Just wanted to say thank you for sharing these tips, I'm a total noob and it's a heck of a steep learning curve, every bit of advice is greatly appreciated. Keep up the good work!
Thank you so much for the information! Is it possible for you to share the setup of your kali? I would really appreciate it if you could share the must have tools on kali and how to set up each of them. Thank you so much!
You beautiful beautiful man you’re so incredibly helpful. Any suggestions for how to go about getting bug bounties. For example hacker1 or are there other sites? And what keeps you from getting in trouble when hacking sites? Do you need to open a VM from a sponsored site with a known IP so the customers know you aren’t malicious? Or do you just hack the site and stick solely to the scope and hope for the best?
Some programs will have you add a custom header in burp with your bug bounty username or suming like XXBUGCROWEDXX so they know you are not malicious. Some don't require it. I am always nervous about getting flagged as malicious, so in all my payloads I include my username.
Question: • What is the difference between session id and cookies? • Is session id is a part of cookie? I googled it, but it's a little confusing thing for me 😑
My guess would be a session ID is an instance where your settings or changes are temporarily stored, cookies are probably involved but it is a reference point for the site to return or record actions
Usually Cookies will store a lot of different information and a session id can be stored within a cookie. Sometimes you will see auth tokens that are linked to a session. The place a session id is stored can change depending on the website.
Hi, great vids bro Could you clarify a question for me? please I'm curious about for example the blog page you used in this example, if developers and the company don't know these blogs (or any similar page) are up, then that pages for sure will not be in the target scope in their program, for example, in hackerone. My question is: then i don't need to stick to the "in scope targets" when searching for bugs ? Maybe this is limitating me alot, but i'm not sure if i'm able to enumerate all the website's sub domains and directories or need to stick to only the "in scope" list they provide. I hope you can help me with my questions, and thank you so much man!!
If you attack sites that are not in scope you can get into legal issues with them. Some programs say that out of scope are allowed if it's really something they should know, otherwise stay away from those
@@Freezpingui thank you so much, that's why I'm fear about attempting into non in-scope sites and keep stick into the in-scope list. So maybe I'll try to search for programs with a large, or completely open scope then.
I'm also a beginner and yeah the best way is to look for large scopes but I've heard that even experts get out of scope many times so don't worry too much about it, just check once very x time if you're still in scope or not, it will get better with time
@@ryan_phdsec That's what I am saying. Master how to escalate it further? Please provide one detailed video on reflected xss because this vulnerability is everywhere on every single website on internet....please share your knowledge. Thank ❤️💐🌺💥💯👍😘🥰😘💫
Look for version numbers and check to see if there are any known vulnerabilities and then test for them. Also, if you can find the type of cms, there are often tools that will check to see if the plugins or cms is out of date like wpscan.
Hello sir can u please make a long video on your cybersecurity and bugbounty journey like how you started from where you learned it will help me alot as i also wants to become cybersecurity engineer
Just wanted to say thank you for sharing these tips, I'm a total noob and it's a heck of a steep learning curve, every bit of advice is greatly appreciated. Keep up the good work!
Thank you so much for the information!
Is it possible for you to share the setup of your kali?
I would really appreciate it if you could share the must have tools on kali and how to set up each of them.
Thank you so much!
I am actually working on a tools course right now. Hoping to have it done by next week.
@@ryan_phdsec I am looking forward to it!
There is nothing easy about this game to me the larger the scope and user friendly the better than anything else.
i dont know you that well but i really love you bro continue
Thank you for posting this video I been struggling a bit.
Thank you for sharing the knowledge👨💻
You beautiful beautiful man you’re so incredibly helpful. Any suggestions for how to go about getting bug bounties. For example hacker1 or are there other sites? And what keeps you from getting in trouble when hacking sites? Do you need to open a VM from a sponsored site with a known IP so the customers know you aren’t malicious? Or do you just hack the site and stick solely to the scope and hope for the best?
Some programs will have you add a custom header in burp with your bug bounty username or suming like XXBUGCROWEDXX so they know you are not malicious. Some don't require it. I am always nervous about getting flagged as malicious, so in all my payloads I include my username.
Thank you for sharing the knowledge
Question:
• What is the difference between session id and cookies?
• Is session id is a part of cookie?
I googled it, but it's a little confusing thing for me 😑
My guess would be a session ID is an instance where your settings or changes are temporarily stored, cookies are probably involved but it is a reference point for the site to return or record actions
Usually Cookies will store a lot of different information and a session id can be stored within a cookie. Sometimes you will see auth tokens that are linked to a session. The place a session id is stored can change depending on the website.
You should read a book on the internet first then start hacking. This is like asking the car mechanic if the spark plug goes in the radiator...
Hi, great vids bro
Could you clarify a question for me? please
I'm curious about for example the blog page you used in this example, if developers and the company don't know these blogs (or any similar page) are up, then that pages for sure will not be in the target scope in their program, for example, in hackerone.
My question is: then i don't need to stick to the "in scope targets" when searching for bugs ?
Maybe this is limitating me alot, but i'm not sure if i'm able to enumerate all the website's sub domains and directories or need to stick to only the "in scope" list they provide.
I hope you can help me with my questions, and thank you so much man!!
If you attack sites that are not in scope you can get into legal issues with them. Some programs say that out of scope are allowed if it's really something they should know, otherwise stay away from those
@@Freezpingui thank you so much, that's why I'm fear about attempting into non in-scope sites and keep stick into the in-scope list.
So maybe I'll try to search for programs with a large, or completely open scope then.
I'm also a beginner and yeah the best way is to look for large scopes but I've heard that even experts get out of scope many times so don't worry too much about it, just check once very x time if you're still in scope or not, it will get better with time
I have a question if the subdomains aren't listed in program scope i still can get a bounty if i find any vulnerabilities ?
Goooodsss thank you so much, keep it up 💥💥💥
Sir which website is best for bug reporting like hacker one
You're Good Dude
How would you get rewarded? Call the company? Is there a good way to get a contract for payment if a bug is found?
There are websites where a company will put out a bounty then you submit a report on the website where the bounty was posted
I am new in bug bounty. What to do after getting XSS reflected alert ⚠️ popup with 🍪 cookies ? Or document.domain popup alert ⚠️...
If you get XSS to pop you report it? If you are in a ctf usually you will just submit a flag.
@@ryan_phdsec That's what I am saying. Master how to escalate it further? Please provide one detailed video on reflected xss because this vulnerability is everywhere on every single website on internet....please share your knowledge. Thank ❤️💐🌺💥💯👍😘🥰😘💫
Amazing Tips
thanks a lot
Thanks
How can i find vulnerabilities on cms and report it? I'm a new bug hunter...
Look for version numbers and check to see if there are any known vulnerabilities and then test for them. Also, if you can find the type of cms, there are often tools that will check to see if the plugins or cms is out of date like wpscan.
Also check default logins. Look for default pages that give you more information about the web app
No shade, just new to the scene. What is the point of bug bounty?
People Can hack big companies and get paid for it... It is kind of like freelancing or side gig for hackers
Ahhhh. Awesome cheers for cleaning things up mate
Please sir, can you make a live bug bounty hunting on public program so as can learn recon and how to think like bug hunter ?
Hello sir can u please make a long video on your cybersecurity and bugbounty journey like how you started from where you learned it will help me alot as i also wants to become cybersecurity engineer
This is a great idea!
@@ryan_phdsec so sir will it come?
yo bro i wanted learn bug bounty but i dont know where should i start and what should i do😢😢😢😢😢😢
Shut up
Hello Ryan McKenney,big fan :)
✊🏾🙏🏾👏🏾👏🏾
Kopi mana kopi
Check out Ridotto's bug bounty program, big money to be made
Thank you for sharing your knowledge 🌹