This has to be a blueprint for how to get into any field of study, whether it be infosec, machine learning, etc. Seriously the best breakdown I've come across. I love how you included a section on human learning, as this is often completely ignored when people begin their journey into learning about a new field. I'm super excited about your resources. Amazing work Katie!
I Tweeted You last Night And You shared me this Playlist link which i found Super Helpful😇 Thank You For Being in the Community ❤️ and helping the noobies like meh😊 I will surely go ahead with other video's too✌🏻
You have an extraordinary talent and ability to explain things. Plus, your voice is so wonderfully ordinary, it feels like you really have control in life and know what you want. I am fascinated by people who are in their places. It's such a huge difference compared to most people around me. I don't understand them, they are so slow, boring, apathetic. He destroys his brain and his whole health with alcohol. They waste their lives doing nothing. Their work is slavish and soulless, for minimum wages. All they can do is envy and complain. I hated school, I just did what I had to and left as soon as possible. But I didn't even start working, I had an inner unbearable need for something and I didn't know what. So I searched. I found myself. Since then, my life has changed dramatically, I enjoy learning more and more. All my life, I am a place of mindless fun and work. He studied everything complex and interesting. In doing so, I literally developed and cultivated my thinking. Which allows me. To start effectively learning even such a difficult, extensive and complex, completely unknown to me field as programming. And exactly as you say. There is so much information, time goes by so fast, you don't know where to start. I installed Python, and he was the first to try to create such a very simple modest algorithm, to forecast the weather, for a given place 30 days ahead, with an accuracy of 90%.:D:D Of course I didn't succeed, thanks to that I got to know the entire Python environment, installed a lot of libraries, paths, and in short tried it out. I did this in 1 day. The next day I already wrote my first working "virus".:D Something I remembered being fascinated by as a young child. How can anyone actually create any functional program. Specifically, it is a primitive shutdown of the PC. You know how I first saw it when I was 10 years old. I was so amused. And I just thought to myself, if only I could do something like that. It wasn't even a dream then, it was a completely unknown vision. Today it is a reality. This is not normal. I haven't studied like this in forever. By reading so much and studying and using my brain, thinking. I have come to certain points several times. As if to force the brain to develop. I have not observed this in anyone around me. I am sickly greedy for information. I love to push my brain, I've been doing it all my life. This whole world is exactly what I could have wished for. From the first mention of Chatgpt, I'm like Alice, who has lost the ground under her feet. And she landed softly, on the bottom made up of lots of codes, letters, forming a soft flexible ground. And now and then I walk through this world and I can't stop being surprised. Like Homer in Chocolate City. Like a bouncy castle for my brain. This is perhaps one of the abilities that I have deepened even more. I used to notice talent only occasionally. But all too often, he completely overlooked. Today, I'm like a detector. Not only on talent, but on people in general. To watch someone talented who is himself and knows himself. As he sails through life, you can hear it in that voice. Also, you are compatible with my thinking, this is new. Now I realize that this is another whole new dimension supporting my learning. In short, I found other streams of thought supporting my learning. Not only visual and audio, and recording, discussion... but some kind of sympathetic connection. When I listen to your voice, I hear your whole personality, and it harmonizes with me, it brings a pleasant feeling and it seems to be easy. In short, I don't feel anything from you that would discourage me negatively. It's terribly difficult to explain to me. Anyway, you can see for yourself. ) I wish you much success, good health and good luck.
Edit: thank you for this! This got things cleared up. I was completely approaching it the wrong way. I barely know how to start a computer so this is... a challange. Happy holidays everyone!
@@InsiderPhD thanks! Making a burp suite account it says it's only for businesses, how do you go around it? It doesn't accept youtube as a business website. What do students fill in? I noticed I am scared of "not doing it the right way". I'll try not to ask these types of questions anymore. It just takes away of precious time. I was hoping getting into security, bug hunting, pentesting, ethical hacking(newly introduced terms lol) just starting might help me feel empowerd and not so afraid of computers all the the time.
No worries you can get Burp Community Edition for free without a business account. The professional edition is nice when you get more experienced but the community edition is what I use in all my tutorials!
I wanted to say thank you because your videos have made a lot of things click together in my head. Your FFuF was especially helpful. I think part of why your videos have resonated so well from me happened to be the moment you suggest opening up notepad and taking notes and I already had notepad up with notes in it. My mind thinks best in notepad I swear. Again thank you so much!
I really appreciate this. This video explained why much of the content I have engaged with has either been: here is a super specific exploit, or a nebulous jump on Hacker 1 and figure it out. I like how you talk about how there isn't a good linear methodology to follow and once you have some knowledge just jump right in. Just the advice I needed.
Thanks for this video . And I am here after farah hawa dhidhi suggested me this channel . Really you people doing great things. Thanks dhidhi and thanks farah ji .. more to learn . Thank you so much.
Great content! This is my second day into bug bounty hunting. Your video series is immensely helpful! I have some python coding background and looking into leveraging those skills too.
Nice! Being a programmer is a huge advantage, you can see how someone might build code! Plus code review is often forgotten so you can really leverage those skills into bugs!
I came here today on your page and watched a video regarding why you shouldn't worry about the pros finding all the bugs(after The Cyber Mentor recommended to check your page out). This was my mindset and discouraged me from wasting my time. Well, an hour after watching that I fired up Burp and picked a program. Shortly after I found a reflective XSS vulnerability and tonight submitted my first bug report on H1. Thanks for the motivation! I had to get my mind in the mindset it was ok to not find anything. Now after this find I'm excited to dig deeper!
@@InsiderPhD well after a while of back and forth due to the links not working anymore (unsure why) they marked this as a 4.6 cvss. I assume that's not too bad for a first bounty. To be honest, I was able to get the cookie but not sure how to show the scope of the cookie and if it can be reused on other components. Was so excited I rushed to submit. I wasn't too worried about the impact as much given the program has no bounties, but I'm ok with that
@@InsiderPhD Quick update. My initial XSS report is still awaiting triage (although it was seen by the manager: HackerOne, it is awaiting a response from the program), but since then I have found 2 other information disclosure vulnerabilities that have been reported and triaged. Glad I actually took the effort to look into this and watching yourself and others is truly inspiring and very educational. Keep it up!
You people are doing God's work. You haven't only share great insight but also a blaze of Motivation too - Just do it kind of thing. While watching your videos I have found my first bug
Watching this in 2020: DEFCON is expensive to go to unless it is running locally. Discord: Laughs in COVID-19. Love your content btw. Great motivation and heads up advice as always.
If there's one positive thing COVID has done is make conferences FAR more accessible, especially to those in other countries where the cost to go to Vegas is huge and just not viable!
I never understood why conferences weren't available online even before covid. Like people can't fly around the world and pay for hotels, plus tickets, that's super expensive. It makes it very exclusive to those privileged who can only afford it.
Thank you so much for the video! What CTFs would you recommend? I see that a lot of CTFs cover topics that don't seem related to bug bounty like cryptography and reverse engineering, so is it better to just start hacking on real targets? I'm still a beginner and I'm quite confused at the moment.
I'm not an expert more of a noobie... When you get started with real hacking make sure to stay within the scope. Otherwise it's illegal hacking. (In case you don't know). So topics like cryptography is important to learn at some point so you understand how the programs disguise the real information. Understanding how something works helps you to spot when it's not working correctly, faster and easier. That's all hacking really is, using something the wrong way to see if it still works.
@@christenw.1726 hi sir , I am new to bug bounty , I still learning about bog bounty , 5 months passed but still I don't know where to start can you guide me
This is for those who think bug bounty courses on learning platforms should be taken if you wanna earn money: Don't buy it. Read on OWASP, SANS and disclosures of vulnerabilities. You will fare better, and save money.
I totally agree, you don't need to pay money to become a bounty hunter, I know some people like the idea of a structured course though. To be a bug bounty hunter all you need to do is HACK STUFF!
@@InsiderPhD Absolutely! All you need is time and a structured method in order to hack stuff too, so that no stone remains unturned before you move to next target.
That was Great Video thank you Katie but i have 2 questions first one : you said you didn't read book and you are not big fan of videos and podcasts so my question is how did you learn that all from ? i mean the backbone resource you depend on 2nd question how far should i go in web development as a beginner i know i have to learn html,css,js,php,mysql but how deep i should go ?? Thanks in Advance
- I learn by practical experience, I think it's a great way to get experience, I enjoy CTFs + labs but I really like to learn from an article and immediately put it into practice against a target - I think you should pick up a backend language (be that PHP, Python, JS, whatever) and be able to make a basic blog with comments, so you know how to talk to a database, how the client interacts with the server and how user input is dealt with on the backend
You can use screenshot tools (see lazy recon) to start. Personally I don’t work on super large scopes with a ton of sub domains I just focus on one subdomain and really try to understand it.
Hi Katie, Thank you very much for providing this information. It is really helpful as Stating in the bug bounty space. I am a c# .net programmer, so I tried finding write ups related to c# technology. However I can’t seem to find any. Can you help me with this? I am not sure if I am doing this wrong.
hey i found an endpoint which allows me to change other users username and some pvt. stuff (but the problem is i should get their ID which is stored in form of cookie and its not changing( and its just secure not httponly) can i report this ? or i should find something like xss and then submit this ...thank you :)
Hi there. Good content. Question please, I'm a Java developer. I just got my CEHV10. I'm a Cyberark engineer too. What would you recommend me to start my journey in BB. I mean yes i need to jump in. But what kind of area would be best for me. Thanks.
Just start hacking, I recommend starting with the Hacker101 CTF or PentesterLab to get some practice but otherwise just hack things! Go on hackerone find some interesting targets and go nuts!
It’s up to you I’ve got a video on what to get started with, but I don’t know what motivates you. Do you want to hack something you use? Do you want to find bugs? Do you want to get paid bounties? Do you want to do reverse engineering? Code review? Do you have access to iOS devices? Do you know app development? I don’t know what you know so it’s a kind of self reflective task
Many bug bounty hunters don’t use formal testing methodologies and end up developing their own that works for them, but that doesn’t mean that there’s no point in using it, if you want to use it in your practice go ahead!
Respected teacher, can i start bug bounty without any knowledge of programming and web development in 2020? Tho, i have very minor knowledge of different languages. Just like most basic things. I can read and understand some code and i can't sometimes or mostly. I can't construct xss or other payloads and its troubling for me to understand them? Do we only copy and paste payloads as beginners? Like i got the idea, the concept but i can't make any payload on my own. I'm just copying and pasting different payloads. Ma'am why i'm facing these issues, please guide me.
Without any programming experience XSS is probably not the right vulnerability for you but there are tons of other bugs to start with while you get more experienced! People make XSS payloads by understanding how it is being filtered or knowing how a piece of software works
@@InsiderPhD Thank you for your response, But i think mostly beginners do copy and paste payloads with little bit of alteration. As i can understand the basic context. The use of event handlers and other things. i can do that. but i don't specifically know how to detect waf and how to bypass it. And bypassing waf requires that special understanding, through which someone can make new or better payload. I lack that knowledge and waf is hard for me.
NOPE you don't need to know to program, in fact STÖK didn't know any programming before he started!! I think it can help get you started sooner but a lot of simple bugs don't require any knowledge!
'd u like to give me some advice or explanation maybe like where should I start from, what r required things may I'd need or something... thanks in advance
It's been two years-ish and i found this still extremely useful. Thank you very much for this content!!
This has to be a blueprint for how to get into any field of study, whether it be infosec, machine learning, etc. Seriously the best breakdown I've come across. I love how you included a section on human learning, as this is often completely ignored when people begin their journey into learning about a new field. I'm super excited about your resources. Amazing work Katie!
I Tweeted You last Night And You shared me this Playlist link which i found Super Helpful😇
Thank You For Being in the Community ❤️ and helping the noobies like meh😊
I will surely go ahead with other video's too✌🏻
Can you share it here ?
I just watched 11 minutes and now this is my favourite video about hacking.
Loved it! I enjoyed every single bit of the video. Don't bother about the length of your videos, as the quality is always there. Thanks
Awesome, thank you! With such long videos it's always a worry! But I'm glad I have such awesome viewers who see the value in my work!
You have an extraordinary talent and ability to explain things. Plus, your voice is so wonderfully ordinary, it feels like you really have control in life and know what you want. I am fascinated by people who are in their places. It's such a huge difference compared to most people around me. I don't understand them, they are so slow, boring, apathetic. He destroys his brain and his whole health with alcohol. They waste their lives doing nothing. Their work is slavish and soulless, for minimum wages. All they can do is envy and complain. I hated school, I just did what I had to and left as soon as possible. But I didn't even start working, I had an inner unbearable need for something and I didn't know what. So I searched. I found myself. Since then, my life has changed dramatically, I enjoy learning more and more. All my life, I am a place of mindless fun and work. He studied everything complex and interesting. In doing so, I literally developed and cultivated my thinking. Which allows me. To start effectively learning even such a difficult, extensive and complex, completely unknown to me field as programming.
And exactly as you say. There is so much information, time goes by so fast, you don't know where to start. I installed Python, and he was the first to try to create such a very simple modest algorithm, to forecast the weather, for a given place 30 days ahead, with an accuracy of 90%.:D:D
Of course I didn't succeed, thanks to that I got to know the entire Python environment, installed a lot of libraries, paths, and in short tried it out. I did this in 1 day. The next day I already wrote my first working "virus".:D
Something I remembered being fascinated by as a young child. How can anyone actually create any functional program. Specifically, it is a primitive shutdown of the PC. You know how I first saw it when I was 10 years old. I was so amused. And I just thought to myself, if only I could do something like that. It wasn't even a dream then, it was a completely unknown vision.
Today it is a reality. This is not normal. I haven't studied like this in forever. By reading so much and studying and using my brain, thinking. I have come to certain points several times. As if to force the brain to develop. I have not observed this in anyone around me. I am sickly greedy for information. I love to push my brain, I've been doing it all my life. This whole world is exactly what I could have wished for. From the first mention of Chatgpt, I'm like Alice, who has lost the ground under her feet. And she landed softly, on the bottom made up of lots of codes, letters, forming a soft flexible ground. And now and then I walk through this world and I can't stop being surprised. Like Homer in Chocolate City. Like a bouncy castle for my brain.
This is perhaps one of the abilities that I have deepened even more. I used to notice talent only occasionally. But all too often, he completely overlooked. Today, I'm like a detector. Not only on talent, but on people in general. To watch someone talented who is himself and knows himself. As he sails through life, you can hear it in that voice. Also, you are compatible with my thinking, this is new. Now I realize that this is another whole new dimension supporting my learning. In short, I found other streams of thought supporting my learning. Not only visual and audio, and recording, discussion... but some kind of sympathetic connection. When I listen to your voice, I hear your whole personality, and it harmonizes with me, it brings a pleasant feeling and it seems to be easy. In short, I don't feel anything from you that would discourage me negatively. It's terribly difficult to explain to me. Anyway, you can see for yourself. ) I wish you much success, good health and good luck.
Edit: thank you for this! This got things cleared up. I was completely approaching it the wrong way.
I barely know how to start a computer so this is... a challange. Happy holidays everyone!
Burp suite! It’s the only piece of software you need, and it has everything. You learn Burp, you can do anything
@@InsiderPhD thanks! Making a burp suite account it says it's only for businesses, how do you go around it? It doesn't accept youtube as a business website. What do students fill in? I noticed I am scared of "not doing it the right way". I'll try not to ask these types of questions anymore. It just takes away of precious time.
I was hoping getting into security, bug hunting, pentesting, ethical hacking(newly introduced terms lol) just starting might help me feel empowerd and not so afraid of computers all the the time.
No worries you can get Burp Community Edition for free without a business account. The professional edition is nice when you get more experienced but the community edition is what I use in all my tutorials!
I wanted to say thank you because your videos have made a lot of things click together in my head. Your FFuF was especially helpful. I think part of why your videos have resonated so well from me happened to be the moment you suggest opening up notepad and taking notes and I already had notepad up with notes in it. My mind thinks best in notepad I swear. Again thank you so much!
This video has the best like ration I've ever seen
I really appreciate this. This video explained why much of the content I have engaged with has either been: here is a super specific exploit, or a nebulous jump on Hacker 1 and figure it out. I like how you talk about how there isn't a good linear methodology to follow and once you have some knowledge just jump right in. Just the advice I needed.
Thanks for this video, love it. Specially the "Actually hack something" bit. Needed to hear that!
I have been a trainer and had that learning pyramid glued to my classroom desk. Good to see you use it.
Your heart is beautiful! Someday we will do collaboration in hunting . I make sure I get to that level. Love from India !!
India is gearing up.
We must really thank Jio
true bro ,aur mai bhi india se hu
Even I'm from india!!
Let's make some group 🧐
@@PawsomeSquad Truely agree with you bro...
Thanks for this video . And I am here after farah hawa dhidhi suggested me this channel . Really you people doing great things. Thanks dhidhi and thanks farah ji .. more to learn . Thank you so much.
Farah makes amazing content! With both of us you can't go wrong!
i don't know who you are ,but you came into my life at the right time :-)
Thanks. Very helpful video. And merry Christmas.
I'm new to infosec..... I learn so much from your videos....WOW you are also teaching how to learn....thanks a lot 🙏 for making so informative videos.
love your content! Thank you for everything!! keep uploading more videos!
I am looking forward to finding my first bug.
Complicated stuff simplified by you. Thank you very much 😊
Great content! This is my second day into bug bounty hunting. Your video series is immensely helpful! I have some python coding background and looking into leveraging those skills too.
Nice! Being a programmer is a huge advantage, you can see how someone might build code! Plus code review is often forgotten so you can really leverage those skills into bugs!
@@InsiderPhD How about someone new into programming? Thanks for this lesson by the way.
hey how much bounties u got its been 4 years please share as a newbie i will get motivation
@@haxorgaruda 👋 hey long time! I am in frontend development now. bug bounty wasn't very sustainable as a profession. can be a great hobby...
I came here today on your page and watched a video regarding why you shouldn't worry about the pros finding all the bugs(after The Cyber Mentor recommended to check your page out). This was my mindset and discouraged me from wasting my time.
Well, an hour after watching that I fired up Burp and picked a program. Shortly after I found a reflective XSS vulnerability and tonight submitted my first bug report on H1. Thanks for the motivation! I had to get my mind in the mindset it was ok to not find anything. Now after this find I'm excited to dig deeper!
Oh my gosh! Congratulations! I will keep my fingers crossed for a bounty+quick triage for you!
@@InsiderPhD well after a while of back and forth due to the links not working anymore (unsure why) they marked this as a 4.6 cvss. I assume that's not too bad for a first bounty.
To be honest, I was able to get the cookie but not sure how to show the scope of the cookie and if it can be reused on other components. Was so excited I rushed to submit. I wasn't too worried about the impact as much given the program has no bounties, but I'm ok with that
@@InsiderPhD Quick update. My initial XSS report is still awaiting triage (although it was seen by the manager: HackerOne, it is awaiting a response from the program), but since then I have found 2 other information disclosure vulnerabilities that have been reported and triaged.
Glad I actually took the effort to look into this and watching yourself and others is truly inspiring and very educational. Keep it up!
Excellent. Very Realistic and Professional approach you shown. Keep up the good work
You people are doing God's work. You haven't only share great insight but also a blaze of Motivation too - Just do it kind of thing. While watching your videos I have found my first bug
So many valueble information to get started. Thanks for sharing!
This video is just superb! Thank you so much!
Im new to this field and this help me alot. Thanks ☺️
My wish in Christmas is meeting you
You make my quarantine so easy, thanks!
Fantastic video,
Everyone liked it as there is no dislike.
Thank you so much 😀
Great Video!
Here because of rs0n!! Love what you are doing!!! Thank you!!!
thank you for your work!
Watching this in 2020:
DEFCON is expensive to go to unless it is running locally.
Discord: Laughs in COVID-19.
Love your content btw. Great motivation and heads up advice as always.
If there's one positive thing COVID has done is make conferences FAR more accessible, especially to those in other countries where the cost to go to Vegas is huge and just not viable!
@@InsiderPhD Can't agree more.
@@InsiderPhD Do you go to defcon... When it happens not this year
I never understood why conferences weren't available online even before covid. Like people can't fly around the world and pay for hotels, plus tickets, that's super expensive. It makes it very exclusive to those privileged who can only afford it.
Thanks a million for sharing!
Thank you so much for the video! What CTFs would you recommend? I see that a lot of CTFs cover topics that don't seem related to bug bounty like cryptography and reverse engineering, so is it better to just start hacking on real targets? I'm still a beginner and I'm quite confused at the moment.
I'm not an expert more of a noobie... When you get started with real hacking make sure to stay within the scope. Otherwise it's illegal hacking. (In case you don't know). So topics like cryptography is important to learn at some point so you understand how the programs disguise the real information. Understanding how something works helps you to spot when it's not working correctly, faster and easier. That's all hacking really is, using something the wrong way to see if it still works.
@@christenw.1726 hi sir , I am new to bug bounty , I still learning about bog bounty , 5 months passed but still I don't know where to start can you guide me
REally helpful. Thank you
Thanks a lot for this video, glad i got this in my recommendation!😍
You’re welcome 😊
Hey PHd Insider, Thanks for this and all your free contents. I learnt a lot from it.
Thanks for shared knowlledge with us... You are amazing
Awesome video, really good content on your channel. 😳
Thank you so much 😁
Amazing video you are the best!!!!
This is for those who think bug bounty courses on learning platforms should be taken if you wanna earn money: Don't buy it. Read on OWASP, SANS and disclosures of vulnerabilities. You will fare better, and save money.
I totally agree, you don't need to pay money to become a bounty hunter, I know some people like the idea of a structured course though. To be a bug bounty hunter all you need to do is HACK STUFF!
@@InsiderPhD Absolutely! All you need is time and a structured method in order to hack stuff too, so that no stone remains unturned before you move to next target.
amazing work. thank you.
That was Great Video thank you Katie but i have 2 questions
first one : you said you didn't read book and you are not big fan of videos and podcasts
so my question is how did you learn that all from ? i mean the backbone resource you depend on
2nd question how far should i go in web development as a beginner
i know i have to learn html,css,js,php,mysql but how deep i should go ??
Thanks in Advance
- I learn by practical experience, I think it's a great way to get experience, I enjoy CTFs + labs but I really like to learn from an article and immediately put it into practice against a target
- I think you should pick up a backend language (be that PHP, Python, JS, whatever) and be able to make a basic blog with comments, so you know how to talk to a database, how the client interacts with the server and how user input is dealt with on the backend
@@InsiderPhD Thank you so much , Katie for helping me
now i can start with clear path because of you
This was very helpful
Thank you
Thanks for this ❤
Thank you for your videos.
Ty so much so much info so detail
Merry Christmas Katie 🎅
Verrrrrrrrrrrrrryyyyyyyyy useful!!!!!!!!!!!!
Merry Christmas sister
Hey Katie. Please bring a 2021 version of this video
Thanks a lot
this is awesome
Thank U Teacher 😍🥰
You're welcome 😊
Thankyou mam
Heartly you help me
Lovee from indiaaa❤❤❤❤
I just found a hidden gem.
quality content!!!!!!!!!!!!! 100%
thanks for sharing!
Amazing mam
I want to like, but I don't want to break the number of likes.
Nice Video Thank you So Much For your Help
Can you please send the SlideShare Presentation link
Awesome!!
thank you
Thank you sooooooooooooooooooo much
Thanks
Thank you soooooooooooooooooooooooo much
Hello, i just wanna say your content is fabulous and want to say that can we have a bingneer to advanced ethical hacking course plzzzzz?????
thakyou so much for this
thanks
Hello Katie, thanks for these videos. May God bless u immensely....btw Merry Christmas
thank you ❤️❤️❤️❤️
Thank you for watching!
Thanks alot ...
Thanks luv
you are so lovely
When we approach a target as a newbie, there are so many subdomains, then how do we get to know which subdomain is being used for what purpose?
You can use screenshot tools (see lazy recon) to start. Personally I don’t work on super large scopes with a ton of sub domains I just focus on one subdomain and really try to understand it.
@@InsiderPhD Thanks for the idea.
@@InsiderPhD please explain it more. Can you do a widow about all tools used in recon and how to start from step 1 in all that.
If you like University lectures, there is the Stanford CS 253 course video lectures: web.stanford.edu/class/cs253/
Excellent resource!
That looks great
I love u god damn it god bless u fly high like an eagle
Omg I was watching ur video for api for beginner
Hi Katie, Thank you very much for providing this information. It is really helpful as Stating in the bug bounty space. I am a c# .net programmer, so I tried finding write ups related to c# technology. However I can’t seem to find any. Can you help me with this? I am not sure if I am doing this wrong.
Maybe try looking for ASP instead, many bug bounty stuff is web related so you might have more luck looking specifically for web stuff
I forgot about ASP.net. Thank you very much. 🙂
hey i found an endpoint which allows me to change other users username and some pvt. stuff (but the problem is i should get their ID which is stored in form of cookie and its not changing( and its just secure not httponly) can i report this ? or i should find something like xss and then submit this ...thank you :)
I’d be looking for XSS with that to chain them together, bonus points if you use both to do a full account takeover
Hi there. Good content. Question please, I'm a Java developer. I just got my CEHV10. I'm a Cyberark engineer too.
What would you recommend me to start my journey in BB. I mean yes i need to jump in. But what kind of area would be best for me. Thanks.
Just start hacking, I recommend starting with the Hacker101 CTF or PentesterLab to get some practice but otherwise just hack things! Go on hackerone find some interesting targets and go nuts!
@@InsiderPhD yes I my question was more about what kind? Android? Web? Ios? Anything else? Thx for your insight
It’s up to you I’ve got a video on what to get started with, but I don’t know what motivates you. Do you want to hack something you use? Do you want to find bugs? Do you want to get paid bounties? Do you want to do reverse engineering? Code review? Do you have access to iOS devices? Do you know app development? I don’t know what you know so it’s a kind of self reflective task
Do bug bounty hunters use Owasp OWTF? And is it really worth to use that?
Many bug bounty hunters don’t use formal testing methodologies and end up developing their own that works for them, but that doesn’t mean that there’s no point in using it, if you want to use it in your practice go ahead!
CS50😍😍
Respected teacher, can i start bug bounty without any knowledge of programming and web development in 2020? Tho, i have very minor knowledge of different languages. Just like most basic things. I can read and understand some code and i can't sometimes or mostly. I can't construct xss or other payloads and its troubling for me to understand them? Do we only copy and paste payloads as beginners? Like i got the idea, the concept but i can't make any payload on my own. I'm just copying and pasting different payloads. Ma'am why i'm facing these issues, please guide me.
Without any programming experience XSS is probably not the right vulnerability for you but there are tons of other bugs to start with while you get more experienced! People make XSS payloads by understanding how it is being filtered or knowing how a piece of software works
@@InsiderPhD Thank you for your response, But i think mostly beginners do copy and paste payloads with little bit of alteration. As i can understand the basic context. The use of event handlers and other things. i can do that. but i don't specifically know how to detect waf and how to bypass it. And bypassing waf requires that special understanding, through which someone can make new or better payload. I lack that knowledge and waf is hard for me.
@@complexguy8519 use payload script.
One Question: Is damn web vulnerable application are CTF ? as far I know CTF is a bit different from it.
DVWA is a kind of CTF, the challenges aren’t very realistic is the major difference
@@InsiderPhD Thanks for response :)
♥️♥️♥️💜
im sorry but what does demonstration means?? im not english btw.
Demonstration means showing how a bug works by looking for it on a target for the purposes of learning
Hei You can Metion John Hammond he is doing good work for the Community
should I know any of programming language first before I totally got here??
NOPE you don't need to know to program, in fact STÖK didn't know any programming before he started!! I think it can help get you started sooner but a lot of simple bugs don't require any knowledge!
really? oh that sounds good and thank you for ur advise ma'am ☺️
'd u like to give me some advice or explanation maybe like where should I start from, what r required things may I'd need or something... thanks in advance
also please make a telegram group channel
:)
You don't answer...
😶😶🥺🥺🥺
voice is very low
Hey ma'am can you teach me about bug bounty iam newbie in this industry maam
i love you lets collab
Hackersploit and John Hammond IMHO are also a good resources.
Thanks