Can you invite matanber. I wanna learn how he started client side attack.

Hey !! Can you please invite matanber and do interview with him like how did he started client side hacking and how did he learn it. You promise me 2 months back that you will bring him 😢

This man makes the best videos helped me gain a lot of knowledge

Please fo make tutorial on RCE or Xss for beginners sir ,this video is very much Helpful ,hope u make more videos 🎉,God bless you sir 🎉❤

Please what tool do you use for the table is it notion?

Dude you literally did 160+ report reviews? dang! Appreciated.

As usual, the platinum content. Thanks. One day I found a privilege esc bug within half an hour (I was already familiar with the program back then). Encouraged by that, I was looking for similar types of bugs in this program for 4 hours and found nothing more :)

🔥🔥🔥🔥

Before you ask, the database with the reports and the rest of the privilege escalation case study are available in the BBRE Premium archive: members.bugbountyexplained.com/bypassing-admin-checks-and-more-privilege-escalation-case-study/

Do they list any resources for learning mobile bug bounty???

dsa

Awesome story and experience and you even did listen to your own recent posted podcast to ease your state.

Yes sir, cross-site scripting (XXS) 1:00 🤣🤣🤣

Noted

He is such a nice person. i really enjoy this podcast. Thanks for an amazing content.

Please answer my question. If I inject another user's cookie in the same way instead of another user's cookie and it accepts me and shows the second user's information, can I report it? Is it considered a valid report and will they reward me?

For IDOR testing, if we see a random user ID in the target but we can see the information of the supposed victim, can we report it on hackerone? Will they accept it as a valid report from me? Or is it better not to report?

❤

Nice inside ❤

Keep going!

I really like sir, louis thoughts towards the community.

I finally recognized the voice from the walkthrough in Pentesterlab😅

PL is a great portal but as soon as you're in, there is a temptation to solve a lot of labs one by one. If you only do it once and never go back, you WILL forget very quickly what you've learned. Most of the things I learned and remember very well were techniques and tips used while exploiting bugs in the wild doing bug bounty.

Mr. Louis love his work.. Still providing the training platform in affordable price. Which I use to learn in right path. Waiting for the black Friday offers

Pentesterlab is such a great platform, nice guest & episode. Thank you!

Been using pentesterlab for quite a while. Louis is a great guy. Wonderful platform.

Great info as usual :)

I really love the way Louis is passionate about his work ! Loved it all!

Love your videooo.

damn this setup is just next level. You people are increasing the benchmark in infosec

What's the name of the site your friend used at 8:45 ?

I am still not able to distinguish between public and private ip address. Like when I use Kali in VM to even try to get ping back from a lab inside the VM. I simply don't get any response back. Can anyone share any resource to learn what to do in such scenarios

<SVG onload=confirm(1)>

PentesterLab offers amazing content! I hope they add UPI payment as an option for Indian students to make payments more easily. This would be a great way to encourage more students to learn cybersecurity.

Great video, loved it. <3 please make a video on signature wrapping attack.

Woop woop!

Amazing bg🎉❤

Thank you for watching the video and welcome to the comment section. If you enjoyed it, please leave a like so that the algorithm knows you enojyed it ;)

Well. Unfortunately its becoming really oversaturated

Super interesting interview, thanks a lot 😊

Awesome! Congrats 🎉

the trick is to run checks on all field of valnurbiltys. not one.

To be honest i am also doing the same shit😂

3:01 I actually found a webserver vulnerable to this misconfiguration which was directly interacting with it's google firebase database without any sort of proxy, i used a simple curl command to interact with it's firebase directly and realised i could simply hijack any user image then i crawled the webapp using katana and found some of the sensitive information such as vendors introductory videos was stored on the same db and i could easily delete all of them.

.

Can you please make a video about your methodology?

Yes!

Hey i found a bug or vunerbality in company that gives me access to the data another users , means like i can access data many users i want , like their personal things, ,,, is this critical bug ? Like eligible for payout,, please reply

Congratulations! Hard work pays off.

Such great advice on this channel