want to know step by step procedure to start with bugcrowd and what are the known issue mentioned in program, should we ignore thore vulnerabilities. basically want to see bugcrowd and start attack on any program. doesn't matter if you find vulnerability or not.
I didn't came to the comment section for the giveaway... my guess was right.. every comment is worth reading. I got so much useful stuffs from here...there was 195 comment when i wrote this.... I don't have any great tips as others have... Happy hacking, Happy learning... that's it..
1. Recon is very important so that extract all possible information about our target. 2.always try to find vulnerability on a subdomain because big scope to find vuln on a subdomain. 3. Properly read the policy of the program. 4. Keep patience. 5. Always ready to face failures but don't lose your confidence. 5. Don't rely on automation expect(proxy, subdomain finder), always try the manual testing. 6. Not focus on money just focus on learning. 7. Once the bug is found then make a clever report and make by your self don't copy on the google.
My Tip for Bug bounty 1.Don't run for Burpsuite pro, community edition is also good. (chrome tools aswell) 2. In case you feel VM is heavy for your system use docker (make sure save your data before exiting docker). kali is also available in docker and many other images available. 3.Running out of memory because of burp add "-Xmx2g" i.e "java -jar -Xmx2g" (2g is memory allocated to burp). 4.Give more time to your learning 5.Place to inject payloads Cookie,host header,Referal header. 6.Invest in your self 7.Keep yourself mently and physical fit. Twitter handle @mt_ins
That was a quick video giving quite a good insight on GraphQL. Thanks Farah, About the Tip: No point in just watching or reading thru hacktivity / blog, One has to step into action on Bugbounty (Open browser and start cracking) ;)
We asked and you heard. Thank you for the video. That was amazingly explained. 🙌 There are few things that I learnt over the time while doing the bug bounty hunting: 1. Recon is one of the most important steps while understanding the application. There are many parts of the application that people forget to look for and those things can cause pretty serious damage to the organization if not found and reported. So, always do the recon first and do it effectively. As Abraham Lincoln famously quoted, “If I had eight hours to chop down a tree, I'd spend six sharpening my axe.” 2. Always write crisp and clear reports. I cannot stress this enough. Always write the reports that are easy to understand and can provide a good learning experience to everyone reading that report. We all learn from each other. @PranavGadekar9
Automate everything, apply all concepts recursively, do things that nobody else is, research, be persistent, macro recon, micro focus, read bug reports, community learning, collaboration, keep it fun, don't sacrifice wellbeing! Good luck! Grinning face with smiling eyes What do you mean by Automate everything take this example: Suppose we have like 600k URLs , then what bugs can we look for if we go breadth wise and how? Write bash script to Send standard headers along with 'Origin' in every request. git folder common resources e.g. .git info from headers e.g. Jenkins instance, bad CORS page classification e.g. if 'type="password"' in response: login page elseif response == '': blank page subdomain takeover One of the best secret for finding bugs is to never assume anything i feel 100 people can look same features on that application and they will go na sure that is not vulnerable and the 101 people will find the bug. Loook at this article below , he did what 100 people didn't actually missed out to do blog.dewhurstsecurity.com/2014/12/09/how-i-hacked-facebook.html
This video was very helpful. I just came across an application today that utilized graphql and I had no idea where to begin testing it. And then I found you're channel while surfing youtube looking for some anime to watch later in the day. Imagine that! Lol Great stuff. Thanks.
my fav bug bounty tip is: review source code as much you can this can leads sometime advanced exploitation such as : RCE through insecure desirialization :)
My tip : use shodan extension so you can easily find ip , host , port, services running on , 2. If you wanna use GitHub, gitlab tools without downloading in your system usr gitpod.io it's really fast give it a try . 3. Must use container extension so you don't need many browser ,.
First of all, thank you for the video. One question that I have for you is, the inQL scanner you are using, is it only used for converting the GraphQL query into a more readable format or does it provides some other functionalities as well?
in short GraphQL is a query language for your API, and a server-side runtime for executing queries by using a type system you define for your data
4 роки тому
Thank you very much mam for this video this is something new and different knowledge for me thank you very much And my favorite BB tip is when we are close to finding the vulnerability never give up until you find that
Regardless of video and content, which is awesome anyway, the comments below are so awesome as all bug hunter gave their tips to stay motivated. I think this is the best ninjaTecinque to help other hunters. Kudos to you guys..
Farah awesome video this seems like SQL coding with some kind of web based manipulation. I'm new to the bug bounty game but some of the things your teaching are familiar to me. Again great video keep it up
My Fav tip:"Before you ask anyone any questions, make sure you've looked it up and then go back when you've done research but got stuck on actual hard problems" I learned that in my hackerspace, it was hard at first because there was so much to look up but I wouldn't have become who I am without it. Love your stuff Farah, for some reason the music was shifting my concentration from your voice and explanations but that GrpahQL was really good. I'll need to watch it a couple of times will doing a lab to really get the feel of it but it's really good. @GGTioNogu
Pickup One Vulnerability and put rigorous amount of effort and not to take the report lightly because it's one of the major component ! Thanks @SabujMaity9
I am just starting learning about web applications can you recommend me any good book for learning web application architecture and the technologies used. Up untill now i have been reading web application hacker's handbook and searching about the terms on youtube or on google. Do you think it is good way to learn it?
didi apne english me bola kush samaj me aya kush nahi magar ap ki awaj kitani ashi he hy raba ap kitani sundar ho didi mene hacking shikhana habi suru kiya he me class9 me hu magar suru kase karu is par ak video banado didi
My favorite BB tip is: Go through the application manually and try to know how it works and how its supposed to function, this may help in two ways: 1. You might find a logic flaw and report it or maybe you can exploit it to get a greater hold of the application. 2. You may prevent the clause of "Its the intended functionality". Twitter-handle: @ujjwaltyagi355 Well, I am learning web application testing, so a pentester lab subscription will be really helpful for me. Thank you.
A suggestion: Can you please keep the mouse pointer visible? It'd help us follow along. Otherwise, viewers might miss things if you clicked some button they weren't looking at. My Bug Bounty Tip: Follow Farah Hawa' YT channel. haha kidding. My tip would be, to explore every single functionality and end point like a normal user before attacking. Read every single request, every single response. You never know a redirect page's response might give you something interesting. The more you know about your target, the more you will find bugs. The time spend understanding the target really pays off.
Well the tip i would give is recon as much as possible and also look for endpoints in javascript as they are more vulnerable then endpoints defined in webpages. Also do look for bussiness logical bugs as they cannot be technically be patched easily. Don't have twitter btw lol 😅
1) clear your mindset about bugbounty ( learning > money) 2) Always focus the target as it’s a fresh one 3) Always look at the path less visited. Hunt on subdomain rather than main domain Twitter - @Hacker4u5
Bug bounty is all about gaining and sharing. I would like to thank all the people who have contributed their knowledge and made this easier. :) “When you move your focus from competition to contribution life becomes a celebration. Never try to defeat people, just win their hearts.” --Buddha @kira_dhakal
Firstly start exploring the application without jumping to the pen testing tool ofcourse u can make use of browser dev tools. Always look at the path less travelled but sometimes u may find something in the normal path(frequently travelled) as an example Whatsapp bug discovered in 2019 which allowed the receiver to upgrade it to a video call without the knowledge of the individual making the voice call. It was a serious security issue. The reporter was an engineer graduate and made in to the Facebook Hall of Fame 2019. Twitter handle: @I_m_Saj
For Subdomain Takeover always look for CMS as well and not only CNAME. Recently i saw that CMS was netlify but CNAME was not there so i went ahead to takeover and it was successfull. Just you have to upload .html on github account because it takes input from github and that's it. @rajesh1kumawat
If you are testing an application then you should check the application that how is it working? And check each and every request of the application because any of the requests may be vulnerable with any of the vulnerability. Twitter handle: @sengarharshit1
New to bug bounty so haven't found much... I have learnt about IDORs and csrf attacks which are pretty interesting... thanks for the videos and help❤️ and if i am lucky then contact me through linkedin(we had a chat recently)
Hi Farha, those are new like me, dont know how to use github repository, could you please make a video to show how to setup lab with github repository.
Focus on one target & one vulnerability at a time & try to find it everywhere, say xss ..find every input field , parameters on pages, js variables then inject payloads, see what's filtering & try to bypass that. Twitter : @Samarth03_
Tip : 1. Always check the functionality of the application to get a better picture of the application 2. Try to recon to get all the information 3. Test the basic vulnerability before going to bigger ones 4. Never give up Twitter handle : @airbender123321
#ProTips 1. Fingerprinting tools and techniques 2.Prince' s started git hub projects 3. AWS metadata API 4. Learn about CVE's from bug bounty twitter account 5. Minimize false positive using meme types
It's a wrong tip. you don't have to build google to hack google. you have to know how Google works. knowing how it works and how it build is different. hope u get the idea
@@remonsec But Both Flows Is The Same Direction, Knowing How it Works is Good , But When You Know How it is Built , You Will Get a Clear Assumption of The Codes. And The Wise Guesses Might Also Lead to Bugs 🤑
@@SMHTahsin33 if someone already from development area then its okay. but if a nondevelopment person start following that how to build method then he maynot able to touch the website at all. i saw people who learning php and js from last 7-8 months and not able to test a single bug. in this case if i follow learn how to buld then i may not able to see the website from a security point of videw at all.
music is little high. can u reduce volume of music in next video.(just a little bit). even this lvl is not a problem at all, however here i have to put little effort to isolate your voice and concentrate on that rather than music.
1.Always read source code and java script files 2. Stick to one program for long time. 3. For beginners start with vdp and start hunting for idor , csrf, xss , ssrf. 4. WebSecAcademy is great for beginners and to get advanced , pentesterlab is also very good. @hemanth1261
My favorite tip from this video was how you used InQL, I had been previously hacking on a graphQL target without using that and it helps so much now. @JoelMonteres
Stick to one specific BB program or stick to one specific attack type. Whenever you find userid or any such id, send that request to repeater nd try modifying the ids #EasyIDOR @skylinegeek
Comment and let me know your favourite bug bounty tip as well as your own Twitter handle! The giveaway closes on 22nd July 2020. :)
You made comment section a blog post. .......
Cyber Pirate 😇😇
want to know step by step procedure to start with bugcrowd and what are the known issue mentioned in program, should we ignore thore vulnerabilities. basically want to see bugcrowd and start attack on any program. doesn't matter if you find vulnerability or not.
@@cyberpirate007 hey dude what r u doing here 😂😂
@@aviralgupta9869 Hey I think i know this guy......🤔🤔
I didn't came to the comment section for the giveaway...
my guess was right.. every comment is worth reading. I got so much useful stuffs from here...there was 195 comment when i wrote this....
I don't have any great tips as others have...
Happy hacking, Happy learning...
that's it..
i feel like i learned more from this video than an entire day of graphql documentation reading lol thank you so much for uploading this!
Yes, documentation is often overrated. They are good in case we want to find specific details though.
1. Recon is very important so that extract all possible information about our target.
2.always try to find vulnerability on a subdomain because big scope to find vuln on a subdomain.
3. Properly read the policy of the program.
4. Keep patience.
5. Always ready to face failures but don't lose your confidence.
5. Don't rely on automation expect(proxy, subdomain finder), always try the manual testing.
6. Not focus on money just focus on learning.
7. Once the bug is found then make a clever report and make by your self don't copy on the google.
My Tip for Bug bounty
1.Don't run for Burpsuite pro, community edition is also good. (chrome tools aswell)
2. In case you feel VM is heavy for your system use docker (make sure save your data before exiting docker). kali is also available in docker and many other images available.
3.Running out of memory because of burp add "-Xmx2g" i.e "java -jar -Xmx2g" (2g is memory allocated to burp).
4.Give more time to your learning
5.Place to inject payloads Cookie,host header,Referal header.
6.Invest in your self
7.Keep yourself mently and physical fit.
Twitter handle @mt_ins
Feel proud to see your efforts so far! All the best Farah!
That was a quick video giving quite a good insight on GraphQL. Thanks Farah,
About the Tip:
No point in just watching or reading thru hacktivity / blog, One has to step into action on Bugbounty (Open browser and start cracking) ;)
Hi, I’m just newbie to this bug hunting and I’m doing lot recon and googling to understand the web apps. Your videos are lot of informative. Bravo!
We asked and you heard. Thank you for the video. That was amazingly explained. 🙌
There are few things that I learnt over the time while doing the bug bounty hunting:
1. Recon is one of the most important steps while understanding the application. There are many parts of the application that people forget to look for and those things can cause pretty serious damage to the organization if not found and reported. So, always do the recon first and do it effectively.
As Abraham Lincoln famously quoted, “If I had eight hours to chop down a tree, I'd spend six sharpening my axe.”
2. Always write crisp and clear reports. I cannot stress this enough. Always write the reports that are easy to understand and can provide a good learning experience to everyone reading that report. We all learn from each other.
@PranavGadekar9
I just got started hacking graphql and this is so helpful thanks Farah! Keep up the awesome work ❤️
Automate everything, apply all concepts recursively, do things that nobody else is, research, be persistent,
macro recon, micro focus, read bug reports, community learning, collaboration, keep it fun,
don't sacrifice wellbeing! Good luck! Grinning face with smiling eyes
What do you mean by Automate everything take this example:
Suppose we have like 600k URLs , then what bugs can we look for if we go breadth wise and how?
Write bash script to Send standard headers along with 'Origin' in every request.
git folder
common resources e.g. .git
info from headers e.g. Jenkins instance, bad CORS
page classification e.g.
if 'type="password"' in response:
login page
elseif response == '':
blank page
subdomain takeover
One of the best secret for finding bugs is to never assume anything i feel 100 people
can look same features on that application and they will go na sure that is not vulnerable
and the 101 people will find the bug.
Loook at this article below , he did what 100 people didn't actually missed out to do
blog.dewhurstsecurity.com/2014/12/09/how-i-hacked-facebook.html
Cutest pentester ever .... good job Farah! Keep it up !
Awesome.... I literally stunned... In the end of the video I just click the subscribe button... ❤️
Very informative...I needed this . Short and to the point
This video was very helpful. I just came across an application today that utilized graphql and I had no idea where to begin testing it. And then I found you're channel while surfing youtube looking for some anime to watch later in the day. Imagine that! Lol Great stuff. Thanks.
my fav bug bounty tip is:
review source code as much you can this can leads sometime advanced exploitation such as : RCE through insecure desirialization :)
@hackR i know that buddy if i have to copy and paste i would pasted some good tip...this is my own tip
@hackR bany begineer skips to review source code beacause it is frustating..but if u reviwed it patiently you can get some good stuff
My tip : use shodan extension so you can easily find ip , host , port, services running on ,
2. If you wanna use GitHub, gitlab tools without downloading in your system usr gitpod.io it's really fast give it a try .
3. Must use container extension so you don't need many browser ,.
Oh my Twitter handle is @fuxksniper , thanks for video
I learned a lot from this video, thank you Farah
Thank you very much for your fast and very clear explanation of these types of attacks! I really appreciate the effort you put into this video.
Amazing Farah!!! 🌸💕💕💕
First of all, thank you for the video. One question that I have for you is, the inQL scanner you are using, is it only used for converting the GraphQL query into a more readable format or does it provides some other functionalities as well?
It generates some queries for us by automating Introspection. It's not as effective as manually doing it imo, but still pretty helpful.
Thanks for the info.
in short GraphQL is a query language for your API, and a server-side runtime for executing queries by using a type system you define for your data
Thank you very much mam for this video this is something new and different knowledge for me thank you very much
And my favorite BB tip is when we are close to finding the vulnerability never give up until you find that
Hello farah , kali linux or ubuntu ,which os should I use and which type of security tools you use to protect your self from getting cought ?
Keep target in mind and work for it and search everything and always have latest information in IT @phoenix
My Tip is, give equal time to every vulnerability in your program. You don't know what you gonna find
She was looking so cute in the thumbnail... ❤️❤️❤️❤️
Very useful video, thanks,
We are waiting for your next video
You gave me a free 500 points on CTF, thank you!
Regardless of video and content, which is awesome anyway, the comments below are so awesome as all bug hunter gave their tips to stay motivated. I think this is the best ninjaTecinque to help other hunters. Kudos to you guys..
Farah awesome video this seems like SQL coding with some kind of web based manipulation. I'm new to the bug bounty game but some of the things your teaching are familiar to me. Again great video keep it up
My Fav tip:"Before you ask anyone any questions, make sure you've looked it up and then go back when you've done research but got stuck on actual hard problems" I learned that in my hackerspace, it was hard at first because there was so much to look up but I wouldn't have become who I am without it.
Love your stuff Farah, for some reason the music was shifting my concentration from your voice and explanations but that GrpahQL was really good. I'll need to watch it a couple of times will doing a lab to really get the feel of it but it's really good. @GGTioNogu
I found a introspection vulnerability in a website now should i exploit more or that much is enough
Pickup One Vulnerability and put rigorous amount of effort and not to take the report lightly because it's one of the major component !
Thanks
@SabujMaity9
U r doing great sis. Keep it up.
Love frm Bangladesh
I am just starting learning about web applications can you recommend me any good book for learning web application architecture and the technologies used. Up untill now i have been reading web application hacker's handbook and searching about the terms on youtube or on google. Do you think it is good way to learn it?
didi apne english me bola kush samaj me aya kush nahi
magar ap ki awaj kitani ashi he hy raba ap kitani sundar ho didi
mene hacking shikhana habi suru kiya he me class9 me hu magar suru kase karu is par ak video banado didi
My tip is that donot look for bugs where everyone is looking, think and find a place where no one had looked for
My favorite BB tip is:
Go through the application manually and try to know how it works and how its supposed to function, this may help in two ways:
1. You might find a logic flaw and report it or maybe you can exploit it to get a greater hold of the application.
2. You may prevent the clause of "Its the intended functionality".
Twitter-handle: @ujjwaltyagi355
Well, I am learning web application testing, so a pentester lab subscription will be really helpful for me.
Thank you.
A suggestion: Can you please keep the mouse pointer visible? It'd help us follow along. Otherwise, viewers might miss things if you clicked some button they weren't looking at.
My Bug Bounty Tip: Follow Farah Hawa' YT channel. haha kidding. My tip would be, to explore every single functionality and end point like a normal user before attacking. Read every single request, every single response. You never know a redirect page's response might give you something interesting. The more you know about your target, the more you will find bugs. The time spend understanding the target really pays off.
Here's a tip, dont be afraid to ask for help from the community
so pretty (explaination)
Always focus the target as it’s a fresh one
Well the tip i would give is recon as much as possible and also look for endpoints in javascript as they are more vulnerable then endpoints defined in webpages. Also do look for bussiness logical bugs as they cannot be technically be patched easily. Don't have twitter btw lol 😅
1) clear your mindset about bugbounty ( learning > money)
2) Always focus the target as it’s a fresh one
3) Always look at the path less visited. Hunt on subdomain rather than main domain
Twitter - @Hacker4u5
Nice Explanation. Ma'am can you please make videos, in which we can see working POC of different vulnerabilities.
Bug bounty is all about gaining and sharing. I would like to thank all the people who have contributed their knowledge and made this easier. :)
“When you move your focus from competition to contribution life becomes a celebration. Never try to defeat people, just win their hearts.” --Buddha
@kira_dhakal
Hi fara really useful video... 😉
great job farah
would you like to tell us that what are your qualifications?
Recon properly because it tells you where exactly you need to hunt for bug
@keerthik_krs
Hey, Thanks for explaining the things in easiest way possible. :)
The music makes it feel like I am watching Khana Khazana but for Hacking lol
Great job! 🎉
So you also tech hacking,ceber security course?
Good content, thanks for share with the community.
I am liking your content, you should try to make the videos on more frequently.
jazakallah khairun
keep it up
can you please do this kind of video for grpc services?
Nicely explained!!
Will email work? FOR giveaway
Have a insight of the place where you are planning to attack and dig as much as possible..
"Persistence is very important. You should not give up unless you are forced to give up" - Elon Musk
@p0i5on8
Firstly start exploring the application without jumping to the pen testing tool ofcourse u can make use of browser dev tools. Always look at the path less travelled but sometimes u may find something in the normal path(frequently travelled) as an example Whatsapp bug discovered in 2019 which allowed the receiver to upgrade it to a video call without the knowledge of the individual making the voice call. It was a serious security issue. The reporter was an engineer graduate and made in to the Facebook Hall of Fame 2019.
Twitter handle: @I_m_Saj
Bug Bounty Tip: Always use a screen recorder cause sometimes mind works on moments that we miss while writing reports.
Twitter handle:@vivekray903
Bug Bounty Tip: "Try try try but don't cry".
I'm not sure if you already did but I think you'd be a great guest via zoom on Paul Security Weekly 😁👍🌞🖖
Don’t feel your starting late.its never late to do anything @AnubhavSingh_
Am I late now
In your early days don't run for money, go for knowledge it will pay you back - Heath Adams(TCM)
Twitter - amoljaiin
suggest turn off the bgm...sound a little noisy
Be hungry for knowledge, give back to the community, don’t be afraid to fail, and enjoy the ride...
@_vivekkamble_
For Subdomain Takeover always look for CMS as well and not only CNAME.
Recently i saw that CMS was netlify but CNAME was not there so i went ahead to takeover and it was successfull. Just you have to upload .html on github account because it takes input from github and that's it.
@rajesh1kumawat
Funny short story I did MySQL coding assignments on an LG optimus screen🤣😆 which riding in a work truck on an icy Michigan road 😆🤣
@Cipher_942
Use shodan for looking out of vulnerable IP's of the target to smbv3 (RCE)
Focus on Testing and learning something new insted to earn money 💰 😊
You put up a video and see how "easy" it is
@@EdwardAmarh-01 go check my channel 😂
IDOR !! it's BOLA in the context of APIs
Start from basic. Go step by step. Don't loose hope. Keep trying. @Hardeek_Patel
Since i am a beginner I can't help much, but I am suggested to use burpsuite as a tool for searching bugs.
@prorajnikant
My favorite tip is: clear your mindset about bug bounty ( learning > money)
@vs_luther
if you find a vulnerability ... don't stop at that ... try to find more ! @vibhummusic
If you are testing an application then you should check the application that how is it working? And check each and every request of the application because any of the requests may be vulnerable with any of the vulnerability.
Twitter handle: @sengarharshit1
As a beginner where I have to start
I like your video Farah, me I know what is that lab you are using? Thanks in advance
ML gcstriker check description :)
@@FarahHawa ohh, sorry. I got excited to msg you and forgot to check the description. hehehe. anyways thank you.
New to bug bounty so haven't found much... I have learnt about IDORs and csrf attacks which are pretty interesting... thanks for the videos and help❤️ and if i am lucky then contact me through linkedin(we had a chat recently)
Hi Farha, those are new like me, dont know how to use github repository, could you please make a video to show how to setup lab with github repository.
KING乡Akii you’ll find instructions to set it up on the github repository, it’s different for every lab.
Focus on one target & one vulnerability at a time & try to find it everywhere, say xss ..find every input field , parameters on pages, js variables then inject payloads, see what's filtering & try to bypass that.
Twitter : @Samarth03_
Please make a video on RESTful APIs, that would be helpful :)
Tip :
1. Always check the functionality of the application to get a better picture of the application
2. Try to recon to get all the information
3. Test the basic vulnerability before going to bigger ones
4. Never give up
Twitter handle : @airbender123321
#ProTips
1. Fingerprinting tools and techniques
2.Prince' s started git hub projects
3. AWS metadata API
4. Learn about CVE's from bug bounty twitter account
5. Minimize false positive using meme types
"Learn to make it; then break it!"
It Might Be The Root Of Learning Each and Every Bug :D
It's a wrong tip.
you don't have to build google to hack google.
you have to know how Google works.
knowing how it works and how it build is different.
hope u get the idea
@@remonsec But Both Flows Is The Same Direction, Knowing How it Works is Good , But When You Know How it is Built , You Will Get a Clear Assumption of The Codes. And The Wise Guesses Might Also Lead to Bugs 🤑
@@SMHTahsin33 if someone already from development area then its okay. but if a nondevelopment person start following that how to build method then he maynot able to touch the website at all. i saw people who learning php and js from last 7-8 months and not able to test a single bug. in this case if i follow learn how to buld then i may not able to see the website from a security point of videw at all.
@@remonsec But They Will Get a Better Result In The Future, Everything Needs Time.
Can be. But it should be a side activity for bug bounty hunter. All h1 and bc top hunters don't know how to code. All just bash oneliner
music is little high. can u reduce volume of music in next video.(just a little bit). even this lvl is not a problem at all, however here i have to put little effort to isolate your voice and concentrate on that rather than music.
and please don't consider this comment for giveaway as i am a complete noobie and there is no way i will be able to make use of give-away.
Nice video! Keep it up!
got a doubt how u got ur localhost in 0.0.0.0
2nd Comment! This video is awesome!
1.Always read source code and java script files
2. Stick to one program for long time.
3. For beginners start with vdp and start hunting for idor , csrf, xss , ssrf.
4. WebSecAcademy is great for beginners and to get advanced , pentesterlab is also very good.
@hemanth1261
Never throw away your data
Focus on learning one bug class one at a time and go really deep on that bug @ahmedlshnawy2
If you are not finding any bugs just take some time play ctfs learn new techniques and try again later and never give up
@ag3nt700
Always assume that you know nothing and be curious to learn anything.
@TheAmanSanghai
My favorite tip from this video was how you used InQL, I had been previously hacking on a graphQL target without using that and it helps so much now. @JoelMonteres
Stick to one specific BB program or stick to one specific attack type.
Whenever you find userid or any such id, send that request to repeater nd try modifying the ids #EasyIDOR
@skylinegeek
Using OSINT skills to find sensitive data @_Alphagens