He made $100K in 2 months from Bug Bounty! Learn from one of the best! Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: brilliant.org/DavidBombal Ben (Nahamsec) hacks platforms legally and with their permission! He gives us his top 3 Bug Bounty tips for 2023. // Websites recommended by Ben // * hackerone.com * www.bugcrowd.com/ * picoctf.org/ * portswigger.net/web-security * www.intigriti.com/ * www.hacker101.com/ * www.synack.com/ // Ben’s Social // Twitch: www.twitch.tv/nahamsec UA-cam: ua-cam.com/users/nahamsec Github: github.com/nahamsec Instagram: instagram.com/nahamsec Twitter: twitter.com/NahamSec Website: nahamsec.com/ // Videos mentioned // Ben's $100K video: ua-cam.com/video/TKIEXwOcbfc/v-deo.html Kali Linux Nethunter Android Install in 5 minutes (Rootless): ua-cam.com/video/KxOGyuGq0Ts/v-deo.html // UA-cam channels recommended by Ben// @InsiderPHD: www.youtube.com/@InsiderPhD @FarahHawa: www.youtube.com/@FarahHawa @STOKFredrik: www.youtube.com/@STOKfredrik @phd_security: www.youtube.com/@phd_security @_JohnHammond: www.youtube.com/@_JohnHammond @IamJakoby: www.youtube.com/@IamJakoby @HackerSploit: www.youtube.com/@HackerSploit @BugBountyReportsExplained: www.youtube.com/@BugBountyReportsExplained // Recommended Books // Atomic Habits by James Clear: amzn.to/46D8yDE Hacking API’s by Corey J. Ball: amzn.to/3NRTafh Bug Bounty Bootcamp by Vickie Li: amzn.to/3JAPZWS The Web Application Hacker’s Handbook 2 by Daffyd Stuttard and Marcus Pinto: amzn.to/3XvNmLp // MENU // 00:00 - Coming up 01:00 - Brilliant sponsored segment 02:31 - Making $100K in 2 months with bug bounty 04:43 - Top 3 tips for starting with bug bounty 06:15 - Top 3 technical tips for bug bounty 08:10 - "Don't learn to hack, hack to learn" // Consistency is key 11:32 - Top 3 free learning platforms for bug bounty 12:47 - Top 3 bug bounty platforms 15:08 - Vulnerability Disclosure Programs // How VDPs can open doors to opportunities 19:55 - Top 3 recommended UA-cam channels 21:27 - Top 3 recommended books 22:17 - Top 3 technologies to understand 23:45 - Helping others // Twitch, UA-cam & Twitter 25:35 - Conclusion // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
i made 10million dollars in 1 year forex trading- do you beleive me??? is there any proof that this man actually made 100k in 2 months!!! if so, can u send me a link?? I mean this guy is making some pretty outrageous claims, mabey 20years ago he could of made that, but now, with ALL the compitition out there!! highly doubtfull man!!
David, I must express my deep appreciation and enjoyment for your videos. I've had the pleasure of watching around 30 to 40 of them, and with each one, I've gained valuable insights and knowledge. Your collaborations with other influential creators have been truly inspiring as you mutually support and uplift one another. I also want to mention that Ben's content is excellent; I hadn't come across him before, but now I'm eager to explore his videos as well. Your dedication and passion in creating these videos fuel my own aspirations, providing me with the inspiration and motivation I need to pursue my goals. I want to extend my heartfelt gratitude for everything you do for all of us. Thank you! You are a legend!
New sub! Thanks both. Circumstances changed for me in December, been looking for a complete change so my lifelong fascination with computers is now becoming the focus with a view to getting into IT, and this is definitely a field of interest. Currently doing the basics, A+ net+ and hopefully sec+ but more with a view to filling in the blanks rather than to get a help desk job. It's a journey not a destination so learning a little every day. Thanks for the great content.
Wow! That was so informative and encouraging. I started on the bug bounty path earlier this year and became quickly overwhelmed and discouraged. This video (David's insightful questions and Ben's thoughtful answers) has prompted me to reset, reassess, and start over with a more positive outlook. Many thanks to both Ben and David -- and yes, I've subscribed to both.
I've been following you ever since I got into hacking. I gotta say it, these interviews that you are doing is pretty amazing and nothing like the content you've made before. Always brings something new and interesting to the table. Please, keep it up. Looking forward to seeing more amazing guys soon.
Subscribed. I see bug bounty as my retirement plan for extra cash. I have been doing IT and cyber security work since 95 and this may be a good way to keep me sharp and earn a few extra dollars. It will be nice not having to work except when I want to.
I recently turned 17 and about two years ago I made around 8k of off web hacking I get very frustrated when I spend days on target and I don't find anything, that's why I'm switching to web3 and smart contract hacking tbh, at least you're investigating your time with something worth the effort
Where can I find more info on this? I would love to start doing this in addition to learning solidity, any discords or similar bug bounty groups I can look at?
Great video... Really motivated me a lot... I would also suggest another guy kinda in the pentesting side that's Sabyasachi. His explanation is awesome. Though he's new to content creation but still has valuable content. 🤗
Great advice thanks for this guys :) Something i am doing is Hack The Box Academy with walkthrough videos if i get stuck and then going to be doing Hack The Box guided mode after the academy as want to change from sysadmin to Cyber Security. I am 42 and was inspired by one gentleman who was 50 and got into hacking :)
Bug Bounty program saturation is a thing... And in my opinion it's the most important thing to bear in mind when looking at the profitability of your time in a bounty program.
id really love to get into hacking , is there any specific way or concept to start with ? because it is really overwhelming :( im still an engineering student so if there is any way to start learning this (preferably for free ) i would really appreciate any kind of help . thanks for the cool content
Good day sir Mr Davidbombal. He talked about the E1-ELITE behind him is that also a book we could read or probably I could read speaking for myself and if years I'm finding it difficult to get the book Thanks
I think my problem is just writing the reports lately and then when I find it and it work out I try to go longer looking for more and I eventually loose what I had found.
DAVID PLS REPLY ME. A lot of us have watched your videos specially the one video that you use WiFi adapter to hack WiFi or to do 4 way handshake. I but I know that a lot of us who are new to hacking or are green hat hackers. We can't find that adapter which supports monitor mode 😩🤔 sooo is there an other way to get the job done and do 4 way handshake using other methods ? Like maybe using python or other tools in Linux or using the powerful module scapy from python ? I'm saying that a lot of us can't get that WiFi adapter which supports monitor and injection modes. So what can we do it we can't literally find the WiFi adapter? Other ways to do the job ? Plsss reply me I'm a big fan and this is very useful information if you can help it would be great;)
Are cyber security jobs in danger due To Ai. Sir supposed you are a beginner in IT in this era would you like to enroll yourself in cyber security field?
Bug bounty is at best a side gig; a scam at worst. The payout depends on the company, and such companies want to pay as little as possible for the bounty.
so i did some automated api endpoint enumeration testing (via feroxbuster) and managed to get into the /etc/passwd file on my friends web server he allowed me to hack-BUT - this was the contents of the file: root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin does anybody know how i can ACTUALLY get a hold of the password hashes for each user here in the second field after the first : ????????
He made $100K in 2 months from Bug Bounty! Learn from one of the best!
Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: brilliant.org/DavidBombal
Ben (Nahamsec) hacks platforms legally and with their permission! He gives us his top 3 Bug Bounty tips for 2023.
// Websites recommended by Ben //
* hackerone.com
* www.bugcrowd.com/
* picoctf.org/
* portswigger.net/web-security
* www.intigriti.com/
* www.hacker101.com/
* www.synack.com/
// Ben’s Social //
Twitch: www.twitch.tv/nahamsec
UA-cam: ua-cam.com/users/nahamsec
Github: github.com/nahamsec
Instagram: instagram.com/nahamsec
Twitter: twitter.com/NahamSec
Website: nahamsec.com/
// Videos mentioned //
Ben's $100K video: ua-cam.com/video/TKIEXwOcbfc/v-deo.html
Kali Linux Nethunter Android Install in 5 minutes (Rootless): ua-cam.com/video/KxOGyuGq0Ts/v-deo.html
// UA-cam channels recommended by Ben//
@InsiderPHD: www.youtube.com/@InsiderPhD
@FarahHawa: www.youtube.com/@FarahHawa
@STOKFredrik: www.youtube.com/@STOKfredrik
@phd_security: www.youtube.com/@phd_security
@_JohnHammond: www.youtube.com/@_JohnHammond
@IamJakoby: www.youtube.com/@IamJakoby
@HackerSploit: www.youtube.com/@HackerSploit
@BugBountyReportsExplained: www.youtube.com/@BugBountyReportsExplained
// Recommended Books //
Atomic Habits by James Clear: amzn.to/46D8yDE
Hacking API’s by Corey J. Ball: amzn.to/3NRTafh
Bug Bounty Bootcamp by Vickie Li: amzn.to/3JAPZWS
The Web Application Hacker’s Handbook 2 by Daffyd Stuttard and Marcus Pinto: amzn.to/3XvNmLp
// MENU //
00:00 - Coming up
01:00 - Brilliant sponsored segment
02:31 - Making $100K in 2 months with bug bounty
04:43 - Top 3 tips for starting with bug bounty
06:15 - Top 3 technical tips for bug bounty
08:10 - "Don't learn to hack, hack to learn" // Consistency is key
11:32 - Top 3 free learning platforms for bug bounty
12:47 - Top 3 bug bounty platforms
15:08 - Vulnerability Disclosure Programs // How VDPs can open doors to opportunities
19:55 - Top 3 recommended UA-cam channels
21:27 - Top 3 recommended books
22:17 - Top 3 technologies to understand
23:45 - Helping others // Twitch, UA-cam & Twitter
25:35 - Conclusion
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
i made 10million dollars in 1 year forex trading- do you beleive me??? is there any proof that this man actually made 100k in 2 months!!! if so, can u send me a link?? I mean this guy is making some pretty outrageous claims, mabey 20years ago he could of made that, but now, with ALL the compitition out there!! highly doubtfull man!!
David, I must express my deep appreciation and enjoyment for your videos. I've had the pleasure of watching around 30 to 40 of them, and with each one, I've gained valuable insights and knowledge. Your collaborations with other influential creators have been truly inspiring as you mutually support and uplift one another. I also want to mention that Ben's content is excellent; I hadn't come across him before, but now I'm eager to explore his videos as well. Your dedication and passion in creating these videos fuel my own aspirations, providing me with the inspiration and motivation I need to pursue my goals. I want to extend my heartfelt gratitude for everything you do for all of us. Thank you! You are a legend!
I am 37 and I want to change the industry that I work! Great information!! Thank you for inviting him!
New sub! Thanks both. Circumstances changed for me in December, been looking for a complete change so my lifelong fascination with computers is now becoming the focus with a view to getting into IT, and this is definitely a field of interest. Currently doing the basics, A+ net+ and hopefully sec+ but more with a view to filling in the blanks rather than to get a help desk job. It's a journey not a destination so learning a little every day. Thanks for the great content.
Wow! That was so informative and encouraging. I started on the bug bounty path earlier this year and became quickly overwhelmed and discouraged. This video (David's insightful questions and Ben's thoughtful answers) has prompted me to reset, reassess, and start over with a more positive outlook. Many thanks to both Ben and David -- and yes, I've subscribed to both.
I've been following you ever since I got into hacking. I gotta say it, these interviews that you are doing is pretty amazing and nothing like the content you've made before. Always brings something new and interesting to the table. Please, keep it up. Looking forward to seeing more amazing guys soon.
Would you advise any specific cert ?
Been waiting for such interview a lot. Hope u do more videos like this in the future 🙏🙏.
Really appreciate what u r doing for the community David❤❤ .
Thank you! And you're welcome!
I felt alot of what he said, especially as a bjj competitor you learn that everything needs consistency and teamwork
Agreed.
My man 🤜🏾🤛🏾
Subscribed. I see bug bounty as my retirement plan for extra cash. I have been doing IT and cyber security work since 95 and this may be a good way to keep me sharp and earn a few extra dollars. It will be nice not having to work except when I want to.
Thanks David for the interview.
It's informative and gives confidence.
Very informative video! Thanks a ton for all the valuable information, looking forward to starting my journey
I recently turned 17 and about two years ago I made around 8k of off web hacking
I get very frustrated when I spend days on target and I don't find anything, that's why I'm switching to web3 and smart contract hacking tbh, at least you're investigating your time with something worth the effort
Where can I find more info on this? I would love to start doing this in addition to learning solidity, any discords or similar bug bounty groups I can look at?
Great video... Really motivated me a lot... I would also suggest another guy kinda in the pentesting side that's Sabyasachi. His explanation is awesome. Though he's new to content creation but still has valuable content. 🤗
Great advice thanks for this guys :) Something i am doing is Hack The Box Academy with walkthrough videos if i get stuck and then going to be doing Hack The Box guided mode after the academy as want to change from sysadmin to Cyber Security. I am 42 and was inspired by one gentleman who was 50 and got into hacking :)
THE FREAKING INTERVIEW / VIDEO / COLLAB WE NEEDED ON THIS CHANNEL !!! LOVE YOU BOTH MENTORS !! 🙏🙏🙏🙏💖💖💖💖🔥🔥🔥🔥❤🔥❤🔥❤🔥❤🔥
Thank you so much! Ben is amazing!
@@davidbombal you both are like blessing to me 🙏🙏❤❤
Insightful 👌 it gives me more energy to learn
Happy to hear that!
Nice to see ben here.
Thank you
Thank you for watching! Agreed - great to have Ben back :)
Bug Bounty program saturation is a thing... And in my opinion it's the most important thing to bear in mind when looking at the profitability of your time in a bounty program.
true
Thats one of the most informative videos ive ever seen
David 👌 its absolutely true that interactive hands on is the best way to learn .personally its my preferred choice.
Great content
David and Ben 👍👍
Thank you! Glad you enjoyed the video :)
A great guest, I love his channel.
Agreed! Ben posts amazing content!
@@davidbombal As do you David :)
Thank you :)
the only thing that matters in bug bounty is that how much your are consistent to work on
Interesting topic you presented and keep it up. 😎
Thank you. You can learn so much from Ben!
Brilliant interview as always !
Thanks David Bombal ❤❤❤
Thank you for the Great content with amazing badass guest! Keep on rocking! 👏🤘🔥🔥
Thank u david for this video !!Love from india 🇮🇳
The video idea is brilliant
All credit to Ben :)
Thank You David for another informative interview.
The best Chanel ever!
I've learned so much from your channel and Ben's you guys are helping others everyday :-)
GOOD INFO. 😎👍🏾
Amazing knowledge
Awesome ❤❤❤
Thank you!
Great content again from mr Bombal.
here's a suggestion, maybe DevOps next?
Cool content David as always
Du bon contenu, comme d'habitude continue comme ça.
Thank you!
id really love to get into hacking , is there any specific way or concept to start with ? because it is really overwhelming :( im still an engineering student so if there is any way to start learning this (preferably for free ) i would really appreciate any kind of help . thanks for the cool content
Great content as usual David. Thank you
Thank you David for bringing value people into your interviews as always
Ty
You're welcome!
Just a weird question but when your doing the bug bounty are you grabbing boot leg to check the software? Asking for a friend
Good day sir Mr Davidbombal. He talked about the E1-ELITE behind him is that also a book we could read or probably I could read speaking for myself and if years I'm finding it difficult to get the book
Thanks
#davidbombal ....two legends in one video 💫😇🔥🔥
Thanks David for aspiring we the up coming hackers 🎉❤
حلقه مميزه❤
I think my problem is just writing the reports lately and then when I find it and it work out I try to go longer looking for more and I eventually loose what I had found.
Do you have access to the algorithm or something cause I’m literally learning ethical hacking and I want to do bug bounty
Nice nahamsec here
Agreed. Great to have Ben back again :)
Gone try 👍
All the best!
amazing
Glad you think so! Make sure you subscribe to Ben's UA-cam channel :)
@@davidbombal Of course, I'm a subscriber, you're the best I've ever had
🇩🇿Greetings to you from Algeria
If it ain’t easy, it’s because it’s worth doing.
Great 👍
Good
Thank you!
DAVID PLS REPLY ME. A lot of us have watched your videos specially the one video that you use WiFi adapter to hack WiFi or to do 4 way handshake.
I but I know that a lot of us who are new to hacking or are green hat hackers. We can't find that adapter which supports monitor mode 😩🤔 sooo is there an other way to get the job done and do 4 way handshake using other methods ? Like maybe using python or other tools in Linux or using the powerful module scapy from python ?
I'm saying that a lot of us can't get that WiFi adapter which supports monitor and injection modes.
So what can we do it we can't literally find the WiFi adapter? Other ways to do the job ?
Plsss reply me I'm a big fan and this is very useful information if you can help it would be great;)
good👍
Thank you!
What is VDS ???
Vulnerability Disclosure Programs (VDPs) - more detail here: www.hackerone.com/vulnerability-management/bug-bounty-vs-vdp-which-program-right-you
@@davidbombal Thank you so much David sir 🥰
Is that too much matter called - "TALENT" !!
Are cyber security jobs in danger due To Ai. Sir supposed you are a beginner in IT in this era would you like to enroll yourself in cyber security field?
Don't get fooled by the apparent intelligence of LLMs (and the hype train), they're cool but limited and we'll still need humans for a long time !
@@c0smoslive391 so i can choose cyber security without any hesitation?
I have been thinking about bug bounties, but what if I am slow learning and it takes months to get up to speed, should I still pursue web hacking???
would be difficult.
The more you learn, the less you have to to learn. Persistence is key, I've never seen anyone fail at doing what they love to do.
Helo sir plz Help me i am buying a leptop but very confused plz suggest a under 35k laptop for programming .
I know a South African when i hear one😂
PhD security 😊
i found a way to put kali on an sd card
❤🎉
i really wonder how much of wat u say is BS , or the truth?? prob a mixture of both
Is there an Arabic language? I hope there is an Arabic language in this application
Bug bounty is at best a side gig; a scam at worst. The payout depends on the company, and such companies want to pay as little as possible for the bounty.
Ippsec is my favorite... He is so good in Linux command and I love how he prevesc
you forgot networkchuck!
Or it's probably H1-elite =Hackerone elite !!
so i did some automated api endpoint enumeration testing (via feroxbuster) and managed to get into the /etc/passwd file on my friends web server he allowed me to hack-BUT - this was the contents of the file:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
does anybody know how i can ACTUALLY get a hold of the password hashes for each user here in the second field after the first : ????????
You forgot to mention @LiveOverflow #LiveOverflow
NIGGA WE SHOULD GATEKEEP IT
We forget to mention the one of best in web hacking and the most humble one #Rana_Khalil ❤️❤️ @Ranakhalil101
Thanks for sharing! Rana is amazing!