Yes! It’s in the plans, but it will require so much work that its not gonna see the light of day for a while! In the meantime I plan to bring cool CTF challenges to showcase more advanced techniques

Its in the plans, maybe I will start with some CTF/challenges videos on mobile hacking

@hexdump1337 ok👍

Sorry for youtube randomly deleting comments, hate it 😢 Thanks so much for the contribution!

Technically it is enabled, I think however it requires some time before it can be used for video this long? not sure, what I know however is the feature itself is enabled

For sure! Sadly I do not have much time, but in the future and long term future of the channel more advanced vulns will be treated. First in the form of CTFs walkthroughs, and later on in the form of more structured content like this one, but for more advanced web vulns.

Yah, working on the timestamps and everything

Hm, I actually did put the title in english, what title do you see? Provably is some automatic youtube config, I’ll try to understand more

Thank you for your contribution!

You can find everything in the github repository: github.com/LeonardoE95/yt-en

I just tried on couple of setups, and I also have the same behavior, so I believe it is sort of default. You can add those other users yourself I suppose, so yea no worries!

@@hexdump1337 thanks for replying. I have now been able to fix my issue. I can access all 4 users that the GitHUb reporsitroy mentions. I have also documented the entire installation process. I am running my project in VMWare. I am really enjoying the content so far. Well done on creating awesome content 😄

Yes, consider them the same exam/study material. When u obtain the exam u get oscp+, then after 3 months it becomes a normal oscp

@hexdump1337 thank you for providing us this level of valuable content. And after 3 years it become normal oscp ✅️

oh yeah sorry, it was 3 years xD 3 months would’ve been crazy short

its coming!

Currently work as a software security consultant, pentest of web and mobile app, secure code review and training activities With the job and the channels don’t have much time for bug bounty, but I’m planning to do more of it in the future, and of course I will bring related material to the channel

Sir I will be very helpful if you reply your opinion on one of my concern (Asking this because I have been learning cybersec, Specially web application penetration testing for now 2 years but I am not able to see myself at even a intermediate level in order to get started with bug bounty) Basically I have a tendency to spend a lot of time understanding how vulnerabilities work under the hood. I don't feel comfortable moving on until I have a crystal-clear understanding of why something happens and what causes it. For example, I recently spent two days thoroughly understanding the CVE related to jQuery's deparam function and how it leads to prototype pollution. While I feel this depth of understanding helps me avoid being a script kiddie who just copies and pastes payloads without understanding them, it also slows me down significantly. I worry that if I continue this approach, I’ll spend so much time on each topic that I won’t be able to cover the breadth of knowledge required to start my bug bounty journey. How can I strike a balance between diving deep into topics and abstracting things so that I can move on to learn other new things as well in order to start my bug bounty journey? How can I determine how much time and effort to invest in understanding a specific vulnerability?

Thats a very precious question, thanks for asking. I’m gonna think about it for a while before answering, but no worries, I am thinking about it!

No worries sir I am glad that you took out some time from your busy schedule in order to read it out and reply me 🙏🏻😇

Ok, I'll try to answer your question, hope it is somewhat useful. First of all, I would not wait until all the knowledge has been acquired before proceeding to do bug bounty. Truth is, you can start now. Yes, with limited knowledge, and maybe that won't be enough. However, do not fall into the trap of "over-preparation", which is another form of perfectionism. Truth is, not all knowledge is required to get something. Just something is required to get something. Hope that is not confusing. Invest of course maybe not the whole day to it. But you can start small, feel the experience itself, and you will have more understanding on what you need to improve on. As to what to focus on, I would say: start with low hanging fruits. What are these? These are vulnerabilities which are not too difficult to understand or to exploit. Yes, they are also very popular. Key here is to develop good automations to speed up the discovery of such vulnerabilities. In general, try to have a very focused approach, where you don't just study everything because it could be important, but you focus specifically on a technological stack. Like, idk, IDOR authz byass. Or WAF bypass to inject XSS payloads. Focus on 1-2-3 areas like this, and yeah, you can do deep dives in these areas, but with a very well defined focus. What i'm trying to say is: define precise goals. They can be hard, but they must be precise. Do not over-prepare and learn by doing, failing, and doing it again!

Never took it personally, I might do in the future just for the fun of it, but from the looks of it, it sems a very good certification in terms of the knowledge it offers. But yeah, definitely gonna explore more in the future

You mean the vulnerable application? localhost is an interface that is already enabled in every operating system, and it allows to create a network that is internal to the OS so that application running in the OS can use it even if it is not publicly exposed

Next year I might do some livestreams, just hard to find the time right now. If you have specific questions, feel free to write at [email protected]