothing voice
Wow talk about a reality check because i started this Ethical hacker world in May 2020 i sent 4 reports in they were duds my confidence fell threw the floor and i was like a deer in the head wind. I am now taking a step back and learning the foundations of XSS and applying it to the wild and one day hope to earn my first bounty. Of course i dont expect any of this to be easy at all its tough and there are many people out there chasing the same bug. I do listen to other bug hunters take their advise with a grain of salt and apply it to me and see what works and what doesn't. I also been told dont rely on tools and become nothing more than a "Script Kiddie".
This was a honest video that does not magically coat the world of bug bounties this made me wake up the reality and how i failed to earn anything so i need to figure something out.
It's just a matter of time Anthony. I pounded at it for 10 months to finally finding my first bug.
@@CristiVladZ Thanks man for the confidence boost. As a former data scientist I can tell you there is no comparison this is harder but also more fun. I know one day with patience and persistence I will earn my first bounty. Also I am only specializing in one bug not all of them.
this is all i wanted to hear.. after months of failed attempts to learn bug bounty hunting, i know where to focus on. those people who says coding isn't important to start, thats a hoax. those people themselves are good coders.
you're on a good path!
You are an amazing human being for putting this out like that.
Pretty comprehensive and honest opinions on your vids. Felicitări! 😎
gracias :) da mai departe.
Finally the best advice ever, at least I think for us beginners who are lurking in Cybersecurity world ! Thanks ! And glad I discovered you!
Glad it was helpful!
Good video, telling the truth without demotivating and disrespecting someone.
Learn! Apply! Learn Apply!
Thanks for the feedback
what makes me happy is i've already been doing everything he mentioned for a few years now
Foarte buna argumentarea, Cristi! Poate cel mai tare aspect al acestui videoclip este ca se aplica multor domenii, nu numai securitatii cibernetice! Like & Subscribe din partea mea! Esti tare, keep going!
Mersi fain Mihai!
Apropo cum ai ajuns la video asta?
@@CristiVladZ Recomandarile RUclips. Ma intereseaza subiectul, desi ma concentrez mai mult pe AI. Sunt elev intr-a 12-a si video-ul tau m-a motivat si mai mult sa dau la automatica, pentru ca e o concurenta foarte mare in domeniu, chiar si aceasta nisa a securitatii cibernetice.
@@mihaidinu6637 foarte tare. Mult succes!
@@CristiVladZ Multumesc! Numai bine!
This applies to every aspect of the “get rich scheme”. Maturity is when you understand that if getting rich was this easy the entire world would be full of millionaires
The one liners beginner courses ugh
So many are in just for the views and are misleading people like me :(
Hello sir. Which is the best laptop for bug bounty with prosseror and ram???? Plz Suggest me. Sir
Computer does not matter.
I was almost givin up from that. so something make me watching a last video from a unsubscribed channel and here I am... fullcharged of dopamine again, but genuine dopamine this time like that one what made gohan become super sayajin 2. Thank you bro!
Welcome back!
Its not as hard it appears but I see a few points, but with a little picture here not a whole lotta people work with the security aspect or even know what opensource software is
thx you opened my mind about the idea to master js!!!!
Thanks for the honest advice, now i get a clear path about where should i start i want to be a webapp pentester so im going to master web development and js first ✌️
Actually you are the one who has cleared my path, Thanks
For
Everything.
@@thecreator8353 yeah ! stay focus
‘’Remove yourself from the crowd…’’
The road is really narrow and hard
I'm building it knowledge in prep not there yet but the info was Def appreciated man
i seriously do need help i'm depressed.. ahh i'm about to explode with the thought of what shall i do i'm trying on graphic designing, thinking of getting into ethical hacking and cyber security another here is also related to cyber.. none of the doors are opening for me.. i just graduated highschool and will be joining university i'm really confused on what shall i be studying or stop studying it really harsh ahh MAN!! sorry couldn't find anywhere to express it sorry for my bad grammar
Take some time off the keyboard and spend it with family, friends and loved ones
Totally agree with you. Someone I found whom i can relate more - otherwise most of the people who got in security are mainly driven by the money. Interest is the first thing which require in bug bounty. I am pretty sure, people who have interest should have found this true and informative.
well said
thank you for making this video as a students who is interested and passionate about these topics, this video gave a good insite and direction that i need to follow
How to do it ? Im really stuck right now . I mastered metasploit, kali linux, nmap, almost half of the tools in the industry, it took me 4 hrs everyday for a year, im afraid I'll fail, waste time, how to really start ?!!
try harder
i stopped hacking and bug bounty hunting when i took a step back and realised that i didn't really enjoy it, i was doing it because i liked the fact that i could call myself a "hacker" even a newbie one, i know its pathetic but i was at that time, trying to find myself, maybe one of you are right now in the same situation that i was, think about it guys.
Oops I'm new in cybersec and i felt demotivated by seeing this😅
@@thwahirmahammed4334 sorry for that, this isn't the goal of my comment but really ask yourself this question not only in bug bounty hunting but other areas of your life too :)
☺️👍
@@nets0und200 bro can i ask one doubt that's some long sentence?
@@thwahirmahammed4334 go ahead
I still think the thing I'm struggling with the most is understanding how to get into hacking. Me and a team of my friends want to start bug bountys however we need to learn more, and knowing all the terminology and functions and stuff is so hard.
you dont need to learn more, just do
A lot of people are driven into bugbounty feeling like its some short of free dollars coupons
holy shit dude, u just said what i was thinking for like months , i just didnt had the correct words , thanks for clearing it up for me and everyone else
Great
Just found out your channel and you definitely have my attention.
Been thinking the same thing lately. I got to have a unique look at the scenario to strike out.
cheers!
Hey Cristi can you tell me how much networking knowledge is needed for bug bounty...though I know networking a little more but I'm interested in that area too..
Nice video👍❤️
You'd go a long way mastering networking
Thank you so much bro for helping me out....!!!
Appreciate your honesty!!!!
You're welcome
Thanks man! You are truly an honest man. As u said You need to be different from others that hit me differently. 💯🥂
Hi I love cyber security stuff and sth like this and I wanted to learn but i don't know how much can I make from it I don't know what I have to do and I have to make a decision and my friends are telling me to learn AI and start to learn AI and i don't know what to do heart says learn cyber security but brain says learn AI
I think the biggest thing people overlook is that in order to exploit a computer, you need to understand the computer. I was very lucky, coming in with extensive knowledge of windows, Linux, python, bash, SQL and html, as well as years of experience. However, I think it's fundamental to understand networking, Linux, windows and a programming language before you should even consider anything to do with hacking
Hi, i wanted to know if a job in IT first is good, i'm at the lvl 2 support in an company and i think understanding all the networking first is good, i'm learning programming and i learn on try hack me, hack the box/Root me, any advices ?
and also there is that everyone that we all kinda competing with. and guys doing most work auto, bruh..
Just hoping my CS degree is worth it lol. Sitting in a Data Structures class doesn’t seem worth it while you’re doing it but I know it’ll pay off in the long run
It won’t probably
It won't bro. Sad truth. College is a scam
One of the most honest videos on youtube i've ever seen
Be unique, make your own path, don't get into trap of advertised online courses of other sites, follow right people , and don't feel shame in asking easy methods too ,
Every Night on bed ask yourself what you've learnt , it pushes you next day
introspection and retrospection are key
In india almost 80k bug hunters created there profile on bugcrowd in 2019-2020 that happened because some silly hunters and institution providing such stupid courses in which they giving there students unresolved reports for points . Cheap courses in 500rs, 2000rs. Like courses are easily available in which they don't clear the basics and start directly with reporting and provide Vulnerability templates , automated tools, onliner and I'm against this type of institutes & trainers
I thought this was going to be about finding rare insects
I am not doing any of these things..
I can't get my router to work properly...
Please.. Don't hack me 😬
Promise I won't
The most Realistic video about bug bounty or cyber sec... appreciate your calm boldness👍👍❤
Well, don't do any coding or hacking at all unless your motivation comes 90% from the excitement of the moment when you press enter and find out if what you did or thought makes something work - or break. In my experience, people that don't feel that excitement never make it anywhere in informatics. Can be tested easily by letting a person compile Hello World, then tell them to change something and recompile.
ONE THING TO UNDERSTAND the reason why many people don't do that because of errors not hard working
What do u think bout certifications like Ceh?
honestly, got carried away with the good old fashion marketing going on about cyber security for a while, to only find out it was just a boring job like any other, you will end up doing 9 to 5 daily tasks looking for bugs and get paid like any other dude in the industry. they will make it sound cool cause they have a gap and its well paid cause they dont have enough people doing it thats why they wanna make it look like the best opportunity , so they can pay less for the same task and have enough specialised manpower to get rid of you anytime they want
Teaching about something is the best business regardless if the teachers themselves applies it practically in the real world
The field being full of skids is exactly what made me become a blue teamer instead of a red teamer. I feel like its less bad there
yeah, but not entirely
3:36
a yes i see you using hacker typer like an intellectual on the right screen
I think reading about vulnabilities helps. I gives you an inside whats possible and how it was achived.
And it keeps you up to date to the latest vulns.
But tbh im more a security awareness / SysAdmin, maybe thats why I see it that way.
If you're talking about vulnerability reports, it's very hard to find legit ones. Most are highly redacted...
Very nice and well put! So true. =D
Hey Cristi. I’ve been watching this video religiously for a week to motivate me in my studying of webapp hacking. This video made me feel sane after seeing friends make an extra $10k a month in bug bounties seemingly with low effort. I was wondering if you wouldn’t mind elaborating on developing a skillset. You gave 3 good examples in your video but I was wondering if you could provide some more? What kinds of skills does someone try to improve unlike everyone? For example, in getting great at SQLi? Does it really help to create your own database and use it like you were a developer, so you can then understand how to break it? Or is your time better spent elsewhere? Sorry it’s a long question. Thanks brotha.
I think one of the greatest skills one can develop is going deep
@@CristiVladZ Knowing so much that the likelihood of you succeeding is greater than the likelihood of you failing. Thank you dude. I really appreciate the reply.
just a second to be a hacker i need to be a programmer ? i am a programmer (i will not say that i am good at programming but i can create a Application in the way that required from me) . but still i have no clue about hacking .is that mean i am missing some thing or that iam just not good as programmer as i think .thanks for informative video