Bug Bounty Target Deep Dive
Рет қаралды 15,129
Күн бұрын
@shashankmudgal4581 Жыл бұрын
Hello, can you provide the link for those airbnb writeups?
@NahamSec Жыл бұрын
buer.haus/tag/airbnb/
@MarkFoudy Жыл бұрын
Love this! Deep dive is awesome. The methodology you teach is priceless. Also thank you for the membership only videos. Are you going to make more of them? They are really helpful. Thank you!
@NahamSec Жыл бұрын
Yes I am! I have some cool stuff in the works for 2024! Thank you for being a member!
@32_jadav_akash22 Жыл бұрын
It would have been great to see a video on monitoring JavaScript files of an application for changes.
@nishantdalvi9470 Жыл бұрын
Yeah
@ReligionAndMaterialismDebunked Жыл бұрын
Yeee. Cheers. Shalom. Namaste. :3
@Spiderman432 Жыл бұрын
Yup I vote for this one
@MrWick-fy6xw Жыл бұрын
Yeah
@trustedsecurity6039 Жыл бұрын
I dont understand people like you with your question honestly. Move your ass and start thinking... Learn how the app work, and learn where they store their JS files and it isnt hard to male a cron task who launch a Bash/python script to download JS files and/or inline JS and make a simple diff WTF you really need to be spoonfeed by someone and wait for a video on that???
@marincosmin1214 Жыл бұрын
If you can do a video impersonating a begginer bug bounty hunter, or even better inviting one to do a demo, would be great. Just started on this journy, and would love to understand the methodology after the recon part but to keep in mind that the experince is not as high as yours. Anyways, love your content ❤ keep it up, you definetely won me as a subscdiber and soon to be a member of the channel.
@shriyanssudhi4545 Жыл бұрын
A video recommendation:- How to argue with the triager/program of the given issue is a valid security bug or not. I've seen multiple people on twitter say that they have submitted a report and it was marked info by program/triager Same happened to me few days ago. The same issue was accepted by a self managed program, but was marked info on other
@papafhill9126 Жыл бұрын
I always appreciate your content. This one seemed kind of one-note though. Basically, "if you think access to an area will be too hard, you aren't trying hard enough." Great message, no doubt, but was hoping to learn something a bit... deeper. Anyway, still can't wait for next Monday's video! Keep up the awesome work.
@NahamSec Жыл бұрын
Hey! I really appreciate the comment! A lot of times, the steps necessary to unlock these features require a lot of work. In my early days, there were a lot of programs where I didn't want to jump through the hoops to get my account set up, and later I noticed a few of my friends getting some really good bugs, because somehow they just managed to get access and were willing to spend the 2-3 hours of work. Deeper usually comes with setting up these features and populating data. The concept of going deeper isn't some magic. Is just using the app to its fullest extent and finding out what other hidden features are available, who are they available to, and do you unlock them.
@papafhill9126 Жыл бұрын
@@NahamSec Super appreciate all this extra content/context! It's fun to think about knowing a target to such a high level, feels like really going 'behind enemy lines.' One thing I've been struggling with is how to organize all the recon and deep diving notes. Could be cool to hear your thoughts on keep the massive amounts of intel in order. Anyway, keep it up, you rock.
@askholia Жыл бұрын
Do you ever do non-domain based hunts? I am new and sticking to just web based stuff, but I would love to see your take on other types of hunts. Thanks for the content! I think your videos are friendly and have a good vibe!
@dingdongcontreras Жыл бұрын
As always great source of knowledge. Thank you for creating this kind of vids! Please continue doing more of these.
@NahamSec Жыл бұрын
Thanks, will do!
@hansvanpaassen Жыл бұрын
Hi Ben, I love your videos. In this vid you scrolled past a few peyloads you tried. I am trying my first bug hinting steps, could you make a video on how you find the spots that could be vulnerable and how you determine if there is a bug or there isn't one. As a newbie it is challenging to determine where to start looking for bugs and how to examine which response give you information you can go on and which responses tell you there isn't anything. Keep making these great videos and i'll keep watching! 🔥🔥
@tedwallace5640 Жыл бұрын
Another amazing vid. It should even be a whole series on your playlist.
@Death_User666 Жыл бұрын
This is great sometimes I'm reading the scope of work and sometimes I get lost because there so much to read/understand and I haven't done much on my account because I don't want to accidently fall out of scope
@nikitasizov1849 Жыл бұрын
Hey Ben! I think about one of your last videos (5 Best Pieces Of Advice For Bug Hunters), where you speak about hacker mindset (or critical thinking), I think that it is crucial, perhaps you have an idea of how to create a video about it. It will be great for all levels of bug hunters. Thank you for your video and inspiration, which it gives me and other nahomies.
@NahamSec Жыл бұрын
Thanks for the idea! Will think about this a bit more!
@golang1540 Жыл бұрын
I wished you would delve deeper into everything related to HTTP headers and their vulnerabilities: cache poisoning, smuggling, X-forwarded-for, via, and so on. They deserve thorough exploration and attention. Thanks NhamSec
@monKeman495 Жыл бұрын
i really liked your airbnb json null encoded waf filter bypass with embed tag and json deserialized rce bring us more finding like this technique to us
@prakhar0x01 Жыл бұрын
Great content Ben, Keep making this kind of videos and streams ..!! 😍🔥
@MFoster392 Жыл бұрын
You're still da man Ben, Thanks :-)
@siyabongasealetsa8947 Жыл бұрын
Noted!!! So plz, can you in another video show us how you look for any type of injection that could potentially lead to you getting an RCE ?
@shirishinherspace Жыл бұрын
Hello Naham, It would be helpful if there were some videos on flutter application pentesting. I would also like to know what are the industry best practices Bug Bounty Hunter use to automate the processes.
@luckyahmed2978 Жыл бұрын
How can i be updated in bug bounty
@ankitjha883 Жыл бұрын
As a beginner in bug bounty from 7 month and I found 2 bug I want to be in your video to tell people what the things that is really not good in bug bounty
@rayanna9972 Жыл бұрын
nope i have found more than 6 bugs last year ...As a professional programmer of Android &&Java ...what i wanna say looking for bugs become tougher than before...and What kind of skills that the video taught to you basically is something we called easy trick...99% hackers could know how to do this ..XD
@miscellaneouszone Жыл бұрын
Thank you for great content. Keep it up with your great work.
@gk_eth Жыл бұрын
Hi ben post videos on finding acquisition domains and how to use ASN to find more domains for a target..
@g20orgindia Жыл бұрын
Please make a video on what is your exact method to find the bug? Do you always find subdomains? Are you partially dependent on automate or not?
@crusader_ Жыл бұрын
How do you monitor JavaScript files in the era of webpack where js file names are dynamic
@danishbhat1536 Жыл бұрын
Make videos on vulnerability classes but in depth and also make series on those vulnerability classes.
@HariHacks22 Жыл бұрын
And I follow your guidance and steps... Love you content ❤
@Andrei-ds8qv Жыл бұрын
Very useful as always, thanks!
@cristigdv Жыл бұрын
Great video
@kylealexander6818 Жыл бұрын
Would you recommend someone to use Virtual machines for big bounties ?
@Mo3in5233 Жыл бұрын
استاد دوره باگ بانتی که آف گذاشته بودین و رایگان شده بود رو تخفیفشو دوباره نمیزارین؟
@amoh96 Жыл бұрын
NahamSec your videos like drugs to me always get notification about new video i feel so happy and get energy to hack and learn new things thank you alot
@Vant0mme Жыл бұрын
Nahomies assemble!!!!!!
@NahamSec Жыл бұрын
NAHOMIESSSSS
@WhyDontWeMusic Жыл бұрын
You should create a video on monitoring javascript files and your next target should be for deep dive “uber”
@SansaStarkw Жыл бұрын
thank you for the video.
@cyberman6021 Жыл бұрын
Hey Ben, please talk about CORS vulnerability is it a worth or useless ?
@HariHacks22 Жыл бұрын
Sir I my trying to get into bug bounty but I am also thinking it is better to get first any web pentesting job,, get some experience and then start bug bounty....Sir Can you give some guidance regarding my question it will help me a lot.
@j4ck_d4niels Жыл бұрын
More Deep Dive videos :) Rockstar Games, They have changed some calls :)
@NahamSec Жыл бұрын
Rockstar would be fun!
@Asmr_gam3ing Жыл бұрын
Please make a video automating testing the issues related broaken acess control using ai
@thecoinhustlers Жыл бұрын
Hey, can you record one bug bounty from start to finish, please. Thanks in advance. :) Like your Videos :)
@nafizimtiaz9367 Жыл бұрын
Can you do another deep dive on AT&T? it would be helpful.
@bakeery Жыл бұрын
What should I do to be invited in vdp?
@علیرضااحمدی-ع8خ 11 ай бұрын
very good👍👍
@pythonprogarmming Жыл бұрын
Make a Deep Dive Video on CSRF Vulnerability
@srisowmyanemani9638 Жыл бұрын
Awesome video. Can you also do video on API , Mobile Bug bounty
@Nowayjosedev Жыл бұрын
Airbnb is a good target because it shows how to target big programs but how about web3 programs like OKX or any crypto program
@rahmat_qurishi Жыл бұрын
awsome! Make some videos about manual hacking
@workwork-oz4sc Жыл бұрын
Hello, Please hunt in a public VDP or BBP programs if it's possible
@mostafa12979 Жыл бұрын
Can you record your process in bug hunting in any program starting from recon to exploitation then speedup the recorded video and share it after bug disclosing This will be great for accelerated learning and understanding
@ishowmonkey5918 Жыл бұрын
he doesnt do much recon anymore he just hacks manually
@mehdi_sf7257 Жыл бұрын
please make video how to discovery vulnerabilities and recon.
@abhinavkumar8052 Жыл бұрын
Can you make a video how to moniter a JS file because JS file end name changes as the code updates like main_3c34f.js, main_2r2efw.js
@torryboy2503 Жыл бұрын
Give some idea for creating blind xss waf free
@love2allhumans 10 ай бұрын
Hello i want full video of bug bounty program step by step. thanks
@dublinnnn Жыл бұрын
Manual Hunting for each Vulnerability type plsssss
@mayurbrahmbhatt3806 Жыл бұрын
Real-life XSS finding :)
@CipherMahmud1311 2 ай бұрын
can you make a video of cloud security
@ralphandre4438 Жыл бұрын
Let’s gooo!!
@DigitalSpark-l9g Жыл бұрын
Looking forward for videos on how to do deep and effective recon and a guide for finding manual bugs
@ReligionAndMaterialismDebunked Жыл бұрын
WAF bypass, please. It seems like the holy grail. I'm going to be focusing on it more. Shalom. Salaam. Namaste. :3
@_lyrics_book Жыл бұрын
Make a series for OSCP/ PNPT Certs Related videos. !!! #Req From INDIA. :)
@andreeaszilagyi6865 Жыл бұрын
Hello, it is possible to hack a whatsapp number if I don't have access to his phone?
@aftabsaifi2436 Жыл бұрын
Common bugs for Beginners to get first Bounty through it
@HackAll-ue3sr Жыл бұрын
Sql injection on a bug bounty program
@saadeddine6418 Жыл бұрын
do deep dive on meta
@jackcoder2103 Жыл бұрын
nice
@crusader_ Жыл бұрын
Do epic games next
@jaredelfaz2558 Жыл бұрын
where is the interview with a beginner but successful bug hunter ?👿👿👿😠😠
@pamruth6380 Жыл бұрын
How to be successful as a bug bounty hunter, just like ben ;)
@vjxi Жыл бұрын
Communication with triagers
@AliYar-Khan Жыл бұрын
more real word hacking
@junior0x00 Жыл бұрын
Try Hacking manually just using burp suite and browser bro 😂🔥🔥
@riadhasan2276 Жыл бұрын
Create something for beginners 🙂
@NahamSec Жыл бұрын
Is this not for beginners?!
@danishbhat1536 Жыл бұрын
doing same shit from past 2 years lol.
@cazacubogdan9020 Жыл бұрын
Make a jailbrake for the latest firmware update on ps4!!!
@dencam Жыл бұрын
SQL injection
@clarencemulenga Жыл бұрын
Second
@ishowmonkey5918 Жыл бұрын
first again
@NahamSec Жыл бұрын
FIRST!!
@newbiejember9854 Жыл бұрын
what about LinkedIn ? It seems interesting considering that it's hard to get bugs other than BAC there :)
PuffPaw Arabic
Рет қаралды 17 МЛН
EDUCATION HIVE
Рет қаралды 25 М.
SquareX
Рет қаралды 6 М.
BSides Ahmedabad
Рет қаралды 13 М.