Super useful resourxrs; 1.Twitter, gold mine for bug bounty. Hust follow the main players. 2.Start reading bug bounty reports, as many as you can and test. 3.Readn read ... many free resources out there. Big G is your friend in this case. 4.YT of course, follow channels that talk about bug bounty, cybersec and even dev. 5.Do some coding projects (c, c++, javasxript, python). It will be useful. Check github for ideas. 6.Have fun 😁😁
For all those who are here to get information about how to get started, here are few videos which might help you out: ua-cam.com/video/7yKU0cSHu5A/v-deo.html ua-cam.com/video/qme4rAD2mlM/v-deo.html ua-cam.com/video/CU9Iafc-Igs/v-deo.html ua-cam.com/video/vPWrrWlfrXQ/v-deo.html ua-cam.com/video/kn0jClWSdD8/v-deo.html An unhelpful suggestion from me: The methodology I follow is, master a technology and then exploit it. Without mastering (or at least understanding) a technology, you can't start finding bugs in it. There are a tons of things going on behind the website you open or this video you are watching like a server hardware residing in a data center somewhere in this world with a hypervisor installed on it and a VM instance with a web hosting application, hosting this website behind a loadbalancer which is behind a dedicated physical firewall which might be behind some proxy server which might be behind another firewall. This was only the hardware part, many such things are deployed on the software-side too! So, start it with focus of learning it and then master it and then -_- Sit back home and read this comment again! Goodluck for your journey!
Great video! I'm a student in Internet of Things with interests in cybersecurity and pen testing also, due to my study i don't have a lot of time to search the perfect resource on where to start, i usually get home, make my homework and at around 1am i can start learning. thanks for helping me out on that haha Could you make this a serie maybe? How to get started. How I did my first bounty Where are the keypoints the check How to write a good report Things not to do while bug hunting Roadmap to pen testing Again, Great channel, keep it up ^^ Greetz from Belgium!
@@dccybersec Don't thank me, you're doing the work! i'd love to help you with finding sources or just philosophize about bug hunting, any way i can reach out to you?
Im gonna start with this bcz it seems easier to me than some magic assembly voodoo shit and i have great knowledge in linux, js and networking so im ready
I dont understand something. Some hackers are reading the code and they see instantly where a voulnabilty could be. But if i try to read webside code i dont understand anything. So i always go through the webside,and im testing every parameter. But how can i learn to find bugs by reading code?
I think that comes down to experience.. I could be absolutely wrong because I'm just beginning as well. I think over time, you learn what will/wont work in that language.
What i dont understand is people always talk about xss injection.. if the website itself doesn't take any user input or input is sanitised which is everywhere these days..xss injection seems very weak and impossible.could u explain
Some times in The Hacker one site bug bounty section whom want to find the bugs they ask me to do find the bugs but they have one demand that shouldn't use Burpsuite and such a readymade tools so how can I performe..? Please can you suggest me
Soo essentially when you are going to attempt a bug bounty ( I am a completely clueless btw I have tried it and I don't know anything) do you just have to try every single exploit or like try all the possible problems? I do not exactly understand how it works. Also, I have no programming knowledge I have tried to self teach myself it and I am currently in college (community college) and hoping to transfer out to study IT but I want to branch out into cybersecurity. Basically, I do not know how to say what I want to say but, I think it is the owasp top 10 or something like that, do we try to find all those vulnerabilities in the program or website or is it something more specific.
Yeah, basically you can try everything possible. Each app is a new challenge, with different bugs and defenses to evade, and then you report on what worked and on what didn’t. The job of a pentester is to evaluate the client’s systems, so it’s also good to tell them where you weren’t able to get anywhere because they did things right!
Yes..! Thank you very much... for this... just a request when you find get a bug bounty 💵💵💵 which we hope soon ? Can you please share with us?? The process??
First of all English is not my native language. I really want to do bug bounty but not too many resources in my language in bug bounty. Because of this, I cannot learn by reading documents or watching videos. That's why I need to learn software languages so that I can understand its logic. What should I do?
Can I make a living from doing bug bounties, or perhaps doing security evaluations for businesses demonstrating network security flaws to business owners and how to secure their systems and how to harden them. I have a good understanding of cybersecurity with years of experience using Linux I'm just not sure how I can transfer these skills I've learned over the years and turn this into a freelance income, any advice?
@@dccybersec having done 35 oscp lab boxes so far , i say no . oscp web app labs are very average . you will learn more from portswigger web academy. also use owasp zap , its free
Mera ye sawaal hai ke agar hum kise company ke ek se ziada bug dhoond lein tu hum us company ko saare bugs ke liye sirf ek report likhen ya har bug ke liye alag alag report likhen
I am going to start bug bounty in hacker1 or bug crowd should I take permission or how to get permission from a web application, please help me anyone who all did bug bounty someone told me we have to take permission to bug hunting otherwise without permission it's will be a cybercrime plz someone explain😢😢😢😢
As long as you stay within the scope of what is defined by hacker1 or bugcrowd, then you're relatively safe. Just make sure you understand what the scope is and how to stay inline with that
one more last like go to the hacker1 sing up and according their rule pick a program start bug hunting if they told us not to in any subdomain then not to do in any subdomain am I right?
@@francis2k488 Yes I am. I'm self-studying cybersec online and studying Computer Engineering in the uni. Planning to leave Nigeria and study Computer Science or Cybersec elsewhere bc this isn't helping me. I'll try the migration pathway, saving towards it currently.
@@dccybersec like I'm 17 years old and going to graduate from school and I know c++ and python will that help? And as you mentioned in your video about tutorials on UA-cam will that help me or courses on udemy or courses on hacker one will help I'm little confused which course to take can you please help me out because I also want to become a hacker like Santiago Lopez and Thomas Thank you.
@@ShashiSingh-ck7mu Yes read hackerone hacktivity,medium blogs, do labs like owaspbwa it definitely helps, @nahamsec's UA-cam channel is also very nice
02:13 HTTP, TCP/IP, Linux, Bash scripting 02:30 Web apps, Networking, HTML, PHP 02:50 Burp Suite, Google 05:08 owasp
thx
Father of cj
Super useful resourxrs; 1.Twitter, gold mine for bug bounty. Hust follow the main players. 2.Start reading bug bounty reports, as many as you can and test. 3.Readn read ... many free resources out there. Big G is your friend in this case. 4.YT of course, follow channels that talk about bug bounty, cybersec and even dev. 5.Do some coding projects (c, c++, javasxript, python). It will be useful. Check github for ideas. 6.Have fun 😁😁
Your video motivated me, I consider all of your words. This is heart touching. Thanks for such a great information.
Thanks for the nice words and for watching :)
@@dccybersec welcome sir. Keep helping us 💓
Thanks for the information mate. Very helpful me and mates currently studying Cyber Security and are looking into diving into some bug bountys.
JUST THE PRACTICAL GUIDANCE NEEDED IN AN ERA OF FLOODING INFORMATION... KEEP DOING THE GOOD WORK DC CYBERSEC!!!!
thanks man!
For all those who are here to get information about how to get started, here are few videos which might help you out:
ua-cam.com/video/7yKU0cSHu5A/v-deo.html
ua-cam.com/video/qme4rAD2mlM/v-deo.html
ua-cam.com/video/CU9Iafc-Igs/v-deo.html
ua-cam.com/video/vPWrrWlfrXQ/v-deo.html
ua-cam.com/video/kn0jClWSdD8/v-deo.html
An unhelpful suggestion from me: The methodology I follow is, master a technology and then exploit it. Without mastering (or at least understanding) a technology, you can't start finding bugs in it. There are a tons of things going on behind the website you open or this video you are watching like a server hardware residing in a data center somewhere in this world with a hypervisor installed on it and a VM instance with a web hosting application, hosting this website behind a loadbalancer which is behind a dedicated physical firewall which might be behind some proxy server which might be behind another firewall.
This was only the hardware part, many such things are deployed on the software-side too!
So, start it with focus of learning it and then master it and then -_-
Sit back home and read this comment again!
Goodluck for your journey!
THANK YOU, i cannot say this enough THANK YOU, i needed a definite go here learn this start there.
😊😊
Great video! I'm a student in Internet of Things with interests in cybersecurity and pen testing also, due to my study i don't have a lot of time to search the perfect resource on where to start, i usually get home, make my homework and at around 1am i can start learning. thanks for helping me out on that haha
Could you make this a serie maybe?
How to get started.
How I did my first bounty
Where are the keypoints the check
How to write a good report
Things not to do while bug hunting
Roadmap to pen testing
Again, Great channel, keep it up ^^
Greetz from Belgium!
You literally named almost every episode of the bug bounty series that i've got in the works hahaha. Thanks for watching man, really appreciate it!
@@dccybersec Don't thank me, you're doing the work! i'd love to help you with finding sources or just philosophize about bug hunting, any way i can reach out to you?
@@hakunamatras Discord or Twitter (links in description). Probably discord is best, i'm pretty active in my server :)
This was a great video. Thanks for the content. Awesome stuff and very helpful for a newbie like myself.
Glad it helped out :)
Good stuff! It really got my interest in bug bounties.
Bali mask is background 😱
This boi can Rob a bank🔥
This video was so damn intense. Thanks a lot.
Stok has been great to watch, already watched some of his videos. Great video by the way and thanks for recommendations.
he's an absolute legend. thanks for watching!
Loving the content mate - great advice! Cheers from BNE, Aus 🍻
Thanks mate! I should do a local Brisbane meetup sometime
Keen as, let’s put something together.. Where you at @codingo_ !
Hey how good is brisbane!
nice video. btw I subscribe your channel cause you look like a really nice and honest guy!
lol thanks :D
Im gonna start with this bcz it seems easier to me than some magic assembly voodoo shit and i have great knowledge in linux, js and networking so im ready
Your all videos are really awesome. I like every video. Post video more . thank you bro. 😊
Thanks mate! That’s very kind of you
Your kindness. 🤗😊
please do clear my confusion ,do we need to stay ananmous during bug bounyt
Thanks 😊
No problem 😊
I dont understand something. Some hackers are reading the code and they see instantly where a voulnabilty could be. But if i try to read webside code i dont understand anything. So i always go through the webside,and im testing every parameter. But how can i learn to find bugs by reading code?
I think that comes down to experience.. I could be absolutely wrong because I'm just beginning as well. I think over time, you learn what will/wont work in that language.
What i dont understand is people always talk about xss injection.. if the website itself doesn't take any user input or input is sanitised which is everywhere these days..xss injection seems very weak and impossible.could u explain
Looking forward to the future video in which u tell your first bug finding story
I can’t wait!
Some times in The Hacker one site bug bounty section whom want to find the bugs they ask me to do find the bugs but they have one demand that shouldn't use Burpsuite and such a readymade tools so how can I performe..? Please can you suggest me
Bro dont forget about cyber mentor man that guy is a hero
For sure! He’s awesome 😎
Soo essentially when you are going to attempt a bug bounty ( I am a completely clueless btw I have tried it and I don't know anything) do you just have to try every single exploit or like try all the possible problems? I do not exactly understand how it works. Also, I have no programming knowledge I have tried to self teach myself it and I am currently in college (community college) and hoping to transfer out to study IT but I want to branch out into cybersecurity. Basically, I do not know how to say what I want to say but, I think it is the owasp top 10 or something like that, do we try to find all those vulnerabilities in the program or website or is it something more specific.
Yeah, basically you can try everything possible. Each app is a new challenge, with different bugs and defenses to evade, and then you report on what worked and on what didn’t. The job of a pentester is to evaluate the client’s systems, so it’s also good to tell them where you weren’t able to get anywhere because they did things right!
Is doing a bug bounty like doing a pen test you break into the company and tell them the bug ?
More or less, yes
Very nice presentation... Thank you.
Glad you liked it!
Definitely helpful. Thanks man!
New subscriber here also this is the first video i watch in your channel xD
woohoo! welcome! thanks for watching :)
Yes..! Thank you very much... for this... just a request when you find get a bug bounty 💵💵💵 which we hope soon ? Can you please share with us?? The process??
Yep will do mate. I’ll be documenting my whole process from beginning to bounty!
@@dccybersec where mate
Love ya, keep going ❤️
Thanks mate. Will do!
This video was great! Thankyou so much for all of the info! Got a sub from me
Thanks for the sub!
What is song called at 0:32?
First of all English is not my native language. I really want to do bug bounty but not too many resources in my language in bug bounty. Because of this, I cannot learn by reading documents or watching videos. That's why I need to learn software languages so that I can understand its logic. What should I do?
Can I make a living from doing bug bounties, or perhaps doing security evaluations for businesses demonstrating network security flaws to business owners and how to secure their systems and how to harden them. I have a good understanding of cybersecurity with years of experience using Linux I'm just not sure how I can transfer these skills I've learned over the years and turn this into a freelance income, any advice?
if a Subdomain give us error 404 ..
can that Takeover ?
please answer this
do I need burb suite pro for my first bug ???
Nope. You can use the free one
@@dccybersec thanks for your replay
Thank you thank you thank you!
You’re welcome :)
You didn't link OWASP
Having the OSCP helps to get into bug bounty??
for sure, but not necessarily needed
@@dccybersec having done 35 oscp lab boxes so far , i say no . oscp web app labs are very average . you will learn more from portswigger web academy. also use owasp zap , its free
I want to learn bug bounty
So tell me what topic should I learn
Awesome thank you
thanks for watching mate!
7:26 💪
Did you find many bugs ?
Really loved your videos
#Can you discuss about Class 0 sms
It’s in the list man, you don’t need to keep asking lol
@@dccybersec you didn't response so I keep on making query😝😝
Mera ye sawaal hai ke agar hum kise company ke ek se ziada bug dhoond lein tu hum us company ko saare bugs ke liye sirf ek report likhen ya har bug ke liye alag alag report likhen
I tried translating this from Hindi and still couldn't really understand, sorry :(
Can you reply in english please so I can help out?
Where all links from video?where link on guide?
UA-cam removed all my video descriptions a while back and replaced it with the default
Please reply with the name of guides u prefer us to follow as
I could not get what u said in the video
They are linked in the description
Just found my first bug
Woohoo!
I am going to start bug bounty in hacker1 or bug crowd should I take permission or how to get permission from a web application, please help me anyone who all did bug bounty
someone told me we have to take permission to bug hunting otherwise without permission it's will be a cybercrime plz someone explain😢😢😢😢
As long as you stay within the scope of what is defined by hacker1 or bugcrowd, then you're relatively safe. Just make sure you understand what the scope is and how to stay inline with that
@@dccybersec by the way thanks for your diamond advice sir
(this advice is like a diamond for me can I follow you on tweeter sir)
one more last
like go to the hacker1 sing up and according their rule pick a program start bug hunting if they told us not to in any subdomain then not to do in any subdomain am I right?
Hello Sir Do you recomended KALI LINUX for BugBounty or Windows and MacOs is Good ?
THANK you ⭐🔥
Honestly, whatever works for you. Kali might be easier as it has all the tools built in already but honestly, you can use any machine
This is very informative
Thanks mate
Lot of thanks sir. 🔥🔥 سبحان اللّه 🔥🔥
My pleasure. Thanks for watching!
how much time pass from 0 knowledge to your first bug??
I'll let you know when I get my first bug haha
Love bro..
love you too mate!
U missed nullbyte channel
it's interesting 🤔
Thanks man!
Programming Language is important.
Hii dc iam from india your video is more motivational
Thanks for this video. I am still learning and believe it will all sync soon.
I got the OWASP Testing Guide V4
Are you Nigerian? Goodluck on your journey brother!
@@hackedemy9324 yeah but live in Australia. Are you? Where do you live?
@@francis2k488 You're really lucky! I'm in Nigeria at the moment but hopefully, I'll move out soon.
@@hackedemy9324 are you a hacker?
Why did you say I am lucky. With skills we can be lucky anywhere bro. You can try migration pathway.
@@francis2k488 Yes I am. I'm self-studying cybersec online and studying Computer Engineering in the uni. Planning to leave Nigeria and study Computer Science or Cybersec elsewhere bc this isn't helping me. I'll try the migration pathway, saving towards it currently.
Tanx
Broo thank you so so much im only 12 and im only 12 and i dont know really if I can do this but thxxx
The earlier the better!🙃 Go for it.
How many money can we make by bug bounty hacking.
It depends which bugs you find for which company
@@dccybersec like I'm 17 years old and going to graduate from school and I know c++ and python will that help? And as you mentioned in your video about tutorials on UA-cam will that help me or courses on udemy or courses on hacker one will help I'm little confused which course to take can you please help me out because I also want to become a hacker like Santiago Lopez and Thomas
Thank you.
@@ShashiSingh-ck7mu Yes read hackerone hacktivity,medium blogs, do labs like owaspbwa it definitely helps, @nahamsec's UA-cam channel is also very nice
Who are you looking at? :p
Awesome cool...
Thanks ✌️
Whats up Man?
nm mate, how's it going?
@@dccybersec im good i will start on My IT Job your channel is a big help
great
thanks!
EPIC
Hi
LEt's go first one here and first comment again
Killin it mate
Can I get one of your soft toys?
Sure. Which one do you want
I won’t recommend it bug bounties has too much competition now all the pros find bugs before you.
They just take the quick and easy payouts first. As far as building experience though it’s pretty good!
Watch hackersploit
Definitely! he's awesome
02:13 HTTP, TCP/IP, Linux, Bash scripting
02:30 Web apps, Networking, HTML, PHP
02:50 Burp Suite, Google
05:08 owasp