Giving Yourself the Best Opportunity to Find a Bug
Вставка
- Опубліковано 13 чер 2024
- I get asked a lot how do you choose a target you can actually find bugs on and get bounties, so I've compiled a lot of my tips for choosing a target and how to use bugcrowd features (like joinable programs) to make it so you aren't reliant on the right program coming through on luck. So here's how to choose a target on Bugcrowd and some general advice on some of the things I look for in a good program.
This series couldn't happen without the support of our sponsor Bugcrowd, Bugcrowd is the best place to start hacking with a wide range of public and private programs from APIs to Desktop Applications and everything in between. Not ready to jump into a public program yet? Fill out your platform CV and sign up for a waitlisted program. Tell Bugcrowd a bit about your skills, previous certifications or experience and they’ll match you up with the right program using their industry-leading CrowdMatch technology. Whatever your level, there’s a place for you in the crowd. You can sign up with my link here: bugcrowd.com/user/sign_up.
This is so good. Everyone that watches this video, almost automatically becomes a better hunter. It's like the video we all wanted, even though we didn't realize it. Thank you, Katie. We're really lucky to have you. (P.S. AI Avatar Katie, is super cute. I gotta make me one of those...)
Thank you so much, I'm at this level in my bb journey and it get's overwhelming very fast :)
Thank you for these videos. Perfect time ❤
Awesome video. Please keep it up
Love your content. Also wanna ask how you created your avatar ?
A..few.. moments..ago..i..was..wondering..about..the..statists..board..on.the..program...page. Thank..u..so..much..for..clearing. ❤
#BugBounty 🤘
Thanks for the video! Can you keep in mind next time that the slides are not below the animation (e.g. at 14:38 the text is partly illegible)
Sorry about that I always forget that folks don’t always watch in HD!
@@InsiderPhD It's not about watching resolution. Your avatar is going over the text in the slide. that's what he meant
please do a video about how to make my own free sever in my computer to upload payloads
Great content thank you 😉
And im wondering how did you make your talking avatar?
Here's a full blog post talking about it and how it works insiderphd.substack.com/p/how-i-do-the-animated-avatar
@@InsiderPhD thank you 😉
how do you go about hunting for bugs when a website keeps blocking you from the server whenever you craft a payload against it
I usually don’t hunt in that way - you’ll only be blocked (usually) if you’re sending hundreds of payloads, I’m being selective in what I test for
i simply try for a simple alert or a file traversal payload and boom! i get blocked for a couple of minutes. Slows me down@@InsiderPhD
Awesome
Thanks so much for this, these aren't always easy to understand for beginners
Honestly it’s a lot if you do feel overwhelmed just pick something randomly and just have a go don’t worry too much about finding something or getting a bounty at the start just get a feel for the process!
I don't understand this IDOR or not. I have two accounts, attacker and victim. I replaced the cookie via authorize. I activated a subscription on the attacker account, and it also turned on on victim. Is this considered a vulnerability?
P.S.
Also works with the replacement of the user name.
so to confirm, if you replace the victim's cookie with the attacker the subscription is activated on the victims account right?
❤
maybe you can teach me how to make that animation talking. By the way super great content lots of learning.
Sure thing insiderphd.substack.com/p/how-i-do-the-animated-avatar
why bug crowd why 😭😭😭😭😭😭
Love your content. Also wanna ask how you created your avatar ?
Here's the info insiderphd.substack.com/p/how-i-do-the-animated-avatar