2023 Path to Hacking Success: Top 3 Bug Bounty Tips

He made $100K in 2 months from Bug Bounty! Learn from one of the best!
Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: brilliant.org/DavidBombal
Ben (Nahamsec) hacks platforms legally and with their permission! He gives us his top 3 Bug Bounty tips for 2023.
// Websites recommended by Ben //
* hackerone.com
* www.bugcrowd.com/
* picoctf.org/
* portswigger.net/web-security
* www.intigriti.com/
* www.hacker101.com/
* www.synack.com/
// Ben’s Social //
Twitch: www.twitch.tv/nahamsec
UA-cam: ua-cam.com/users/nahamsec
Github: github.com/nahamsec
Instagram: instagram.com/nahamsec
Twitter: twitter.com/NahamSec
Website: nahamsec.com/
// Videos mentioned //
Ben's $100K video: ua-cam.com/video/TKIEXwOcbfc/v-deo.html
Kali Linux Nethunter Android Install in 5 minutes (Rootless): ua-cam.com/video/KxOGyuGq0Ts/v-deo.html
// UA-cam channels recommended by Ben//
@InsiderPHD: www.youtube.com/@InsiderPhD
@FarahHawa: www.youtube.com/@FarahHawa
@STOKFredrik: www.youtube.com/@STOKfredrik
@phd_security: www.youtube.com/@phd_security
@_JohnHammond: www.youtube.com/@_JohnHammond
@IamJakoby: www.youtube.com/@IamJakoby
@HackerSploit: www.youtube.com/@HackerSploit
@BugBountyReportsExplained: www.youtube.com/@BugBountyReportsExplained
// Recommended Books //
Atomic Habits by James Clear: amzn.to/46D8yDE
Hacking API’s by Corey J. Ball: amzn.to/3NRTafh
Bug Bounty Bootcamp by Vickie Li: amzn.to/3JAPZWS
The Web Application Hacker’s Handbook 2 by Daffyd Stuttard and Marcus Pinto: amzn.to/3XvNmLp
// MENU //
00:00 - Coming up
01:00 - Brilliant sponsored segment
02:31 - Making $100K in 2 months with bug bounty
04:43 - Top 3 tips for starting with bug bounty
06:15 - Top 3 technical tips for bug bounty
08:10 - "Don't learn to hack, hack to learn" // Consistency is key
11:32 - Top 3 free learning platforms for bug bounty
12:47 - Top 3 bug bounty platforms
15:08 - Vulnerability Disclosure Programs // How VDPs can open doors to opportunities
19:55 - Top 3 recommended UA-cam channels
21:27 - Top 3 recommended books
22:17 - Top 3 technologies to understand
23:45 - Helping others // Twitch, UA-cam & Twitter
25:35 - Conclusion
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

David, I must express my deep appreciation and enjoyment for your videos. I've had the pleasure of watching around 30 to 40 of them, and with each one, I've gained valuable insights and knowledge. Your collaborations with other influential creators have been truly inspiring as you mutually support and uplift one another. I also want to mention that Ben's content is excellent; I hadn't come across him before, but now I'm eager to explore his videos as well. Your dedication and passion in creating these videos fuel my own aspirations, providing me with the inspiration and motivation I need to pursue my goals. I want to extend my heartfelt gratitude for everything you do for all of us. Thank you! You are a legend!

New sub! Thanks both. Circumstances changed for me in December, been looking for a complete change so my lifelong fascination with computers is now becoming the focus with a view to getting into IT, and this is definitely a field of interest. Currently doing the basics, A+ net+ and hopefully sec+ but more with a view to filling in the blanks rather than to get a help desk job. It's a journey not a destination so learning a little every day. Thanks for the great content.

Thanks David for the interview.
It's informative and gives confidence.

Very informative video! Thanks a ton for all the valuable information, looking forward to starting my journey

Been waiting for such interview a lot. Hope u do more videos like this in the future 🙏🙏.
Really appreciate what u r doing for the community David❤❤ .

Wow! That was so informative and encouraging. I started on the bug bounty path earlier this year and became quickly overwhelmed and discouraged. This video (David's insightful questions and Ben's thoughtful answers) has prompted me to reset, reassess, and start over with a more positive outlook. Many thanks to both Ben and David -- and yes, I've subscribed to both.

I felt alot of what he said, especially as a bjj competitor you learn that everything needs consistency and teamwork

Thanks David Bombal ❤❤❤

Insightful 👌 it gives me more energy to learn

Amazing knowledge

I've been following you ever since I got into hacking. I gotta say it, these interviews that you are doing is pretty amazing and nothing like the content you've made before. Always brings something new and interesting to the table. Please, keep it up. Looking forward to seeing more amazing guys soon.

Great video... Really motivated me a lot... I would also suggest another guy kinda in the pentesting side that's Sabyasachi. His explanation is awesome. Though he's new to content creation but still has valuable content. 🤗

Thank you for the Great content with amazing badass guest! Keep on rocking! 👏🤘🔥🔥

Brilliant interview as always !

Thats one of the most informative videos ive ever seen

Great advice thanks for this guys :) Something i am doing is Hack The Box Academy with walkthrough videos if i get stuck and then going to be doing Hack The Box guided mode after the academy as want to change from sysadmin to Cyber Security. I am 42 and was inspired by one gentleman who was 50 and got into hacking :)

I've learned so much from your channel and Ben's you guys are helping others everyday :-)

Great content as usual David. Thank you

Cool content David as always

David 👌 its absolutely true that interactive hands on is the best way to learn .personally its my preferred choice.
Great content
David and Ben 👍👍

Subscribed. I see bug bounty as my retirement plan for extra cash. I have been doing IT and cyber security work since 95 and this may be a good way to keep me sharp and earn a few extra dollars. It will be nice not having to work except when I want to.

Interesting topic you presented and keep it up. 😎

Great content again from mr Bombal.
here's a suggestion, maybe DevOps next?

Thank u david for this video !!Love from india 🇮🇳

Just a weird question but when your doing the bug bounty are you grabbing boot leg to check the software? Asking for a friend

حلقه مميزه❤

The best Chanel ever!

Thank you David for bringing value people into your interviews as always

A great guest, I love his channel.

GOOD INFO. 😎👍🏾

Du bon contenu, comme d'habitude continue comme ça.

Nice to see ben here.
Thank you

I recently turned 17 and about two years ago I made around 8k of off web hacking
I get very frustrated when I spend days on target and I don't find anything, that's why I'm switching to web3 and smart contract hacking tbh, at least you're investigating your time with something worth the effort

Bug Bounty program saturation is a thing... And in my opinion it's the most important thing to bear in mind when looking at the profitability of your time in a bounty program.

Ty

Thanks David for aspiring we the up coming hackers 🎉❤

The video idea is brilliant

Good day sir Mr Davidbombal. He talked about the E1-ELITE behind him is that also a book we could read or probably I could read speaking for myself and if years I'm finding it difficult to get the book
Thanks

THE FREAKING INTERVIEW / VIDEO / COLLAB WE NEEDED ON THIS CHANNEL !!! LOVE YOU BOTH MENTORS !! 🙏🙏🙏🙏💖💖💖💖🔥🔥🔥🔥❤‍🔥❤‍🔥❤‍🔥❤‍🔥

Awesome ❤❤❤

#davidbombal ....two legends in one video 💫😇🔥🔥

the only thing that matters in bug bounty is that how much your are consistent to work on

Great 👍

id really love to get into hacking , is there any specific way or concept to start with ? because it is really overwhelming :( im still an engineering student so if there is any way to start learning this (preferably for free ) i would really appreciate any kind of help . thanks for the cool content

Do you have access to the algorithm or something cause I’m literally learning ethical hacking and I want to do bug bounty

Gone try 👍

I think my problem is just writing the reports lately and then when I find it and it work out I try to go longer looking for more and I eventually loose what I had found.

amazing

Good

Nice nahamsec here

good👍

Helo sir plz Help me i am buying a leptop but very confused plz suggest a under 35k laptop for programming .

If it ain’t easy, it’s because it’s worth doing.

DAVID PLS REPLY ME. A lot of us have watched your videos specially the one video that you use WiFi adapter to hack WiFi or to do 4 way handshake.
I but I know that a lot of us who are new to hacking or are green hat hackers. We can't find that adapter which supports monitor mode 😩🤔 sooo is there an other way to get the job done and do 4 way handshake using other methods ? Like maybe using python or other tools in Linux or using the powerful module scapy from python ?
I'm saying that a lot of us can't get that WiFi adapter which supports monitor and injection modes.
So what can we do it we can't literally find the WiFi adapter? Other ways to do the job ?
Plsss reply me I'm a big fan and this is very useful information if you can help it would be great;)

What is VDS ???

PhD security 😊

I have been thinking about bug bounties, but what if I am slow learning and it takes months to get up to speed, should I still pursue web hacking???

❤🎉

Are cyber security jobs in danger due To Ai. Sir supposed you are a beginner in IT in this era would you like to enroll yourself in cyber security field?

i found a way to put kali on an sd card

I know a South African when i hear one😂

Is there an Arabic language? I hope there is an Arabic language in this application

i really wonder how much of wat u say is BS , or the truth?? prob a mixture of both

Bug bounty is at best a side gig; a scam at worst. The payout depends on the company, and such companies want to pay as little as possible for the bounty.

Ippsec is my favorite... He is so good in Linux command and I love how he prevesc

you forgot networkchuck!

Or it's probably H1-elite =Hackerone elite !!

so i did some automated api endpoint enumeration testing (via feroxbuster) and managed to get into the /etc/passwd file on my friends web server he allowed me to hack-BUT - this was the contents of the file:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
does anybody know how i can ACTUALLY get a hold of the password hashes for each user here in the second field after the first : ????????

You forgot to mention @LiveOverflow #LiveOverflow

NIGGA WE SHOULD GATEKEEP IT

We forget to mention the one of best in web hacking and the most humble one #Rana_Khalil ❤️❤️ @Ranakhalil101

Thank You David for another informative interview.