The Ugly Truth about Bug Bounty Hunting

Поділитися
Вставка
  • Опубліковано 25 жов 2024

КОМЕНТАРІ • 420

  • @CristiVladZ
    @CristiVladZ  4 роки тому +37

    Recon in Cybersecurity course: bit.ly/cybersecrecon
    Python for Pentesters course: bit.ly/2I0sRkm
    Python Basics course: bit.ly/37cmhlx
    Hands-On Training with PentesterLab PRO: bit.ly/awesomepentester
    For coaching in pentesting and bug bounty: dgtsec.com/cybersec-pentesting-training/

    • @ncb4_69
      @ncb4_69 3 роки тому +1

      thanks for your kind word, my dear sir(senpai-san)
      love from "#BHAI"

    • @ncb4_69
      @ncb4_69 3 роки тому +1

      actually im too stuck in some bullshit and make that mistake again and again, almost 2 year(1 and 8 months) of my time i waste on some f-vid , in late 2019 i stated again but this time i have a goal , being a 'pen tester' currently im not learning too much , only a hour or so, but now im asking myself , what i want to be, bc now i realize how IT is big, and i just need some tips, sorry for my poor English/comment bye

    • @arjunn7683
      @arjunn7683 3 роки тому

      It's true !!!

    • @t.k.8406
      @t.k.8406 3 роки тому

      My problem is getting started to learn the programming languages first.

    • @t.k.8406
      @t.k.8406 3 роки тому

      @l , that's the most solid advice I ever got. However, you said bare metal and I feel like I know what you mean but I really need to be exact on what you mean. You mean make install Kali on a dedicated device as the only OS. A dedicated Kali Linux machine basically?

  • @RN-kl4kp
    @RN-kl4kp 4 роки тому +349

    Probably the only HONEST UA-cam about bug bounty advice I ever saw..

    • @CristiVladZ
      @CristiVladZ  4 роки тому +16

      thank you

    • @RN-kl4kp
      @RN-kl4kp 4 роки тому +13

      @@CristiVladZ no thank you
      For realistic views .

    • @thegreatnihil7854
      @thegreatnihil7854 3 роки тому +4

      @@CristiVladZ Eh, it's good, but it helped me see how far ahead I am than most cysec people because I am interested in operating systems and tinkering, and not the abstract idea of 'cybersecurity'.
      I originally started out in cysec, but in doing that I found a new passion in OS development, too the point that I'm trying too create my own OS on top of a microkernal I like.
      All these people are doing are learning crap like Hack the box. All that canned shit is going too do is teach you how too be a soydev script kiddie.
      Instead of doing all that, install gentoo, become a power-user, make your own server, practicing hardening and attacking it. *Thats* how you get good. If you want too be a good Cysec guy, you *must* be very passionate about computers for computers. I don't even do this for a job, its just a hobby, you must be at that level too actully succeed.

    • @UnknownSend3r
      @UnknownSend3r 3 роки тому +6

      @@thegreatnihil7854 Wow, ive never seen a gate-keeping/humble-brag hybrid before, your statements are not entirely true, there's many roads to success, just look at the diverse background and skillset of the most prolific hackers on hackerones leaderboard and listen to their journey into cybersec - some were deliberate, someone were completely by chance, and some were just tinkerers from a young age . And also, you don't need passion to succeed in this, that's something that's constantly regurgitated by people in cybersec and comp-sci (looking at you game-devs) you need hard-work, perseverance and a good foundation to build upon, passion is a bonus but definitely not a prereq for success.
      P.S almost every "l337" starts off as a script-kiddie.

    • @muudus_tv
      @muudus_tv 3 роки тому

      What did he told ?
      I couldn't understand.

  • @swapnilpawar2311
    @swapnilpawar2311 4 роки тому +214

    "Become someone unlike everyone" damn that hit hard

    • @CristiVladZ
      @CristiVladZ  4 роки тому +13

      the whole point :)

    • @3rdNumberOfPi
      @3rdNumberOfPi 4 роки тому +2

      Im gonna put it in my fb bio

    • @reo4680
      @reo4680 3 роки тому

      this guy is speaking facts.

  • @ayansinha4039
    @ayansinha4039 4 роки тому +597

    "The never ending beginner courses"- The most truth you've told. Internet is full of beginner things, because those instructors don't know above beginner level. The pro levels are busy with their work, they don't show off

    • @CristiVladZ
      @CristiVladZ  4 роки тому +62

      Ain't that right?!

    • @highlightchannel7845
      @highlightchannel7845 4 роки тому +13

      No bug hunter who have earned 40 million have also course abiut bug bounty

    • @werren894
      @werren894 4 роки тому +23

      not because the instructors but influencer, those ppl are just exploited for money so they keep attached to that "beginner content" keep buying courses/merch, instructor and influencer is different, there is a lot of harvard free youtube that teach u IT but nobody interested their vid always boring because that is the point of learning IT field, u need to get used to boring/frustate stuff cybersec or not they are just matter of creativity, instead of doing hacking u ppl make IT memes, being edgy, keep learning the same courses and procastinating, if they actually support ur productivity u might be most likely less attached to them/problaby quit the community because u gain more, if u were not, that is bad influence.

    • @camila3110
      @camila3110 4 роки тому

      @@werren894 Hello, "here is a lot of harvard free youtube that teach u IT " can you tell me where can i find that?

    • @prajjwal3127
      @prajjwal3127 4 роки тому +2

      @@camila3110 CS 50

  • @rickdalton9773
    @rickdalton9773 4 роки тому +86

    I recently decided to stop reproducing steps from tweets or hacktivities on random targets and start studying android app development and thus go into android app hacking. On watching this video I'm more motivated. Thank u

    • @CristiVladZ
      @CristiVladZ  4 роки тому +10

      This is what I'm talking about!

    • @fenilshah9221
      @fenilshah9221 4 роки тому +1

      Same here!

    • @chintangajera1537
      @chintangajera1537 4 роки тому +3

      Damn that's inspiring :)

    • @-bubby9633
      @-bubby9633 3 роки тому

      Honestly I find android apps to be so much easier to find vulns in for the simple reason it's hard to get into and everyone ignores it

  • @tanujbaware2530
    @tanujbaware2530 4 роки тому +53

    This is the actual Truth about Bug bounty, Many peoples Mostly teens join this field because it is low barrier and think they can also find bugs like that person on Twitter who said "RCE in 10 min", "P1 in 5 min" all these guys show there Reward like they got xxxx$ bounty but never reveal how much they worked for that 5 min finding how much time they spend for that 10 min RCE, i don't know but many people mostly popular hackers on social media Represent this field as something Fancy rather than showing how hard it is................

    • @CristiVladZ
      @CristiVladZ  4 роки тому +2

      Well said!

    • @jhde9067
      @jhde9067 4 роки тому +6

      This!
      I commented on a video last time saying that hacking is hard and nobody really tells you that.

  • @rumplstiltztinkerstein
    @rumplstiltztinkerstein 3 роки тому +64

    I'm studying to become a fullstack developer to get just enough to pay for my rent and live by myself. Then I will keep learning to become something better. Your advice is so much true. The more boring is the content that we are currently studying, the less people will do it, and the more we might get payed for it. Don't ever give up.

    • @HK-sw3vi
      @HK-sw3vi 3 роки тому

      I'm a security student but I'm too learning full stack on the side

    • @QuestForGood
      @QuestForGood Рік тому

      @@HK-sw3vi What is it like being a security student?.

    • @Maxim_Kulakov
      @Maxim_Kulakov 10 місяців тому

      How's it going?

    • @rumplstiltztinkerstein
      @rumplstiltztinkerstein 10 місяців тому

      @@Maxim_Kulakov I learned a lot. Working for a startup now. Revenue is decent. I must have applied to 2k jobs and got rejected by almost all of them. I feel bad for anyone starting now.

  • @michaelgraf6773
    @michaelgraf6773 4 роки тому +12

    So true, me as someone that owns a software company and writes code every day, working with different languages and tools. I feel like finding out many details and problems about the things you are hacking, such as reading and fully understanding how things work at a low level is so valuable. Its true, the experts are busy working, be it hackers or programmers, this industry needs people that are ever evolving towards being better and thats why so many dont make it.

  • @IamAnandJambhulkar
    @IamAnandJambhulkar 2 роки тому +9

    ALL that has been said in this video is 1000% correct. I can vouch for that. BBH is apparently HARD. From my experience as a person who has started doing it quite some time ago, it requires LOTS of up-skilling. Those who say that BBHing does NOT require programming knowledge, then I will tell you that they are LYING. This is a very-well put together video of some hard facts to digest. Thanks for making it. Keep'em coming. Cheers!!

  • @FatherChristma5
    @FatherChristma5 4 роки тому +34

    Realest vid on bounties ever. Too many people watching the regular type of vids expecting to become millionaires overnight. Well done for adding perspective 👏

  • @-bubby9633
    @-bubby9633 3 роки тому +14

    Oh good someone finally said it. Honestly I have several years as a pentester and thus can focus on lesser known bugs/quirks, and write my own custom recon scripts and wordlists and still sometimes struggle a bit to find a bug. The idea you can learn how XSS works and then run a 3 line bash script to find a bunch of XSS bugs stopped being viable in like 2012

    • @CristiVladZ
      @CristiVladZ  3 роки тому +3

      If you want to collab, send me a message

    • @-bubby9633
      @-bubby9633 3 роки тому

      @@CristiVladZ Thanks for the offer! I'm not really well versed on the whole youtube video making dynamic right now but am planning on making some educational content in the future. If it kicks off would love to do a collab! Either way thanks for actually telling it how it is, earned a sub from me.

    • @CristiVladZ
      @CristiVladZ  3 роки тому +1

      @@-bubby9633 I'm not talking about UA-cam, but hunting

  • @vincebastier9815
    @vincebastier9815 4 роки тому +18

    The most honest video, there was a teacher from a US university who mentioned what you've said during a talk and one of his slowest student ended up becoming a key player because he was writing down on paper to visualise all of his attacks/defense code to be executed before putting them into practice, correcting them and fine tuning them which has paid off because his knowledge is invaluable now.

    • @CristiVladZ
      @CristiVladZ  4 роки тому +2

      that's interesting. thanks for sharing

    • @vincebastier9815
      @vincebastier9815 4 роки тому

      @@CristiVladZ I've found the link, watch this ua-cam.com/video/6vj96QetfTg/v-deo.html & attack.mitre.org

  • @theraghavgupta
    @theraghavgupta 4 роки тому +12

    I am so happy I found this video. Actually I recently stopped spending time on the mentioned programs and instead started learning the languages js, python, php. And listening it from expert makes me happy to be in right direction. Thanks🌹

    • @CristiVladZ
      @CristiVladZ  4 роки тому

      Glad it was helpful!

    • @arbayloji
      @arbayloji Рік тому

      Hi, @Raghav Gupta, will you share which platform you learn Js, bash, python and PHP, thank you

    • @arbayloji
      @arbayloji Рік тому

      Hi, @Cristi Vlad, thank you for sharong, I like to ask is there possible to learn JS, Bash, Python in 1 year, if possible how many hours do you suggest we spend to learn those language per day, thank you

  • @coderx56
    @coderx56 4 роки тому +45

    To be honest this video make me wake up

    • @CristiVladZ
      @CristiVladZ  4 роки тому +3

      In what sense?

    • @coderx56
      @coderx56 4 роки тому +3

      @@CristiVladZ I just mean good advice

  • @MrTheSaxon
    @MrTheSaxon 3 роки тому +2

    So true. I think this applies for a lot of things on social media that promise big payouts fast. We are so used to instant gratification, we see a bug bounty video and think "Hey I could do that too!". People don't realize the time and effort (and expertise) it takes to find even one bug. I admire people who do this and put the work in, I am a programmer myself. But I have realized that I don't have the motivation and dedication to be one of these guys. I have other projects and skills that interest me, which are easier for me to work on in the long run.
    Great video!

  • @eonraider
    @eonraider 3 роки тому +10

    This is something I've been having in the back of my mind for quite some time... When it comes to Web App bug bounty hunting the secret lies in being a full stack web dev and dominating multiple popular stacks. Thanks for that.

    • @Cognitoman
      @Cognitoman 2 роки тому +1

      Yeah dude you should become a web developer then you will understand

  • @trickwheel
    @trickwheel 2 роки тому +2

    A great saying I once heard and tried to apply that to every aspect of life: "To live like no one else, you have to start living like no one else"

  • @jordanski5421
    @jordanski5421 3 роки тому +5

    this is true for almost every position related to software engineering, as a self taught web dev myself I know the road is long and lonely. At first I obsessed over the latest "best practices" like it was the words of RNGsus himself but in doing so I took a back seat in the development of my own applications which always made me feel like a beginner. I'm glad to say I broke out of that loop by creating something on my own, it's like removing the stabilisers on your bike for the first time as a child, you almost don't even realise how fast you're going until you turn a sharp corner and crash... That's the moment that defines you, do you get your hands back on the handlebars? or just lie there crying on the roadside?

    • @CristiVladZ
      @CristiVladZ  3 роки тому +1

      well said my friend. Thanks for the intervention!

    • @coupleodevs
      @coupleodevs 2 роки тому

      currently learning this the hard way, started web dev 4 months ago

  • @hasnainabidkhanzada3754
    @hasnainabidkhanzada3754 4 роки тому +15

    You are absolutely right. Although, I am a newbie but I have this same goal to find bugs (like business logics error, idor etc) for a specific amount of time and then instead of being sticking to this loop, move on to learn new technologies, tools, programming languages. The idea behind learning all of this is to find some big peice of meat, to automate repeatitive tasks, to build something and so on.

  • @jhde9067
    @jhde9067 4 роки тому +5

    I like honesty. Refreshing to hear someone like you. You covered it a way others don't. I might consider subscribing but will look for more first.

  • @circleclips8429
    @circleclips8429 4 роки тому +5

    I am learning and very much engaged in security for about 6 months, and i fell in love with it, i now know my passion, but again i am struggling cause there is no straight path, i am practising from these beginners platform but your video made sense, i will try things now differently, i will do whatever it takes to reach that level, cause i love hacking.

  • @trinity2725
    @trinity2725 3 роки тому +5

    Those advices are precious! To be honest I tried to reject them to encourage my self but now I need to be more determine

  • @kfreedom470
    @kfreedom470 4 роки тому +4

    Yup this is the explanation I was looking for. I started learning the basics of programming as well as Linux. I also used and Kali Linux and messed around with it by watching a lot of UA-cam tutorials. This was all done in the past 2 years during my side job. But I gotta say right now I am nowhere near where I want to be in this field. I'm considering switching my goals but I will give it one last go by studying for the oscp cert which definitely is a real one. I'm glad you made this video, cyber security is a maze in which you need to match the pieces. Just takes time but if it don't match then then it's not worth wasting time.

  • @anandjambhulkar8432
    @anandjambhulkar8432 3 роки тому +2

    Good gosh, what an eye opener video. Thanks for making it and then subsequently sharing it with everyone to see. I appreciate it.

  • @hackersguild8445
    @hackersguild8445 4 роки тому +40

    I don't know which person disliked it but if I could, I would give this video a 1000 likes. Very well said. I have been doing hunting for 2 years but I have always felt that I am not improving. Time to deep dive on each topic and make our own hunting style

    • @CristiVladZ
      @CristiVladZ  4 роки тому +3

      good reminder!

    • @arthathome
      @arthathome 2 роки тому +4

      Did you improve now?

    • @LetsGoTech
      @LetsGoTech 2 роки тому

      @@CristiVladZ tell him to do click jacking

  • @gtgt8564
    @gtgt8564 4 роки тому +10

    Ive found some leaks and ended up getting a P2 on bugcrowd, which allowed me to find more bugs using the same long hanging fruit technique, and i was unable to find something more technical since the findings were made using google dorks, then tried to find more "advanced" bugs however, the lack of technical knowledge was like a brickwall, now im doing a fullstack course, to understand from the dev side and learn new skills.
    And theres also another big important side, which is time, usually i preffer working on upwork for example, than waste hours on bug bounty with no pay.

    • @ayoubzahiri1918
      @ayoubzahiri1918 3 роки тому

      How do you guys get motivation on this field? I gave up learning how to montage a video within 10minutes of trying ...

  • @ayushmayekar9098
    @ayushmayekar9098 4 роки тому +3

    Damn i knew this but not found anyone telling about this, you told it and you are my Hero now. But surely you have saved the time of over 19k viewers, you are definitely going to heaven.

  • @bsmakoro
    @bsmakoro 2 роки тому

    Thank you for the wake up call. I appreciate the honesty. It's going to take real work to that level. Was happy to hear that 'Time is on your side'.

  • @pratheeku4467
    @pratheeku4467 3 роки тому +3

    Dude.. You are sooo underrated!!
    I salute ya buddy! Keep going!

  • @telnobynoyator_6183
    @telnobynoyator_6183 3 роки тому +2

    What a lot of people don't understand, is that you need to start by knowing programming in various languages AND be able to make any kind of program you want, to THEN try to use that knowledge to find vulnerabilities. If you don't know how to program and what are the best practices of programming / most common design patterns, you'll never be able to do anything.

  • @eyokfla
    @eyokfla 3 роки тому +1

    "CRAFT YOUR UNIQUE APROACHE!" this is a golden advice! Thanks

  • @luqmanhamdan9285
    @luqmanhamdan9285 4 роки тому +21

    TBH, I started getting seriously in information security about a year ago, as a university student. I've found my interest in penetration testing and have basic skills to jump into these things. But, every time I learn something new, more I don't know about it. Deep down, I still feel like a noob in terms of knowledge and skill even though I learn many things for the past 7 years little by little. I'm glad you make this video and speak about the ugly truth in cybersecurity.

    • @CristiVladZ
      @CristiVladZ  4 роки тому +1

      thanks for sharing your thoughts :)

    • @chintangajera1537
      @chintangajera1537 4 роки тому +2

      This is what which makes this field more interesting not a pro tho. But i am exploring for more then 2 years as of now and felt same half a year back. Keep crawling and a suggestion if you don't mind just take big plain sheets and draw concepts like ddos or osi model and many defination like threat, risk , CIA triad on that and stick that in your room and just look that once a week. And you can also compare that old architecture with new released which will help you alot in understanding new technology with ease. This was what i did and it worked for me.
      Good luck :)

  • @armincal9834
    @armincal9834 4 роки тому +3

    Basically become a web app developer(no need to be as good as a pro dev. Just know OOP and basics of software design) to become a web app hacker. You never know what mistakes devs can make unless you think like one.
    Learn system languages and programming plus some assembly and hardware if you want to write your own malware or crack/reverse engineer software
    Learn networking as much as at least CCNA/network+ but the more you know the better since most security breaches are exploited remotely thus networking knowledge is key. If you had to choose one field to master i guess better chose this one.
    Learn how CCTV cameras work to come up with a way to hack them.
    All the available exploits and hackme tricks are public knowledge and patched already, companies need people who can come up with their own exploits so following online tuts gives you the basics but that's it.
    You can't possible live long enough to master all those topics so pick 1 or two to master and learn the basics of the rest.
    Do you guys agree?

    • @CristiVladZ
      @CristiVladZ  4 роки тому

      thanks for the insightful comment! :)

    • @xbrook5490
      @xbrook5490 2 роки тому

      the best comment!

  • @Ghost-jx2dj
    @Ghost-jx2dj Рік тому +2

    The way you demotivated now i am sure i will make it to the top thanks.

    • @CristiVladZ
      @CristiVladZ  Рік тому

      Im not here to demotivate anyone, but to talk about my perspective on things...

  • @behradtaher6779
    @behradtaher6779 4 роки тому +4

    This is was so accurate and well worded. I've seen a huge amount of posts in various communities of people following the path of x, y, z. to get into bug bounty with a goal of pursuing it full time and it's just not realistic for most people.

  • @darksekiro6378
    @darksekiro6378 3 роки тому +3

    We are all gonna make it brothers,never give up!!

  • @FreakinKatGaming
    @FreakinKatGaming 4 роки тому +3

    Finally someone who has the right morals! You made my day man! Seriously. You a HBH member

  • @GGGamesBA
    @GGGamesBA 3 роки тому +2

    Came for the ugly truth, stayed for the soothing voice

  • @faruky9197
    @faruky9197 3 роки тому +2

    I see this video 3 month ago and I really upset about my inadequacy it was sound really hard to me starting coding. finally I start 2 months ago and I learned html and css (I know its design language) in this time I realize coding was fun and that motivate me and I am still learning javascript (once I stop learning programming because it was really boring) and soon I will learn nodejs. I am still didn't quit because of learning new things hard and boring. Infact I want to full-stack javascript developer then start bug bounty. I found my way and I am really happy about it I can even spend years programming maybe I will forget starting hacking. thank you Cristi Vlad this video was really helpfull to me I hope the others will start programming. BY the way sorry for my language English is not my native language and I am learning it too :)

    • @CristiVladZ
      @CristiVladZ  3 роки тому

      you've just made my day! Good luck in all your future pursuits!

  • @j.b.708
    @j.b.708 4 роки тому +4

    i gave up after 3 years just trying to get an entry-level SOC analyst job.

  • @axelanderson2030
    @axelanderson2030 2 роки тому +7

    I think the biggest thing people overlook is that in order to exploit a computer, you need to understand the computer. I was very lucky, coming in with extensive knowledge of windows, Linux, python, bash, SQL and html, as well as years of experience. However, I think it's fundamental to understand networking, Linux, windows and a programming language before you should even consider anything to do with hacking

  • @FreakinKatGaming
    @FreakinKatGaming 4 роки тому

    My favorites when a vetted black hat puts an 0day up for sale on forum somewhere on the net, then before being archived all traces deleted then hackerone has some "Magical out of nowhere person who gets a nice payout for s bounty that was never even posted to begin with but it's the same 0day you randomly ran into on that random forum" priceless. Brings a tear to my eye. They grow up so fast. So proud

  • @dhirajx
    @dhirajx 3 роки тому +3

    this is all i wanted to hear.. after months of failed attempts to learn bug bounty hunting, i know where to focus on. those people who says coding isn't important to start, thats a hoax. those people themselves are good coders.

  • @nointro5284
    @nointro5284 4 роки тому +4

    So true. I never completed a single lab or ctf but i still manage to find bugs every month and im happy with it. I just dont want to spend my time doing what everybody does. Why have to learn same thing that everyone is learning when i can learn alot more from google.

    • @nikhilt3755
      @nikhilt3755 4 роки тому +1

      everyone is finding bugs , how r u different from others ? so people trying ctfs and labs are wasting time ?
      grow up beg bounty hunter

    • @nointro5284
      @nointro5284 4 роки тому

      @@nikhilt3755 lol when did i say that I'm different from others. Everyone is finding bugs yes true. Why the fuck people want to be limited when they can learn so much from the internet instead of wasting money(yes there are free ones also). I'm not saying people are wasting their time by doing ctf,labs etc. I just said my thing not yours. Please grow up. In some case everyone is beg bounty hunter how come you can say you're not.

    • @rujotheone
      @rujotheone 4 роки тому +2

      Nice work. How did you learn? Cuz I can see there are several types of bugs. Also do you concentrate one a few types of bugs or you check for everything.

    • @chintangajera1537
      @chintangajera1537 4 роки тому +2

      @@rujotheone you can use tools for that in beginning but try doing that manually. You can use portswigger.net and also hackerone you can get good web security knowledge on those website.

    • @rujotheone
      @rujotheone 4 роки тому +1

      @@chintangajera1537 thanks

  • @digitox5188
    @digitox5188 2 роки тому +1

    And thats why I’ve subscribed channels like this, not big ones bcz everyone is doing that🙂✌️

  • @gracia9775
    @gracia9775 2 роки тому

    ‘’Remove yourself from the crowd…’’
    The road is really narrow and hard

  • @abdilahrf
    @abdilahrf 3 роки тому +2

    A lot of fake bugbounty tips in twitter make the beginner keep busy with their oneliner thing and the elite doing the real thing on a bugbounty target and harvest bounty 😂.
    i love this video

  • @skytest1247
    @skytest1247 4 роки тому +1

    Good video, telling the truth without demotivating and disrespecting someone.
    Learn! Apply! Learn Apply!

  • @jhde9067
    @jhde9067 4 роки тому +13

    The one liners beginner courses ugh
    So many are in just for the views and are misleading people like me :(

  • @danieljaeger2982
    @danieljaeger2982 2 роки тому

    what makes me happy is i've already been doing everything he mentioned for a few years now

  • @jabcoanthoco4056
    @jabcoanthoco4056 4 роки тому +3

    I thought this was going to be about finding rare insects

  • @Eddy1A1
    @Eddy1A1 4 роки тому +4

    Pretty comprehensive and honest opinions on your vids. Felicitări! 😎

  • @mohammedmokhtar
    @mohammedmokhtar 3 роки тому +2

    You are an amazing human being for putting this out like that.

  • @TheTurbotez
    @TheTurbotez 4 роки тому +1

    Thank you for this video, I'm just starting out, but there is soooo much beginner stuff out there, someone like me doesn't really know where to go to get some proper learning tools to get into the industry. I will make it to the top, so it's nice to know that if someone can go alone, become competent and get to the top without following the crowd.

  • @kksarnasarna5996
    @kksarnasarna5996 4 роки тому +2

    holy shit dude, u just said what i was thinking for like months , i just didnt had the correct words , thanks for clearing it up for me and everyone else

  • @ekko-h7n
    @ekko-h7n 3 місяці тому +1

    thx you opened my mind about the idea to master js!!!!

  • @GameNon-Quitters
    @GameNon-Quitters 4 роки тому +1

    Finally the best advice ever, at least I think for us beginners who are lurking in Cybersecurity world ! Thanks ! And glad I discovered you!

  • @namenone8387
    @namenone8387 4 роки тому +8

    OMG! one of the greatest advice that I could ever received. thank you so much mate. I am currently a web developer so as you said, maybe its good for me to start on security source code reviewer since that is what I do most everyday staring at the source code of my team doing code review but not on security aspect. honestly, I am really weak at doing black box testing. so maybe focusing on my strength first will do the job? cheers

    • @CristiVladZ
      @CristiVladZ  4 роки тому +1

      Of course, leverage your strengths

  • @AnthonyMcqueen1987
    @AnthonyMcqueen1987 3 роки тому

    Wow talk about a reality check because i started this Ethical hacker world in May 2020 i sent 4 reports in they were duds my confidence fell threw the floor and i was like a deer in the head wind. I am now taking a step back and learning the foundations of XSS and applying it to the wild and one day hope to earn my first bounty. Of course i dont expect any of this to be easy at all its tough and there are many people out there chasing the same bug. I do listen to other bug hunters take their advise with a grain of salt and apply it to me and see what works and what doesn't. I also been told dont rely on tools and become nothing more than a "Script Kiddie".
    This was a honest video that does not magically coat the world of bug bounties this made me wake up the reality and how i failed to earn anything so i need to figure something out.

    • @CristiVladZ
      @CristiVladZ  3 роки тому +1

      It's just a matter of time Anthony. I pounded at it for 10 months to finally finding my first bug.

    • @AnthonyMcqueen1987
      @AnthonyMcqueen1987 3 роки тому

      @@CristiVladZ Thanks man for the confidence boost. As a former data scientist I can tell you there is no comparison this is harder but also more fun. I know one day with patience and persistence I will earn my first bounty. Also I am only specializing in one bug not all of them.

  • @SamsuperFc
    @SamsuperFc 3 місяці тому

    This applies to every aspect of the “get rich scheme”. Maturity is when you understand that if getting rich was this easy the entire world would be full of millionaires

  • @init_6415
    @init_6415 3 роки тому

    Deeply thinking about this lately, but then a question rises, where to start, cuz there are somuch to learn then, from dev side from security side and also to keep up with the latest vulnerability

  • @luffyfat2
    @luffyfat2 4 роки тому +1

    I was almost givin up from that. so something make me watching a last video from a unsubscribed channel and here I am... fullcharged of dopamine again, but genuine dopamine this time like that one what made gohan become super sayajin 2. Thank you bro!

  • @slayerssquad6744
    @slayerssquad6744 4 роки тому +1

    ONE THING TO UNDERSTAND the reason why many people don't do that because of errors not hard working

  • @dezneye
    @dezneye 3 роки тому +2

    A lot of people are driven into bugbounty feeling like its some short of free dollars coupons

  • @martinstoynov3831
    @martinstoynov3831 4 роки тому +4

    Thanks, this was needed to be said!

  • @imkir4n
    @imkir4n 4 роки тому +2

    Thanks for the honest advice, now i get a clear path about where should i start i want to be a webapp pentester so im going to master web development and js first ✌️

    • @thecreator8353
      @thecreator8353 3 роки тому +1

      Actually you are the one who has cleared my path, Thanks
      For
      Everything.

    • @imkir4n
      @imkir4n 3 роки тому

      @@thecreator8353 yeah ! stay focus

  • @arjunsharma3248
    @arjunsharma3248 4 роки тому +2

    Been thinking the same thing lately. I got to have a unique look at the scenario to strike out.

  • @tiago2946
    @tiago2946 3 роки тому

    Just found out your channel and you definitely have my attention.

  • @jesalpatel2270
    @jesalpatel2270 4 роки тому +1

    Thanks man! You are truly an honest man. As u said You need to be different from others that hit me differently. 💯🥂

  • @adarshanand2073
    @adarshanand2073 3 роки тому

    Totally agree with you. Someone I found whom i can relate more - otherwise most of the people who got in security are mainly driven by the money. Interest is the first thing which require in bug bounty. I am pretty sure, people who have interest should have found this true and informative.

  • @dave4290
    @dave4290 3 роки тому +1

    One of the most honest videos on youtube i've ever seen

  • @vin-goldi
    @vin-goldi 3 роки тому

    Well, don't do any coding or hacking at all unless your motivation comes 90% from the excitement of the moment when you press enter and find out if what you did or thought makes something work - or break. In my experience, people that don't feel that excitement never make it anywhere in informatics. Can be tested easily by letting a person compile Hello World, then tell them to change something and recompile.

  • @LuckyPatel
    @LuckyPatel 4 роки тому +1

    Be unique, make your own path, don't get into trap of advertised online courses of other sites, follow right people , and don't feel shame in asking easy methods too ,
    Every Night on bed ask yourself what you've learnt , it pushes you next day

    • @CristiVladZ
      @CristiVladZ  4 роки тому

      introspection and retrospection are key

  • @-hero-5882
    @-hero-5882 4 роки тому +1

    I'm building it knowledge in prep not there yet but the info was Def appreciated man

  • @harishankarknair995
    @harishankarknair995 2 роки тому

    thank you for making this video as a students who is interested and passionate about these topics, this video gave a good insite and direction that i need to follow

  • @saptaksaha1702
    @saptaksaha1702 4 роки тому

    The most Realistic video about bug bounty or cyber sec... appreciate your calm boldness👍👍❤

  • @lovisericachii4503
    @lovisericachii4503 3 роки тому +3

    Basically almost every career in the nutshell.

    • @CristiVladZ
      @CristiVladZ  3 роки тому +1

      very likely it applies to more careers you can think of

  • @samerbouhajja2411
    @samerbouhajja2411 4 роки тому

    honestly, got carried away with the good old fashion marketing going on about cyber security for a while, to only find out it was just a boring job like any other, you will end up doing 9 to 5 daily tasks looking for bugs and get paid like any other dude in the industry. they will make it sound cool cause they have a gap and its well paid cause they dont have enough people doing it thats why they wanna make it look like the best opportunity , so they can pay less for the same task and have enough specialised manpower to get rid of you anytime they want

  • @myself.mohammed.ibrahim
    @myself.mohammed.ibrahim 4 роки тому +2

    Thank you so much bro for helping me out....!!!
    Appreciate your honesty!!!!

  • @mihaidinu6637
    @mihaidinu6637 3 роки тому +1

    Foarte buna argumentarea, Cristi! Poate cel mai tare aspect al acestui videoclip este ca se aplica multor domenii, nu numai securitatii cibernetice! Like & Subscribe din partea mea! Esti tare, keep going!

    • @CristiVladZ
      @CristiVladZ  3 роки тому

      Mersi fain Mihai!

    • @CristiVladZ
      @CristiVladZ  3 роки тому

      Apropo cum ai ajuns la video asta?

    • @mihaidinu6637
      @mihaidinu6637 3 роки тому +1

      @@CristiVladZ Recomandarile UA-cam. Ma intereseaza subiectul, desi ma concentrez mai mult pe AI. Sunt elev intr-a 12-a si video-ul tau m-a motivat si mai mult sa dau la automatica, pentru ca e o concurenta foarte mare in domeniu, chiar si aceasta nisa a securitatii cibernetice.

    • @CristiVladZ
      @CristiVladZ  3 роки тому

      @@mihaidinu6637 foarte tare. Mult succes!

    • @mihaidinu6637
      @mihaidinu6637 3 роки тому +1

      @@CristiVladZ Multumesc! Numai bine!

  • @jakubwegrzyn7997
    @jakubwegrzyn7997 3 місяці тому +1

    This gonna be hard. But i know it will worth .........

  • @malwarecopter4440
    @malwarecopter4440 4 роки тому +1

    Teaching about something is the best business regardless if the teachers themselves applies it practically in the real world

  • @navjotaadgenix431
    @navjotaadgenix431 3 роки тому

    I'm not understand some line because my english week but your awesome you open my mind thanks you big bro

  • @omarjimenezromero3463
    @omarjimenezromero3463 Рік тому

    yes, in part there is the truth that that are "beginner friendly", and at first look the most common security breaches at hackerone and other sites are just "security testing", like software testing with automated tools, but at the end because the systems are diferent and you need to bypass them, you need to know to program malware and to use scripts languages.
    But yes, the media just sell the bigger bounties as the easiest ones, but there are bountys from work to work, so i think is just not fake, it just need to watch over the lines to know the first courses are just to be a "security tester", like a "software tester", you just need to use your computer to do some tasks and if you find something you will get some money, this is pretty rough with the ones who start at it because the company basically is using your computer power and capabilities to find something specifically, and then pay only for that thing, is pretty bad that, but at the start of most jobs that is what someone find specially in jobs that pay you the things you can do, and not the time you are in.
    And yes, to go more far, you need to develop your own tools to get access or bypass specific versions and systems, that is why after doing some test, one should start programming, because you are gonna need scripts and languages like nim who are becoming popular because you can almost make a virus or malware from 1 file to the 3 main operative systems (windows, linux and macOS).
    I just think the media and some websites just sell the idea like the programing ones, where a lot of people want to develop the new "facebook" or the new "instagram" or a better one just in less than a week.
    Yes it just not takes only for those that the product are good but they have the market to use it and do not be bought at halfway by bigger ones, or not be destroy by bigger ones.
    I take it really hard your first chosing words to comunicate that, because you just say that starting at one point like everyone is bad, and i do not think that is bad, because you just jumped to freeCodeCamp as recomendation and i was like "hey, you just say we should be different, then you go for the biggest and cheapest way to start programming" i think that were pretty stvpid.
    Maybe you just had to use other words instead selling the idea of being "different", as "you need to know to program malware", instead of "you just need to be different and unique" then you just drop the most common way to start programming,... Is like say "if you start programming where everyone does it is good, but if you start hacking where everyone does it then is bad".

  • @mrfox6662
    @mrfox6662 3 роки тому

    I still think the thing I'm struggling with the most is understanding how to get into hacking. Me and a team of my friends want to start bug bountys however we need to learn more, and knowing all the terminology and functions and stuff is so hard.

    • @CristiVladZ
      @CristiVladZ  3 роки тому

      you dont need to learn more, just do

  • @nets0und200
    @nets0und200 4 роки тому +1

    i stopped hacking and bug bounty hunting when i took a step back and realised that i didn't really enjoy it, i was doing it because i liked the fact that i could call myself a "hacker" even a newbie one, i know its pathetic but i was at that time, trying to find myself, maybe one of you are right now in the same situation that i was, think about it guys.

    • @thwahirmahammed4334
      @thwahirmahammed4334 4 роки тому

      Oops I'm new in cybersec and i felt demotivated by seeing this😅

    • @nets0und200
      @nets0und200 4 роки тому

      @@thwahirmahammed4334 sorry for that, this isn't the goal of my comment but really ask yourself this question not only in bug bounty hunting but other areas of your life too :)

    • @thwahirmahammed4334
      @thwahirmahammed4334 4 роки тому

      ☺️👍

    • @thwahirmahammed4334
      @thwahirmahammed4334 4 роки тому

      @@nets0und200 bro can i ask one doubt that's some long sentence?

    • @nets0und200
      @nets0und200 4 роки тому

      @@thwahirmahammed4334 go ahead

  • @mah3sec
    @mah3sec 4 роки тому +1

    In india almost 80k bug hunters created there profile on bugcrowd in 2019-2020 that happened because some silly hunters and institution providing such stupid courses in which they giving there students unresolved reports for points . Cheap courses in 500rs, 2000rs. Like courses are easily available in which they don't clear the basics and start directly with reporting and provide Vulnerability templates , automated tools, onliner and I'm against this type of institutes & trainers

  • @craigofficial
    @craigofficial 4 роки тому +8

    and also there is that everyone that we all kinda competing with. and guys doing most work auto, bruh..

  • @EAOn-yo9mq
    @EAOn-yo9mq 3 роки тому

    You are a God-sent ! Really needed that....

  • @imanol12345
    @imanol12345 4 роки тому +1

    I think the main problem is that there is not enough bugs for the supply.

    • @CristiVladZ
      @CristiVladZ  4 роки тому +1

      or most hunters never being able to go below surface level stuff. bugs are there.

  • @ahmedseleman3621
    @ahmedseleman3621 2 роки тому +1

    please answer me
    what is the meaning of focusing code aspect of bounty program or security research ???????????

  • @orlyounotinbaires
    @orlyounotinbaires 3 роки тому +1

    For once the yt algorithm did something good and suggested this video.
    Best. Advise. Ever.

  • @reizhustenistdoof
    @reizhustenistdoof 4 роки тому

    The field being full of skids is exactly what made me become a blue teamer instead of a red teamer. I feel like its less bad there

  • @feloi3033
    @feloi3033 3 роки тому +1

    i seriously do need help i'm depressed.. ahh i'm about to explode with the thought of what shall i do i'm trying on graphic designing, thinking of getting into ethical hacking and cyber security another here is also related to cyber.. none of the doors are opening for me.. i just graduated highschool and will be joining university i'm really confused on what shall i be studying or stop studying it really harsh ahh MAN!! sorry couldn't find anywhere to express it sorry for my bad grammar

    • @CristiVladZ
      @CristiVladZ  3 роки тому

      Take some time off the keyboard and spend it with family, friends and loved ones

  • @enve162
    @enve162 2 роки тому

    Watching this video and trying to be unlike others, Everyone does this.
    The only way to become different, is to do what you feel is hard.

  • @jw1ck
    @jw1ck 2 роки тому

    Hey Cristi. I’ve been watching this video religiously for a week to motivate me in my studying of webapp hacking. This video made me feel sane after seeing friends make an extra $10k a month in bug bounties seemingly with low effort. I was wondering if you wouldn’t mind elaborating on developing a skillset. You gave 3 good examples in your video but I was wondering if you could provide some more? What kinds of skills does someone try to improve unlike everyone? For example, in getting great at SQLi? Does it really help to create your own database and use it like you were a developer, so you can then understand how to break it? Or is your time better spent elsewhere? Sorry it’s a long question. Thanks brotha.

    • @CristiVladZ
      @CristiVladZ  2 роки тому +1

      I think one of the greatest skills one can develop is going deep

    • @jw1ck
      @jw1ck 2 роки тому

      @@CristiVladZ Knowing so much that the likelihood of you succeeding is greater than the likelihood of you failing. Thank you dude. I really appreciate the reply.

  • @iiVitality
    @iiVitality 4 роки тому +4

    3:36
    a yes i see you using hacker typer like an intellectual on the right screen

  • @xenialxerous2441
    @xenialxerous2441 4 роки тому +1

    Hey awesome video bro, thanks!!

  • @krztix
    @krztix 4 роки тому +2

    i am a developer who gets into the security field (CEH) and i think you have some valid points,
    my strategy is the more experience i get the more i narrow down on certain fields that spark my passion (like a pyramid), there is 2 pros for that:
    1. you can always navigate into other fields on the same "depth" / experience if things don't go your way
    2. you have fundamental knowledge and grow with time
    that's why i still take courses and learn many different things about security
    If you have more than 1 interest you can try to combine them, for me it's especially: AI, Security, Finance

    • @CristiVladZ
      @CristiVladZ  4 роки тому +1

      you are in a privileged position

    • @karthavya1440
      @karthavya1440 3 роки тому

      Faxby
      Python to JavaScript to CCNA to CND to CEH to CTIA to APT to PEN200/PWK to OSCP to LPT
      Is this really a good track or it's just bs and nothing different from what others are doing like Vlad said in this video? Where I'm I can get coaching for these certifications so I'm asking it, I really know nothing about IT or Programming or Coding

    • @krztix
      @krztix 3 роки тому

      @@karthavya1440 Don't mindlessly spam certifications. Skills are more important, ceritifcations are there to proof that you have them and get you a foot into the door. For me the CEH was enough along with my skills all around. Trying to do the OSCP next.
      If you want to get into security a good to have is:
      1. General hacking skills (anatomy of hacking attack)
      2. General programming / scripting skills (python, javascript, powershell, bash)
      3. Networking skills
      4. Knowledge about defense solutions and how they work (IDS, IPS, Proxy, Firewall, EDR, Antivirus etc.)
      Because the security field is so broad you have to know that certifications are just for a specific field.
      1. CEH, APT, LPT: Hacking road from ECCouncil
      2. CTIA Threat Intelligence (Security Analyst)
      3. CCNA: Networking
      4. CND: Networking
      5. OSCP/PWK: Hacking road from offsec
      So i would recommend getting skills and knowledge about these points by yourself or trainings and go down a certification path (e.g. the hacking certificates by offensive security) with the most interesting field for you. There are management certificates aswell (CISM, CISSP etc.) But don't waste your money on 20 certs! (unless that amount of money doesn't matter to you)

    • @krztix
      @krztix 3 роки тому

      If you are completely new to IT you definitely have to put some work into getting there!
      It's extremely hard to get right into IT Security without a degree, definitely easier to get into software engineering first (with programming skills) and then later after 1 year (while acquiring security skills) to switch to IT security

  • @stephan4932
    @stephan4932 3 роки тому +2

    I am not doing any of these things..
    I can't get my router to work properly...
    Please.. Don't hack me 😬