I'm diabled 53 yr old that started teaching myself cyber security and bug bounty about 14 months ago. All i knew was how to send an email on my phone and search Google so i had to start by learning Linux and the command line. I'm at the point a can use linux fairly good and I'm understanding what people are talking about in the videos so I'm hoping another year I'll be a decent bug hunter. Thank you for explaining everything so good it's hard when I'm teaching myself and don't have someone to help or explain things to me :)
You are going right direction and I wish you all the best! I think self taught route is quite good if you dedicate a lot of time into learning and be consistent. Learning linux is a good start, next you should try learn about basic vulnerability types ;)
@@Ott3rly Thats where I'm t know that i can understand what they're talking about. It took me a lot of extra time figuring out what the videos were even talking about one thing great about college is they have other people to ask when they don't understand something i have to spend time figuring it out Thank you for the advise :)
Thank you im follow u since the first video can u plz make manuel aprach to target and Logic bugs or BAC bugs & show us some burpsuit tricks and exthntions
I usually try to avoid akamai and amazon, since those could have WAF. If I do this it doesn't mean you should blindly follow my steps, sometimes amazon hosts could hide some interesting content.
Yes exactly. It will run same tool across multiple servers. For instance, if you run amass on 20 servers with file of 20 domains, each server will get one domain to scan in parallel. It will greatly save time. Just be cautious and use responsibly.
What I forgot to mention, is that you should use the FoxScroller extension as well. It will scroll to the end of Google results page, then google loads more results, and it keeps scrolling to the end. After that, you could use Link Gopher.
Found your channel last week afte watching so much nonsense i do have one question that niggles me and that is why do some vulns only work in the burp browser for example XSS but do not work in normal browsers when NOT going through Burp
Burp's default browser uses older version of chromium, which has way less inbuilt XSS protection. Some bug bounty programs know this, so they specify that when you submitting vulnerability reports, it has to be applicable for the newest versions of browsers.
I'm diabled 53 yr old that started teaching myself cyber security and bug bounty about 14 months ago. All i knew was how to send an email on my phone and search Google so i had to start by learning Linux and the command line. I'm at the point a can use linux fairly good and I'm understanding what people are talking about in the videos so I'm hoping another year I'll be a decent bug hunter. Thank you for explaining everything so good it's hard when I'm teaching myself and don't have someone to help or explain things to me :)
You are going right direction and I wish you all the best! I think self taught route is quite good if you dedicate a lot of time into learning and be consistent. Learning linux is a good start, next you should try learn about basic vulnerability types ;)
@@Ott3rly Thats where I'm t know that i can understand what they're talking about. It took me a lot of extra time figuring out what the videos were even talking about one thing great about college is they have other people to ask when they don't understand something i have to spend time figuring it out Thank you for the advise :)
I actually thought you were just a voice without a face or body, blessing us with bug bounty knowledge from above the clouds.
you proved me wrong ;)
I guess I will show up a little bit more. Just I was just fighting through my introverted nature ;)
love and support from india ❤🎉
Thank you im follow u since the first video can u plz make manuel aprach to target and Logic bugs or BAC bugs & show us some burpsuit tricks and exthntions
can u make a tutorial about "installing and setting up Axiom" Please
I have a blog post already covering that, feel free to check it out ;)
@@Ott3rly can you post the link here please, thanks for you
@@arman-ez3ir check description, that's not hard thing to do I think ;)
@@Ott3rlyoh sorry i didn't know its there
thanks u for answering my question i have one more please , when u collect ips from shodan u collect every thing even organizaion amazon ,?
I usually try to avoid akamai and amazon, since those could have WAF. If I do this it doesn't mean you should blindly follow my steps, sometimes amazon hosts could hide some interesting content.
He finally showed his face
I was not hiding it, lol. You can clearly see it if you know my blog.
Very helpful video 🎉
Glad you think so!
Excellent video bro💯💯 part 2?
I am planning to do another live recon next week ;)
Awesome
Whats the advantage of using axiom? Is it able to run tools at the same time using different “computers” in the cloud? Sorry for the noob question
Yes exactly. It will run same tool across multiple servers. For instance, if you run amass on 20 servers with file of 20 domains, each server will get one domain to scan in parallel. It will greatly save time. Just be cautious and use responsibly.
5:57 finally i see you
Hi brother thanx for live I want ask you something please can you make video about tool uncover because I can't use it (problem api_key) 😢😢😢😢
you have to add API key of any paid service like shodan to your provider_config.yaml file
@@Ott3rly I added but it's didn't work I don't know why 😢 😢 😢 😢 can you make short videos do that please 🙏🙏🙏🙏🙏
I'm watching recording ...
Daily classes ??
What's the timing ??
Read the description, find the discord server, join it, read the rules with announcements and you will know what to do.
What name of extention that collect links google ,
I love ur way thank u
Link Gopher
What I forgot to mention, is that you should use the FoxScroller extension as well. It will scroll to the end of Google results page, then google loads more results, and it keeps scrolling to the end. After that, you could use Link Gopher.
@@Ott3rlyI read it on your blog amazing tips 😊
how scan subdomain with asn/cidr in last video
I collect IPs separately than subdomains. You could "convert" your collected subdomains to IPs as well, I will show this in the next recon video.
hello, I am unable to join the discord, is the link invalid? =(
Thanks for notifying. I have updated the link, check it now.
What do you mean by aggressive stuff?
Please add a timestamp where I said that. It would be much easier for me to understand the context, instead of rewatching the whole video. ;)
do record live hacking too ?
Check the Discord server in the description.
Found your channel last week afte watching so much nonsense i do have one question that niggles me and that is why do some vulns only work in the burp browser for example XSS but do not work in normal browsers when NOT going through Burp
Burp's default browser uses older version of chromium, which has way less inbuilt XSS protection. Some bug bounty programs know this, so they specify that when you submitting vulnerability reports, it has to be applicable for the newest versions of browsers.
@@Ott3rly Ah yes i was thinking this but could not find confirmation anywhere many thanks i have learned a lot from you and your live streams
@@TheRustyCodger Thanks for the feedback!
:)
my dumb ass watched the whole vid but still cant comprehend what happen. so if anyone can tell me what steps he did. it would be so great
Learn some basics about linux bro ;)
i am so Late
No worries, I will leave this on YT, so you can watch it ;)