I received my first bounty by targeting a small, relatively unknown, sub domain connected to a large public program. It used to belong to a small company that was recently bought out by the big one so I figured it might be an “untapped resource” if you will.
Ahaha my dissertation was on deciphering ancient languages, my wallpaper is a graphic I made for my dissertations, not Egyptian but greek! The writing system is called Linear B
It might help to force yourself to pick a program and just say "this week I am going to work on X, and I'm going to look for bug type Y and Z" like go deep
I have mixed opinions, I think a few years ago XSS was great! But now there's a lot involved to finding an XSS bug and most are being found by pros with significantly more expertise in bypassing WAFs. However, other people tell me that this gives beginners a good chance to learn how javascript/hacking can work. So if you ask me XSS is dead or dying for beginners. If you ask others XSS is a good first bug still.
You can find this in my Finding Your First Bug series or my video on Live API Hacking, both have step by step guides. To find websites to hack you register on a bug bounty platform like HackerOne, Bugcrowd, Intigriti etc, and choose a target like I'm showing on this video
zeus cybersec 0: How the web works (Web application hackers handbook - free at HackerOne is great for this) 1: How to use burp (my videos + practice) 2: What bugs are out there and the signs of them (my videos) 3: How to exploit these bugs (practice on CTFs /real targets)
@@InsiderPhD thing is I am in this field for 1 year.Preparing for oscp and done many oscp like ctfs.I am more of a network guy but I love web security too.I have done dvwa and Over the wire Natas challenge.I have a good idea on advancd used of Burpsuite.What ctfs/books do you recommend for Getting good in web?Also I don't feel confident as I have given most of my time to ctfs be it network or web.Please help me Katie🙁How can I boost my confidence and what web related books/ctfs should I finish before dipping my feet into bug bounty?
I think given your experience you need to START HACKING. It’s always going to be tough but that’s eventually where you want to be so pick a bug, pick a target and just START HACKING. Will it be hard, of course! But nothing worth doing is easy!
hbbss hbbss IDORs for sure, not that technically complex, and you can just methodically test endpoints one by one. Relies more on determination than technical skills
Check out the whole series, especially Business Logic and IDORs which I think are great first bugs when you haven't got a lot of technical skills yet. You can also practice with CTFs
I’m unfortunately not a great UA-camr lmao and it took me a few attempts to get the audio right, for the moment just increase the volume but in the future I have fixed this issue!
@@InsiderPhD i ran it on big speakers used earphones did eq on chrome to boost high end still was quite low. hoping to see a fix soon. thanks for resonding. #ayylmao for life.
I received my first bounty by targeting a small, relatively unknown, sub domain connected to a large public program.
It used to belong to a small company that was recently bought out by the big one so I figured it might be an “untapped resource” if you will.
Not to be intrusive or anything but what bug did you find??? I'm also starting to get into bug bounties and trying to find a good methodology 😁😁😁
Please never stop doing these
That' what I've been expecting for weeks.. Thanks!
:D Glad you like it, I intend to do a bug bounty methdology/approach video as a follow up to this one soon
Thanks, that was really informative for me as a beginner
Really doing a great job...Loved IT ..Waiting for more to come..
Thank you so much, next video will be out tomorrow :)
Thankyou Queen for being dope, Sharing your material to my newer team members has been a beauty.
It was pretty much useful. Thank you very much for your help.
Great job. Thank you. And by the way, are you going to hack in to the pyramid(31:58) as well?. :)
Ahaha my dissertation was on deciphering ancient languages, my wallpaper is a graphic I made for my dissertations, not Egyptian but greek! The writing system is called Linear B
Thank you! Now i don't roam around on h1 for 30 minutes then start a program and give up after 5 minutes lol
It might help to force yourself to pick a program and just say "this week I am going to work on X, and I'm going to look for bug type Y and Z" like go deep
@@InsiderPhD indeed!
you are absolutely amazing. Really appreciate the information you putting forward.Thanks!!!
Thanks! Was informative. Keep uploading videos
I really liked this presentation, will try to take into consideration every point
an amazing video that's exactly what i was so confused about
Killer video, very useful, Thanks for taking the time to do this. :)
Thank you, that’s helped me a lot
Thanks so much!
Great video! All the scrolling up and down in the last 5minutes made me a bit dizzy, but other than that great content. Thanks a lot 😂✌️
Massive thanks 💛
Thank u that was really useful
Nicee, thank you for posting this video. It was very helpful
You are everywhere bruh😂
@@SankizTime lol XD
@@eduardj-e8x bro, sorry! I don't have discord on this phone, so i am not able to talk to uu these days :(
@@SankizTime Oh, it's okay buddy, text me when u can.
Subscribed just now! your videos are awesome ❤️ please keep sharing
thank you for your work!
I am speechless, thanks. it really helps.
I will watch everything content you make
you made my day. 😍😍😍😍🙏🙏🙏🙏🙏
Thanks for the video, very useful !
brilliant video mate.
great video, im motivated.
Starting here and leaving this comment to check on in 12wks and hopefully already have found a a buf by then
?
So did you find one?
?
Sounds like aussie accent 😅😅
love your content.
British :)
Just subbed. Amazing content!
Thank you!
Great video ✌🏻✌🏻
Thank u from Vietnam
Will you also be making practical video's on bug hunting?
R Y I intend to make a full bug bounty methodology/how to approach targets as a follow up to this one :)
perfect thanks
It's a very helpful and interesting video. thanks
Glad it was helpful! That's very kind of you :)
Brilliant content
Thank you so much for sharing it,🙏💞🇳🇵
Awesome !! Video :D K33p Posting .Thanks
can u make a video on spf missing with what type of information should written in it nd proof also. plzz
Wow great one ..... very help-full
Amazing! What do you think about XSS as first Bug bounty for a Beginner ?
I have mixed opinions, I think a few years ago XSS was great! But now there's a lot involved to finding an XSS bug and most are being found by pros with significantly more expertise in bypassing WAFs. However, other people tell me that this gives beginners a good chance to learn how javascript/hacking can work. So if you ask me XSS is dead or dying for beginners. If you ask others XSS is a good first bug still.
It says 'enforces a Signal Requirement'. How I can find bug bounty programs without these requirements or how to fix them?
This was so good
Why does it matter
3:06 4:30
Things to consider
4:30 5:58
i want practical demonstration of finding bugs of any vulnerabilities step by step ? and how to find the qwebsites having the bugs or not?
You can find this in my Finding Your First Bug series or my video on Live API Hacking, both have step by step guides. To find websites to hack you register on a bug bounty platform like HackerOne, Bugcrowd, Intigriti etc, and choose a target like I'm showing on this video
hello.. if i targeted my hacker one then how i will go their website? i will just login to their website through their link they are provided there?
Can you make a course please ?
Spoilers :) by this is something I’m actively looking into less technical more how to find your first bug and get consistent :)
Excellent Video ...⭐⭐⭐ ⭐⭐
Can we use Kali Linux At live Mode ?
or we can just use Windows or MacOs ?
Use Windows or OSX if you’re more comfortable you DONT need Kali to do bug bounties!
@@InsiderPhD thank you madame Katie you are one of my heros
@@InsiderPhD please Make video when you speak about how you enter on Bug Bounty and why we can do to do what you do 🙂
When showing a webpage.. could you slow down a bit? The constant scrolling doesn't allow the viewer to see what you are seeing.
Thanks for the feedback, I will definitely slow down!
thanks!
What is “scope”
That’s the stuff you’re allowed to hack or not allowed, it means if you find a bug in X software they will pay a bounty :)
@@InsiderPhD thanks so much
Thought it was a tool or something
Katie pls help.What are the prior knowledge needed for bug bounties? Shoud I do vulnerable web applications?any good books
zeus cybersec
0: How the web works (Web application hackers handbook - free at HackerOne is great for this)
1: How to use burp (my videos + practice)
2: What bugs are out there and the signs of them (my videos)
3: How to exploit these bugs (practice on CTFs /real targets)
@@InsiderPhD thing is I am in this field for 1 year.Preparing for oscp and done many oscp like ctfs.I am more of a network guy but I love web security too.I have done dvwa and Over the wire Natas challenge.I have a good idea on advancd used of Burpsuite.What ctfs/books do you recommend for Getting good in web?Also I don't feel confident as I have given most of my time to ctfs be it network or web.Please help me Katie🙁How can I boost my confidence and what web related books/ctfs should I finish before dipping my feet into bug bounty?
I think given your experience you need to START HACKING. It’s always going to be tough but that’s eventually where you want to be so pick a bug, pick a target and just START HACKING. Will it be hard, of course! But nothing worth doing is easy!
@@InsiderPhD True.Thanks Katie☺️By the way can I add u on insta?I like connecting to people in the community
I don't have instagram I'm afraid! But you can follow me on twitter and @ me any time if you have questions and I will DM you :)
best "complete beginner bug"?
hbbss hbbss IDORs for sure, not that technically complex, and you can just methodically test endpoints one by one. Relies more on determination than technical skills
Sick! Thanks again for your help, love the content!!
Killer video, very useful, mic sucks
lol i got no skills or knowledge about coding how can i do it
Check out the whole series, especially Business Logic and IDORs which I think are great first bugs when you haven't got a lot of technical skills yet. You can also practice with CTFs
very low audio volume. had a hard time tbh
I’m unfortunately not a great UA-camr lmao and it took me a few attempts to get the audio right, for the moment just increase the volume but in the future I have fixed this issue!
@@InsiderPhD i ran it on big speakers used earphones did eq on chrome to boost high end still was quite low. hoping to see a fix soon. thanks for resonding. #ayylmao for life.
Yankee with no BRIM!!
Hi what is your age plz
Good
How old are you?
Cute voice
Love your voice. so sweet. :)
Your voice is wery low please chenga your mic