$20,000 In Bounties From Hacking Into A Prison

Рет қаралды 12,809

Күн бұрын

Пікірлер: 44

@pkmumbreon937 10 ай бұрын

This was a treasure trove of extremely useful info about the thought process pivoting from point to point and things to keep in mind when looking at applications.

@agustinothadeus 10 ай бұрын

I always keep learning new things whenever I watch your videos. Thank you Nahamsec & Jason, you are making the way a whole lot easier for a bunch of people like me interested in bug bounty. I really can't thank you enough

@1DRS 9 ай бұрын

Thats an incredible content .thanks a lot to both of you guys .

@RajatSharma_1111 10 ай бұрын

Hey Nahamsec, this is really cool. I really liked it. Can you please make a couple of more podcasts like this. We really learn a lot from your videos.

@NahamSec 10 ай бұрын

That's the plan! This is a monthly series!

@timecop1983Two 10 ай бұрын

@@NahamSec Way that is so good news. I like podcasts like OTW, John Hammond, David Bombal Security FWD and this also!! Thanks always love burp suite videos

@aliveli-zq5gt 10 ай бұрын

I watched, learned, applied the mdisec series, and here I am... What you're explaining seems very simple to me. I guess MDI is pushing us too hard :)

@fokyewtoob8835 10 ай бұрын

Love these redacted episodes thanks to both of you for sharing these tips

@keppubgpc 10 ай бұрын

Yo nahamsec the video's is great but i think that when you are asking questions your voice is not clearly audible it should be greater. Besides that Really great video and motivatoinal.!

@d8rh8r35 10 ай бұрын

Really solid cast lads...

@bobbyrandomguy1489 10 ай бұрын

Cool how you went and set up the site to demo bugs found. Thanks for knowledge. Also getting prisoners calls is crazy!! Cant wait till I feel I have enough knowledge to go find some bounties!! $$$

@NahamSec 10 ай бұрын

Thanks for watching!

@DavidAlvesWeb 10 ай бұрын

Amazing walkthrough, thank you for this! 🏆

@OthmanAlikhan 9 ай бұрын

Thanks for the video =)

@narsimharao8565 10 ай бұрын

Best content❤

@alirazm5724 10 ай бұрын

Hey behrooz. Tanx for the golden content

@eugenekobby9676 10 ай бұрын

Great content! But sadly can't find my first bug in 3 months 😓

@agustinothadeus 10 ай бұрын

Don't despair. Keep hunting, hunting, hunting...I am sure day all that sweat will be rewarded, you just have to have the strength to take lessons from your failures

@eugenekobby9676 10 ай бұрын

@@agustinothadeus Hmm... honestly it feels sad because my 4gb ram laptop can't handle a lot of multitasking and when testing. I have a story to tell and i know i will surely find my first bug this month or the next

@agustinothadeus 10 ай бұрын

@@eugenekobby9676 In my experience most of the RAM during hunting is used by burp, you can try caido cli directly from the browser, it is much more lightweight

@eugenekobby9676 10 ай бұрын

@@camelotenglishtuition6394 where would you recommend i get the certs maybe we could talk privately

@user3549 5 ай бұрын

@@eugenekobby9676did you find one?

@gelzki 10 ай бұрын

Hi Ben and Jason, I have a few questions. 1. For logins, what if I found valid credentials from leaked or breached credentials. Is it okay to proceed using those creds to login to the app and look for vulnerability inside or should I already report it? 2. If I find sensitive information like passwords in content discovery and report it. Then moving forward I found another subdomain with login and the passwords I got from the first bug works is it okay to proceed since they did not change the password or is it reportable already? 3. After getting source code through content discovery and reporting it. Is it still okay to use that source code to look for vulnerability? I'm assuming that the client expects you to delete it already after reporting it. Thanks Ben for always sharing great content. Wishing you all the best. 😊

@njbmyv 10 ай бұрын

1. No. You should report them and stop there. You can get access to sensitive information. 2. No. Same as 1. 3. Depends. If they tell you to delete and then you report bugs from the source code what will happen? If you find credentials just report them. But not all programs accepts credentials from leaks and most of them are against this practice because they don't want to encourage credential stealing. Pay attention to the peograms terms because some of them might have a reason to refuse to pay you if you cross the limits.

@TheCyberWarriorGuy 10 ай бұрын

Why not create a seperate playlist for %week Program & Redacted Series ?

@kennyvolkov5724 10 ай бұрын

What vm he uses?

@rctech1237 10 ай бұрын

Nahasec was Nahamsec is Nahamsec best in bug bounty ❤

@manuelarias6013 10 ай бұрын

What software thecore plis

@neadlead2621 10 ай бұрын

what do you mean

@Amitte424 10 ай бұрын

I have found actuator endpoints with actuator,health and info path.I already tested heapdump,env,threads, like common other endpoints and found nothing. Is there any other things that I should check that I might be missing.😅😅Thanks for the help😊

@j0hnny_R3db34rd 10 ай бұрын

Git gud.

@Amitte424 10 ай бұрын

what is git gud??@@j0hnny_R3db34rd