0:47 I agree about the duplicates....Or even worst, when you find a legitimate bug and it's marked as a "false positive" to avoid paying you but still use your report to patch it anyways.
Hi Tyler, love your videos... where can I find the link? you say at the end that you'll posting on the chat but I guess it was not here on youtube. Thanks!!
Hi Tyler, I recently started doing bug bounties and am still learning a lot. Most of the time, the P4 bugs you mentioned are on the out-of-scope list for programs. Should I still report these bugs? I'm afraid of getting negative points on the platform.
Hey -- like I said, I'm experimenting :D -- It depends on the platform. On Bugcrowd you are not penalized for duplicate bugs. I'm not sure about other platforms
Yeah, it's frustrating. Were you able to get any private invites as a result? An alternative (which I've made a bunch more videos about) his CVE hunting. You don't generally get paid, but they look awesome on a resume
@@TylerRamsbey No private invites but I'm following your recommendation for tcm secuirty and hackthebox. also I currently work at convention center, ever heard of GSX? lol I heard networking help people find jobs better than certs and degrees.
0:47 I agree about the duplicates....Or even worst, when you find a legitimate bug and it's marked as a "false positive" to avoid paying you but still use your report to patch it anyways.
Hi Tyler, love your videos... where can I find the link? you say at the end that you'll posting on the chat but I guess it was not here on youtube. Thanks!!
Hi Tyler,
I recently started doing bug bounties and am still learning a lot.
Most of the time, the P4 bugs you mentioned are on the out-of-scope list for programs.
Should I still report these bugs?
I'm afraid of getting negative points on the platform.
Hey -- like I said, I'm experimenting :D -- It depends on the platform. On Bugcrowd you are not penalized for duplicate bugs. I'm not sure about other platforms
Oh and from my experience, P4 is usually in-scope but P5 is out-of-scope. I suppose it depends on the program
Thanks man!
P4 bugs are almost always duplicate on public programs
100% tyler I submitted three reports took me 12 hours and all I received was $200 because they were considered duplicates. SMH
Yeah, it's frustrating. Were you able to get any private invites as a result?
An alternative (which I've made a bunch more videos about) his CVE hunting. You don't generally get paid, but they look awesome on a resume
@@TylerRamsbey No private invites but I'm following your recommendation for tcm secuirty and hackthebox. also I currently work at convention center, ever heard of GSX? lol I heard networking help people find jobs better than certs and degrees.
100% agree. Bug bounties are a scam, glad to see more people talking about it. Hence my blog.
I still want to learn bug bounty to gather experience.
First like first comment
Conclusion : Bug bounties are scam. Dont waste your time unless you have interest in it. Just don't follow money 🤑💰.