Im trying to get into the habit of creating python scripts that I can load different categories of injection, xss, sql injection, command injection etc... that I manually create myself, and craft them for different targets and then automate the process by running all the injection payloads I have created over time. So now lets say I find an xss payload they works for a specific category of web app, I simply load it into that category and over time have build up a few dozen, and if I come across a similar web server, I can simply fire the script and it tries all the attacks that I have launched on the same or similar web servers. hope that makes sense?
Hello. Thanks for those all important videos. I am following your videos and instruction. I have some little question. Can we use in bug bounty for xss scanning using some xss tools like xss scanner XSpear extra. Please I will wait for your reply. Thanks in advance.
Hey You are doing great work! As a beginner, I wanted to ask a rather silly question. I am in a full time job, and I am starting in bug bounty (level 0 as of now) What if I only target any one P1 vulnerability in bug bashes, by dedicating all my time at one P1. Is this a fruitful tactic, keeping in mind reward will be on higher side.
I think you’re likely to burn out demotivated far before you get the P1. Bare in mind unlike CTFs actual bugs, especially those on the more severe side, are much rarer. The reason Brahe best bug hunters find them is due to their experience. The fact is getting lower vulnerabilities is motivating as you learn. You do you though. Check out my video on Finding Your First Bug Remote Code Exécution for more info.
XSS is really hard to find but if you want to go deeper you can check out other types like blind XSS or Dom based XSS which should help you find an XSS! For Blind XSS I have a video and for DOM stud checkout the Hacker101 video with Stök and TomNomNom!
Ok, first of all XXS is EVERYWHERE. Using these techniques or the owasp or portswigger ones, you will never find it! I'll tell you where XSS is NOT found: in forms, in search bars, with any of the following: ;'" script, alert()... alert() is the most filtered string on the planet, and inhouse security teams go through the git hub lists and every where you google. But it is literally everywhere you just need to know how (now where) to look. Hope I help the 1 or 2 of you that the light bulb just went off for. Cheers.
I think she touched on this in the video. She mentioned you have to exploit the vuln in much more creative ways. In one of her examples she highlighted someone stored a payload while creating a page. I would imagine what you and InsiderPhD are saying is that you should try to embed the payload deep within the application on some weird endpoint on an even weirder subdomain.
Sorry about that! This is one of my earlier videos so I was still finding my feet, thank you for the feedback and I'll definitely remake a practical version of this video!
yes, most people say they're great first bugs but I haven't found one in the real world. I can find the ones in CTFs I can find the ones in challenges but I can never find one in the real programs. I'm not saying there aren't xss possible in them. qualified people can easily go and find 5 xss in a single night, on public programs. but I can't. so I've decided to go with idor and business logic errors. I'm getting slowly overwhelmed about my path.
Do not worry I don't think they are great first bugs either. People know how to defend them now days, so the only time you find them is with really specific payloads. My only XSS was with a custom payload and it remains the only XSS I've ever found. IDORs are definitely becoming more common for sure, I think we'll quickly see them overtaking XSS as the go-to beginner bug.
@@InsiderPhD I agree and I think people also started to know how to defend idors either with those long, encrypted pids, uuids.. it's a matter of learning the concept in general and knowing what would be the best approach to attack a target. otherwise it's all randomly shooting, imo.
Even if you have a long uuid you will still have an IDOR for low- privilege users like guest vs admin. Since the guest may have viewing permissions, but not editing
I want to thank you for sharing your knowledge with us . finalyyyy i got my first bountie!! I'm so happy and always as i said thank all the channels on youtube . I'm a 16 y/o guy and i don't have anyone to guide me in this field but i found you youtube and i start learning 6 monthes ago and boom the result is shown now! And to all the hackers : never give up, your patience is your key , and the more you learn the more you earn never forget that.❤
Wonderful! Well done on a bounty at 16 (amazing) AND without a formal mentor, that is fantastic, all the best to you, I'm sure you're going to be an amazing hunter!
Amazing content as always I'm still trying to find my first bug but thank to your last video on goal setting I set up a goal for one bug in the next month so wish me all the luck
@@InsiderPhD thank you so much I have been that I will do one big scope trying to find interesting subdomains as well as trying to find a small scope project that I can work on
How can i hack in a program which has everything inscope or not mentioned anything inscope how should i approach it , programs like DOD, logitech etc... if i should start with asn ? does it mean that everything comes under that ans belongs to that company i'm confused, l like to hack on AT&T but i'm feared of losing my reputation or signal by going out of scope
In my opinion (and it is my opinion) I wouldn’t hack something you’re not sure an org owns. I would start with their core website, and just exploring from there, without digging into IP addresses. Another option is to do a subdomain search with lazy recon. Check it out on GitHub: github.com/nahamsec/lazyrecon
Use crunchbase to find what the target owns. Use bgp.he.net to find their ASNs and CIDRs. Use amass intel to find root domains. And use amass enum to find subdomains. Write a bash script to do all these and you're good to go.
Wish these videos were there back when I started taking hacking seriously!
Im trying to get into the habit of creating python scripts that I can load different categories of injection, xss, sql injection, command injection etc... that I manually create myself, and craft them for different targets and then automate the process by running all the injection payloads I have created over time. So now lets say I find an xss payload they works for a specific category of web app, I simply load it into that category and over time have build up a few dozen, and if I come across a similar web server, I can simply fire the script and it tries all the attacks that I have launched on the same or similar web servers. hope that makes sense?
Why didn't put these links in the description? Btw, Excellent video.
Unfortunately the links will cause UA-cam to delete the video :( so I had to remove them all last year
Thank you for your videos! I prefer shorter episodes. Would it be possible to increase the volume?
Yes! I’ve actually fixed this issue now after some investigation future episodes will be much louder
Last year i started watching your videos . I got few bugs now m here again to learn and understand everything you say . Thanks katie :)
Hello. Thanks for those all important videos. I am following your videos and instruction.
I have some little question. Can we use in bug bounty for xss scanning using some xss tools like xss scanner XSpear extra. Please I will wait for your reply. Thanks in advance.
we need a poc and explique plzzz and how to bypass filter ==> methodolgy xss
Hey
You are doing great work!
As a beginner, I wanted to ask a rather silly question. I am in a full time job, and I am starting in bug bounty (level 0 as of now)
What if I only target any one P1 vulnerability in bug bashes, by dedicating all my time at one P1.
Is this a fruitful tactic, keeping in mind reward will be on higher side.
I think you’re likely to burn out demotivated far before you get the P1. Bare in mind unlike CTFs actual bugs, especially those on the more severe side, are much rarer. The reason Brahe best bug hunters find them is due to their experience. The fact is getting lower vulnerabilities is motivating as you learn. You do you though. Check out my video on Finding Your First Bug Remote Code Exécution for more info.
@@InsiderPhD sure! thanx
how to do peneratation testing on cloudfare hosted websites
What are the some good first bugs??
is so diffcult to find this xss bug in bugbundary
XSS is really hard to find but if you want to go deeper you can check out other types like blind XSS or Dom based XSS which should help you find an XSS! For Blind XSS I have a video and for DOM stud checkout the Hacker101 video with Stök and TomNomNom!
👍👍 👍👍
Ok, first of all XXS is EVERYWHERE. Using these techniques or the owasp or portswigger ones, you will never find it! I'll tell you where XSS is NOT found: in forms, in search bars, with any of the following: ;'" script, alert()... alert() is the most filtered string on the planet, and inhouse security teams go through the git hub lists and every where you google. But it is literally everywhere you just need to know how (now where) to look. Hope I help the 1 or 2 of you that the light bulb just went off for. Cheers.
I think she touched on this in the video. She mentioned you have to exploit the vuln in much more creative ways. In one of her examples she highlighted someone stored a payload while creating a page. I would imagine what you and InsiderPhD are saying is that you should try to embed the payload deep within the application on some weird endpoint on an even weirder subdomain.
it is just theory, no practical.I could not understand why 25.000 people watched this video.
Sorry about that! This is one of my earlier videos so I was still finding my feet, thank you for the feedback and I'll definitely remake a practical version of this video!
yes, most people say they're great first bugs but I haven't found one in the real world. I can find the ones in CTFs I can find the ones in challenges but I can never find one in the real programs. I'm not saying there aren't xss possible in them. qualified people can easily go and find 5 xss in a single night, on public programs. but I can't. so I've decided to go with idor and business logic errors. I'm getting slowly overwhelmed about my path.
Do not worry I don't think they are great first bugs either. People know how to defend them now days, so the only time you find them is with really specific payloads. My only XSS was with a custom payload and it remains the only XSS I've ever found. IDORs are definitely becoming more common for sure, I think we'll quickly see them overtaking XSS as the go-to beginner bug.
@@InsiderPhD I agree and I think people also started to know how to defend idors either with those long, encrypted pids, uuids.. it's a matter of learning the concept in general and knowing what would be the best approach to attack a target. otherwise it's all randomly shooting, imo.
Even if you have a long uuid you will still have an IDOR for low- privilege users like guest vs admin. Since the guest may have viewing permissions, but not editing
@@InsiderPhD that's right. I'm thinking about mastering it. thank you very much for the help!
I want to thank you for sharing your knowledge with us . finalyyyy i got my first bountie!! I'm so happy and always as i said thank all the channels on youtube . I'm a 16 y/o guy and i don't have anyone to guide me in this field but i found you youtube and i start learning 6 monthes ago and boom the result is shown now!
And to all the hackers : never give up, your patience is your key , and the more you learn the more you earn never forget that.❤
what was your first bug?
@@barssever4904 cors missconfiguration
Wonderful! Well done on a bounty at 16 (amazing) AND without a formal mentor, that is fantastic, all the best to you, I'm sure you're going to be an amazing hunter!
@@InsiderPhD thank you🙌❤❤
Amazing content as always I'm still trying to find my first bug but thank to your last video on goal setting I set up a goal for one bug in the next month so wish me all the luck
Good luck! If you ever have any issues feel free to reach or via the Hacker101 discord group. Let me know how you get on! Smash your goal!!
@@InsiderPhD thank you so much I have been that I will do one big scope trying to find interesting subdomains as well as trying to find a small scope project that I can work on
Your helping alot!!
god that was hard to understand because of your accent .......but you explain nicely
I love this video
Great video Katie I love you
Can I copy paste all the payloads on XSS Hunters website and paste them into a comment or name field etc and one might fire? Or does this not work. 🤔
What about XSS vulnerabilities in WordPress Plug-ins?
What about blind xss you didn't mention it
I'm leaving blind XSS and discussing other types of XSS (DOM, etc) in a different series... Spoilers 🤫🤫🤫🤫
I wonder why xss works on headers like referrer etc.
if the payload doesn't get stored, they're useless.
Thank you for the video. It was very informative.
Glad it was helpful!
Thanks for this video... But for me it's still difficult to learn... Can you help me to complete my remaining project for cyber security
What’s the easiest first bug you recommend a beginner look for?
Thanks alot
Please do practically
Can you hack with hackerone while you are in kenya
Yup, no restrictions!
when
Sooooon
where can i acces slides?
Slides are now available on my Patreon for £5+ patrons, sorry I can't make them publicly available to prevent people from re-presenting my work!
@@InsiderPhD thanks, no problem
You're videos are really amazing. Keep making such videos.
Thank you so much 😀
Your videos are so helpful.
I appreciate the effort put into your videos. 😀👏
How can i hack in a program which has everything inscope or not mentioned anything inscope how should i approach it , programs like DOD, logitech etc... if i should start with asn ? does it mean that everything comes under that ans belongs to that company i'm confused, l like to hack on AT&T but i'm feared of losing my reputation or signal by going out of scope
Why do you lose?
@@selimeneskaraduman6935 typo
In my opinion (and it is my opinion) I wouldn’t hack something you’re not sure an org owns. I would start with their core website, and just exploring from there, without digging into IP addresses. Another option is to do a subdomain search with lazy recon. Check it out on GitHub: github.com/nahamsec/lazyrecon
Use crunchbase to find what the target owns. Use bgp.he.net to find their ASNs and CIDRs. Use amass intel to find root domains. And use amass enum to find subdomains. Write a bash script to do all these and you're good to go.