Bug Bounty Course 2024 Updated
Вставка
- Опубліковано 28 чер 2024
- All my videos are for educational purposes with bug bounty hunters and penetration testers in mind UA-cam don't take down my videos 😉 Ethical hacking web application hacking and bug bounty hunting
Install Virtual Machine • Beginner to Advanced B...
links to resources used in this course
overthewire.org/wargames/natas/
sourceforge.net/projects/juic...
gchq.github.io/CyberChef/
perspectiverisk.com/mssql-pra...
www.invicti.com/blog/web-secu...
tryhackme.com
hackerone.com
hackthebox.com
www.jetbrains.com/pycharm/dow...
• Beginner Bug Bounty Co...
chrome download - www.google.com/chrome/downloads/
chrome driver - chromedriver.chromium.org/dow...
0:00 About the course
1:33 ALL about Recon
01:46:33 URL Hacking
02:08:52 Installing Juice Shop
02:17:06 IDOR & BL
03:05:25 Updated IDOR
03:13:25 Updated SQL Injection
04:10:02 Path Traversal
04:28:03 Updated XML & XXE
04:42:05 Updated HTML & JavaScript
05:38:23 Updated XSS Cross Site Scripting
06:02:35 Updated API Enumeration
06:16:507 Updated JWT Hacking
06:25:56 SSRF Server Side Request Forgery
06:48:30 Command Injection
07:14:30 File Upload
07:35:42 LFI & RFI
08:04:53 Cookies and Tokens
08:25:32 Wordpress and CMS
08:49:25 Introduction to Python
09:44:46 Python GitHub Scraper
10:40:46 Introduction to Bash Scripting
Many many thanks for this. This is awesome. I would prefer each chapter as a separate video in a playlist as trying to work along at the same time searching the timeline is a nightmare.
Awesome contents! Bravo . Been going through your 😢 past courses on your bug bounty for the past couple of days while going via the HTB CPTS . Bravo!
Damn I watched "How to start Bug Bounty 2023" last year, passed my PJWT cert this year, found recently my first bug, but I'm still gonna watch this year edition, always something new to learn!
Hi! Congratulations on your PJWT certification. I have a question to ask you. When you finished "How to start Bug Bounty 2023" last year, what did you do next? Because right now, I'm a bit lost. I don't know where to learn new things and where to practice for free. Hack The Box seems interesting, but it paid. If you can help me, thank you.
what type of bug?
@@Nckstr983 I've found Reflected XSS with ATO
@@Nckstr983 Reflected XSS with ATO
Boss, could you please create a comprehensive video series covering advanced topics such as advanced time based blind SQL injection injection, XSS, LFI, RFI, and RCE, including the process of uploading web shells on Apache and IIS web servers in live website scenarios? Traditional platforms like test.vulner, DVWA, bWapp, PortSwigger, etc., fail to address real-world challenges like identifying origin IPs, DNS brute force attacks, reverse IP lookups, WAF/IDS/IPS circumvention, AWS/CDN/Tor, reverse proxies, and CMS security 🤙. Your unique content would be invaluable in educating the bug bounty hunting community about genuine issues and solutions. Thanks in advance for your contributions to the community.
Boss he is making for beginners not for advance people
Try Harder
But boss those beginners will need advance topic some day @@Yellow_Wolf25
yeah i think there should be a real world example cuz after doing these courses we often face the difficulties that whenever we try to go for bug bounties we have seen that we are far behind to find a decent vulnerability i myself is now trying out burp suite labs to get some professional way of finding bugs i hope to get a better video or place where i can train myself to find decent vulnerabilities
Boss trying to flex with reverse ip lookup lol
OMG, this is a massive course. Thank you so much for all your effort and commitment with our community.💗💓💖
At 8:03:33 "i:0" works for the access token because the server is comparing the access_token that is in our cookie to a valid one on the server. When it compares the two it uses the "==" operator. This operator behaves differently in PHP, basically our token is stored as a string normally, but if we modify the token in our cookie it to be an integer 0, it will cause the server to compare an integer to a string. PHP is weird in that it automatically tries to convert strings to integers if you ever try to compare the two with the "==" operator. If the string happens to start with a nonnumerical character it'll just convert the string to the integer 0. So 0=0 will evaluate as true and the access_token will be valid.
You read my mind man, thanks sir your content can't be matched on youtube, we're really glad that you provide such a quality content. Going to complete in two days anyhow, thanks a lot man : )
11 hour course and It's free, you are god send sir, thank you so much.
Thank you for your hard work and quality content that you share with us
Thanks man I usually don't watch this kind of content, but after seeing the length of it I got intrigued and now I'm half an hour in😅
ive learned alot from the key group of ethical hackers who make content but your full free guides take the cake man! appreciate the time you all put in!
ty man gonna watch it throughout the next two weeks or so
Thank You a lot for all Your effort!
Wow i just got about an hour into your other bug bounty course and was loving it. Now time to switch to this course 😂
thank you so much for this! will have to watch it again for full video, after AOC
Thank you for such a great work 😊
Thanks for the course!
Great content... Great to explore for beginners
Thank you very much this course is the best ❤
I just got into hacking a few months ago, and your videos have been a massive help to me. I have yet to get into the bug bounty hunting process, but I'm excited to get started!
Thanks for the impressive guides!
How?
thanks for all your hard work
Really appreciate your content.
This is awesome! Thanks man.
shout out to you man, thanks for providing this good content
Salute.... Thank you so much
thanks thanks thanks every detail of the update version of the previous version of the 11 hr course was written by hand the lines of code and references basically a lot of incredible stuff was written, I hope you read it because you are helping a lot with my work thanks we will still hunt a bug together I will be active thanks for the content really wtf bro this new version of yours is advanced vision a hug I hope you read it, a hug from a bughunter thanks again golden content
Thank You so much for your generosity 🙏❤️
Legend ❤ thanks
You are really awesome Man👍
Thank you sir ❤
Currently on the bash scripting part. Made till this far. I would just say a single word for this course and it is : marvelous
You are the best
How did you achieve that smooth camera movement in this video?
Thank you so much❤
thank you
MASSIVE, thanks a lot! Will you update your existing Udemy course as well? Or create another one? :) Thanks
really appreciate this course if youre still looking for suggestions would love to see more in depth and advanced videos on JWT hadnt ever really encountered that topic till now and its pretty cool. are these becoming prevalent in the wild?
hey currently at the jucie shop part, is it okay that I do all of these challenges on my normal desktop(windows) not a virtual machine ?
Thank you very much for your great effort!!
Great video
you have that first mentioned nmap tutorial?
thanks bro
Thanks
Where would I find tutorials from a newbie perspective in a form of baby steps?
Hey, tysm but how can this help in bug boounty hunting as a data analyst?
Thank you very very much!
Ryan John is a good man; and thorough.
Yep, he’s a very very good man! And so say all of us!! 😂
Wow, not many people share this amount of content for free on youtube! I am subscribing just for that!
thanks sir🙏
11:09:45
Condition operators
ge - greater or equal than
le - less or equal than
What about Prototype Pollution?
Do you have a bug bounty pathway you recommend?
Thank you
Legend ❤
at 1:07:11 it shows only sub-domains in the results here, but when i do the exact same line of code with the same flags i get lots and lots of different stuff in it too.
like MX and NS servers, ip's, mac adresses , and like a 100 lines of results. There's no way i can copy/paste all of those easily by how it prints.
Why is my output different?
Anyone please help!
2 hours 31 minutes and 4 seconds into this video you realized you were going to info dump about the backspace idor and cut it ......but that info could have been so valuable....... i support the rambles on this journey lol hopefully that'll be me one day
thank you in my bottom of my heart
Bro I love you
Amazing thanks
nice thank you
Legend
sweet ty sir.
Ty
8:03:28
0 == "Example string" // true
In PHP, when you compare a number to a string using the == operator, PHP will attempt to convert the string to a number if possible. If the string does not start with any numeric characters, PHP will convert it to 0.
So, when you compare 0 == "Example string", PHP converts the string "Example string" to a number, resulting in 0. As both sides of the comparison are now 0, the comparison evaluates to true.
This behavior is part of PHP's type juggling mechanism, where it tries to make sense of comparisons between different types by converting one or both operands to a compatible type.
Bro you saved us really time and money thnx man.
I am a Newbie. Is this a beginner friendly course? I mean what things should i know before jumping into this course?
Btw, thanks for the course 🖤
THANK YOU SO MUCH!!!!!!!!
This is GOLD 🤯❤
Can i be able to discover bugs in bug bounty programs after i watch this course.?
Does this course cover the basic principles for beginners?
yes
Yes, it's actually for beginners happy learning happy hacking.
God Bless you.
Hello. Thanks for the video! I have bought and am about to start your Complete Ethical Hacking Course | Bug Bounty on Udemy. Would you recommend this or the one on Udemy considering this is recently updated? Thank you
which one did you later go for??
sigma❤
Please I want to download your Udemy bug bounty. But it isn’t updated over there, what do I do, or can you please update it?
between your udemy course and this one, which one should I do first or if someone could give me some guidance?
This one its free
Sorry if this is a dumb question but by the end of this course will it be enough to prepare somebody with no prior cybersecurity knowledge to catch their first bug? Thanks and love your channel btw u earned a new sub!❤
Can we get those slides?
cd opt command no such file directory came what can i do
i love you
want more content on jwt
I want to start in the field of cybersecurity, how to follow the roadmap, please answer me,thanks !
Hi, could you please do live bug bounty on vdp that would be really learning experience for us and we would know how a experience bug bounty hunter start a recon and then proceed further
Is it a nice video for begginers who know how to do basic things with linux ?
This course is designed for someone who doesn't know anything and wants to get started in cybersecurity.
@@ryan_phdsec damn! exactly what I need.
need some videos on splunk
Can i start with this course ? am a beginner in the field , I’ve studied ccna and have some security basics, thank you for the answer
yes you can. even the explaination given by this man is easy to under stand and awesome so you should go for it.
thank you teacher
Should I watch the previous version of the bug bounty or just this one ??
only this is enough
amazing please put proxy config tutorial at the beginning of this video to avoid ip-ban as one follows along.
I love you
Amazing video. A request. It's 2024 almost. Can you please make the videos in 4k? Sorry if it sounds rude. :(
hey i would love to know if i should follow this course only or take the one from tcm security
If you want to be a penetration tester do TCM.
Thank you bro
keep up the good work.
hi i was following you video and i have a question is it better to use nmap or another tool call rustscan thanks love the video i learnt a lot 😄😄😄😄😄
hi, when I typed " shodan host (ip address)", it said "403 forbidden". Could you help me on this?
i finished the old one , should i watch this again?
I wouldn't. Just check out the section on API's that will probably be the most benefit from this course vs the old one.
👍🏻
Brother, is this a course for beginners? What will I benefit from when I complete this course?
Knowledge
This course is designed for someone who doesn't know anything and wants to get started in cybersecurity.
Tnx sir how to be install burp suite ??
This is excellent content but if it doesn't answer your Burp question, rs0n_live has a recent, thorough video "Everything You Need to Know About Burp Suite." 😁
thx brudda