Practical Bug Bounty
HTML-код
- Опубликовано: 28 май 2024
- www.tcm.rocks/KeeperDemo Keeper Security’s next-gen privileged access management solution delivers enterprise-grade password, secrets and privileged connection management in one unified platform. Request a demo on how you can protect your organization against cyber threats with zero-trust Enterprise Password Management (EPM). www.tcm.rocks/KeeperDemo
Check out the full Practical Bug Bounty course here: www.tcm.rocks/PracticalBugBounty
You can sign up for Intigriti's Program here: www.tcm.rocks/IntigritiSignUp
Labs for this video: drive.google.com/file/d/1RhCn...
Sponsor a Video: www.tcm.rocks/Sponsors
Pentests & Security Consulting: tcm-sec.com
Get Trained: academy.tcm-sec.com
Get Certified: certifications.tcm-sec.com
Merch: merch.tcm-sec.com
0:00:00 - Intro
0:03:00 - Keeper Security Sponsorship
0:03:48 - Course Introduction
0:10:02 - Importance of Web App Security
0:16:26 - Web App Security Standards and Best Practices
0:29:57 - Bug Bounty Hunting vs Penetration Testing
0:40:16 - Phases of a Web App Pentest
0:57:36 - CryptoCat Introduction
0:59:19 - Understanding Scope, Ethics, Code of Conduct, etc.
1:13:29 - Common Scoping Mistakes
1:37:59 - Installing VMWare / VirtualBox
1:41:14 - Installing Linux
1:50:20 - Lab Installation
1:57:36 - Web Technologies
2:02:14 - HTTP & DNS
2:05:47 - Fingerprinting Web Technologies
2:18:00 - Directory Enumeration and Brute Forcing
2:38:07 - Subdomain Enumeration
2:55:43 - Burp Suite Overview
3:34:35 - Introduction to Authentication
3:36:11 - Brute-force Attacks
3:43:11 - Attacking MFA
3:48:38 - Authentication Challenge Walkthrough
3:58:38 - Intro to Authorization
3:59:48 - IDOR - Insecure Direct Object Reference
4:06:15 - Introduction to APIs
4:11:04 - Broken Access Control
4:19:33 - Testing with Autorize
4:27:02 - Introduction to LFI/RFI
4:28:39 - Local File Inclusion Attacks
4:32:59 - Remote File Inclusion Attacks
4:40:37 - File Inclusion Challenge Walkthrough
4:45:05 - Conclusion
📱Social Media📱
___________________________________________
Twitter: / thecybermentor
Twitch: / thecybermentor
Instagram: / thecybermentor
LinkedIn: / heathadams
TikTok: / thecybermentor
Discord: / discord
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
/ thecybermentor
Support the stream (one-time): streamlabs.com/thecybermentor
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: amzn.to/31GN7iX
The Hacker Playbook 3: amzn.to/34XkIY2
Hacking: The Art of Exploitation: amzn.to/2VchDyL
The Web Application Hacker's Handbook: amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: amzn.to/31HAmVx
Linux Basics for Hackers: amzn.to/34WvcXP
Python Crash Course, 2nd Edition: amzn.to/30gINu0
Violent Python: amzn.to/2QoGoJn
Black Hat Python: amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: amzn.to/30d1UW1
EVGA 2080TI: amzn.to/30d2lj7
MSI Z390 MotherBoard: amzn.to/30eu5TL
Intel 9700K: amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: amzn.to/2M638Zb
Razer Nommo Chroma Speakers: amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: amzn.to/31MOgpu
My Recording Equipment:
Panasonic G85 4K Camera: amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: amzn.to/2LIRxAp
Aston Origin Microphone: amzn.to/2LFtNNE
Rode VideoMicro: amzn.to/309yLKH
Mackie PROFX8V2 Mixer: amzn.to/31HKOMB
Elgato Cam Link 4K: amzn.to/2QlicYx
Elgate Stream Deck: amzn.to/2OlchA5
*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites. - Наука
Taking the PJWT (the relevant cert for this course) tomorrow! Massively excited to put what I’ve learned to the test!
Good luck! I wanna take it too
Good luck! 💜
Good luck my friend
Good Luck!
Good luck!
This free video covers a lot more topics than a course. I really appreciate what you guys are doing. I really like watching your videos. Love from India Sir.
Thank you, Heath, for providing us with this amazing information, we all need to learn the Practical aspects of Bug Bounty especially for some of us that would like to earn some extra cash.
Thanks, guys. I bought the Pnpt and a 3 month membership mainly for this course, during the sale. Thought I'd be able to complete it too with PNPT. Kinda overestimated myself and am still working through PEH. 10th March my monthly subscription ends, and I don't think I can afford it anymore. Was really sad that this one will remain incomplete. At least now I know that even if my subscription ends, I can still cover some part of the curriculum because of this upload.😢
How's is the tcm Security Courses?? Are they worth it in terms of skills and do they provide practical lab to practice??
Currently doing the PNPT. Enjoying it. More so than the PEN-200
I"ve got a subscription to TCM Academy but I just wanted to show some love here. You guys are awesome. Thanks for all you do for the community
Thank you, Heath, for providing us with this amazing information!
What you learned after completing this ?
I love this! Thank you so much!
Can't believe this premium content available for free
Awesome, I'm doing this on the TCM website right now. :)
Is this the exact first part of that website course?
Yes this is the first half of the practical bug bounty he also has a free complete course on ethical hacking if you're wanting to be a Penetration Tester ruclips.net/user/results?search_query=practical+ethical+hacking+-+the+complete+course @@Manas0_0
@16:40 I thought the dog snoring in the background was mine.
Love your Videos......awesome
I am having a problem, I cannot open the Lab locally, what is the local host port it's running on? In the video he just went to localhost without any port or IP
Thank you Heath
Great resource for 2024
Hey.... Dear,
Can I run this BugBounty-v1.1 LAB on my Windows OS...???
Heath with another fat W taking care of the noobs (like me) !
Let's go! 🔥
i love you TCM.
If there is scope given in bb program do we need to do directory bruteforcing?
Brute force the domain that's in scope at a rate that won't flood the programs defense team
I have a doubt. IF the scope says that automation tools are not allowed, is this related only for vuln scanners or to all other tools, like directory/asset discovery. Tools like ffuf, gobuster, etc.
It's related to vulnerability scanners only like nuclei
@@prathmeshchaudhari7613 Good to know .. thanks !!
@@soanzin welcome!
How to download lab ?
Please sir hope you are having a wonderful time
How can i get the course lab sur
Do i have to pay for the course completion certificate?
Or is it for a lack of better terms; free to play
@@eyezikandexploits You will have to sign up in order to unlock the rest of the course and get the certificate of completion. A monthly membership is around $30 USD
Cool
This video is more detailed about Burpsuite...
❤
1:50:00
Aye!
30,362
Very awesome Content
❤