Bug Bounty Target Deep Dive
Рет қаралды 13,965
7 ай бұрын📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
www.buymeacoffee.com/nahamsec
JOIN DISCORD:
discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 $200 DigitalOcean Credit:
m.do.co/c/3236319b9d0b
💬 Social Media
- / nahamsec
- / nahamsec
- twitch.com/nahamsec
- / nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp
@shashankmudgal4581 7 ай бұрын
Hello, can you provide the link for those airbnb writeups?
@NahamSec 7 ай бұрын
buer.haus/tag/airbnb/
@32_jadav_akash22 7 ай бұрын
It would have been great to see a video on monitoring JavaScript files of an application for changes.
@nishantdalvi9470 7 ай бұрын
Yeah
@ReligionAndMaterialismDebunked 7 ай бұрын
Yeee. Cheers. Shalom. Namaste. :3
@Spiderman432 7 ай бұрын
Yup I vote for this one
@MrWick-fy6xw 7 ай бұрын
Yeah
@trustedsecurity6039 7 ай бұрын
I dont understand people like you with your question honestly. Move your ass and start thinking... Learn how the app work, and learn where they store their JS files and it isnt hard to male a cron task who launch a Bash/python script to download JS files and/or inline JS and make a simple diff WTF you really need to be spoonfeed by someone and wait for a video on that???
@marincosmin1214 7 ай бұрын
If you can do a video impersonating a begginer bug bounty hunter, or even better inviting one to do a demo, would be great. Just started on this journy, and would love to understand the methodology after the recon part but to keep in mind that the experince is not as high as yours. Anyways, love your content ❤ keep it up, you definetely won me as a subscdiber and soon to be a member of the channel.
@MarkFoudy 7 ай бұрын
Love this! Deep dive is awesome. The methodology you teach is priceless. Also thank you for the membership only videos. Are you going to make more of them? They are really helpful. Thank you!
@NahamSec 7 ай бұрын
Yes I am! I have some cool stuff in the works for 2024! Thank you for being a member!
@shriyanssudhi4545 7 ай бұрын
A video recommendation:- How to argue with the triager/program of the given issue is a valid security bug or not. I've seen multiple people on twitter say that they have submitted a report and it was marked info by program/triager Same happened to me few days ago. The same issue was accepted by a self managed program, but was marked info on other
@tedwallace5640 7 ай бұрын
Another amazing vid. It should even be a whole series on your playlist.
@user-py2bw1qj1h 7 ай бұрын
As always great source of knowledge. Thank you for creating this kind of vids! Please continue doing more of these.
@NahamSec 7 ай бұрын
Thanks, will do!
@Death_User666 7 ай бұрын
This is great sometimes I'm reading the scope of work and sometimes I get lost because there so much to read/understand and I haven't done much on my account because I don't want to accidently fall out of scope
@golang1540 7 ай бұрын
I wished you would delve deeper into everything related to HTTP headers and their vulnerabilities: cache poisoning, smuggling, X-forwarded-for, via, and so on. They deserve thorough exploration and attention. Thanks NhamSec
@papafhill9126 7 ай бұрын
I always appreciate your content. This one seemed kind of one-note though. Basically, "if you think access to an area will be too hard, you aren't trying hard enough." Great message, no doubt, but was hoping to learn something a bit... deeper. Anyway, still can't wait for next Monday's video! Keep up the awesome work.
@NahamSec 7 ай бұрын
Hey! I really appreciate the comment! A lot of times, the steps necessary to unlock these features require a lot of work. In my early days, there were a lot of programs where I didn't want to jump through the hoops to get my account set up, and later I noticed a few of my friends getting some really good bugs, because somehow they just managed to get access and were willing to spend the 2-3 hours of work. Deeper usually comes with setting up these features and populating data. The concept of going deeper isn't some magic. Is just using the app to its fullest extent and finding out what other hidden features are available, who are they available to, and do you unlock them.
@papafhill9126 7 ай бұрын
@@NahamSec Super appreciate all this extra content/context! It's fun to think about knowing a target to such a high level, feels like really going 'behind enemy lines.' One thing I've been struggling with is how to organize all the recon and deep diving notes. Could be cool to hear your thoughts on keep the massive amounts of intel in order. Anyway, keep it up, you rock.
@prakhar0x01 7 ай бұрын
Great content Ben, Keep making this kind of videos and streams ..!! 😍🔥
@nikitasizov1849 7 ай бұрын
Hey Ben! I think about one of your last videos (5 Best Pieces Of Advice For Bug Hunters), where you speak about hacker mindset (or critical thinking), I think that it is crucial, perhaps you have an idea of how to create a video about it. It will be great for all levels of bug hunters. Thank you for your video and inspiration, which it gives me and other nahomies.
@NahamSec 7 ай бұрын
Thanks for the idea! Will think about this a bit more!
@chupaalex 7 ай бұрын
Hi Ben, nice content! with this video i realise that i'm using the network tab very rare, thanks for the tip!
@askholia 5 ай бұрын
Do you ever do non-domain based hunts? I am new and sticking to just web based stuff, but I would love to see your take on other types of hunts. Thanks for the content! I think your videos are friendly and have a good vibe!
@Hariom_Singh22 7 ай бұрын
And I follow your guidance and steps... Love you content ❤
@miscellaneouszone 7 ай бұрын
Thank you for great content. Keep it up with your great work.
@hansvanpaassen 7 ай бұрын
Hi Ben, I love your videos. In this vid you scrolled past a few peyloads you tried. I am trying my first bug hinting steps, could you make a video on how you find the spots that could be vulnerable and how you determine if there is a bug or there isn't one. As a newbie it is challenging to determine where to start looking for bugs and how to examine which response give you information you can go on and which responses tell you there isn't anything. Keep making these great videos and i'll keep watching! 🔥🔥
@Vant0mme 7 ай бұрын
Nahomies assemble!!!!!!
@NahamSec 7 ай бұрын
NAHOMIESSSSS
@MFoster392 7 ай бұрын
You're still da man Ben, Thanks :-)
@shirishinherspace 7 ай бұрын
Hello Naham, It would be helpful if there were some videos on flutter application pentesting. I would also like to know what are the industry best practices Bug Bounty Hunter use to automate the processes.
@WhiteGirlHeaven 7 ай бұрын
thank you for the video.
@monKeman495 7 ай бұрын
i really liked your airbnb json null encoded waf filter bypass with embed tag and json deserialized rce bring us more finding like this technique to us
@dishantmodi5969 7 ай бұрын
Please make a video on what is your exact method to find the bug? Do you always find subdomains? Are you partially dependent on automate or not?
@Andrei-ds8qv 7 ай бұрын
Very useful as always, thanks!
@siyabongasealetsa8947 7 ай бұрын
Noted!!! So plz, can you in another video show us how you look for any type of injection that could potentially lead to you getting an RCE ?
@danishbhat1536 7 ай бұрын
Make videos on vulnerability classes but in depth and also make series on those vulnerability classes.
@cristigdv 7 ай бұрын
Great video
@ankitjha883 7 ай бұрын
As a beginner in bug bounty from 7 month and I found 2 bug I want to be in your video to tell people what the things that is really not good in bug bounty
@rayanna9972 5 ай бұрын
nope i have found more than 6 bugs last year ...As a professional programmer of Android &&Java ...what i wanna say looking for bugs become tougher than before...and What kind of skills that the video taught to you basically is something we called easy trick...99% hackers could know how to do this ..XD
@gk_eth 7 ай бұрын
Hi ben post videos on finding acquisition domains and how to use ASN to find more domains for a target..
@user-uv8ph8is1l 4 ай бұрын
very good👍👍
@WhyDontWeMusic 7 ай бұрын
You should create a video on monitoring javascript files and your next target should be for deep dive “uber”
@Rootsha0x7 7 ай бұрын
Please make a video automating testing the issues related broaken acess control using ai
@srisowmyanemani9638 7 ай бұрын
Awesome video. Can you also do video on API , Mobile Bug bounty
@rahmat_qurishi 7 ай бұрын
awsome! Make some videos about manual hacking
@j4ck_d4niels 7 ай бұрын
More Deep Dive videos :) Rockstar Games, They have changed some calls :)
@NahamSec 7 ай бұрын
Rockstar would be fun!
@crusader_ 7 ай бұрын
How do you monitor JavaScript files in the era of webpack where js file names are dynamic
@nafizimtiaz9367 6 ай бұрын
Can you do another deep dive on AT&T? it would be helpful.
@thecoinhustlers 6 ай бұрын
Hey, can you record one bug bounty from start to finish, please. Thanks in advance. :) Like your Videos :)
@pythonprogarmming 7 ай бұрын
Make a Deep Dive Video on CSRF Vulnerability
@ralphandre4438 7 ай бұрын
Let’s gooo!!
@cyberman6021 7 ай бұрын
Hey Ben, please talk about CORS vulnerability is it a worth or useless ?
@x1ns44n3 7 ай бұрын
Manual Hunting for each Vulnerability type plsssss
@mehdi_sf7257 7 ай бұрын
please make video how to discovery vulnerabilities and recon.
@kylealexander6818 7 ай бұрын
Would you recommend someone to use Virtual machines for big bounties ?
@workwork-oz4sc 7 ай бұрын
Hello, Please hunt in a public VDP or BBP programs if it's possible
@mayurbrahmbhatt3806 7 ай бұрын
Real-life XSS finding :)
@amoh96 7 ай бұрын
NahamSec your videos like drugs to me always get notification about new video i feel so happy and get energy to hack and learn new things thank you alot
@Hariom_Singh22 7 ай бұрын
Sir I my trying to get into bug bounty but I am also thinking it is better to get first any web pentesting job,, get some experience and then start bug bounty....Sir Can you give some guidance regarding my question it will help me a lot.
@love2allhumans 3 ай бұрын
Hello i want full video of bug bounty program step by step. thanks
@mostafa12979 7 ай бұрын
Can you record your process in bug hunting in any program starting from recon to exploitation then speedup the recorded video and share it after bug disclosing This will be great for accelerated learning and understanding
@ishowmonkey5918 7 ай бұрын
he doesnt do much recon anymore he just hacks manually
@Nowayjosedev 7 ай бұрын
Airbnb is a good target because it shows how to target big programs but how about web3 programs like OKX or any crypto program
@luckyahmed2978 7 ай бұрын
How can i be updated in bug bounty
@_lyrics_book 7 ай бұрын
Make a series for OSCP/ PNPT Certs Related videos. !!! #Req From INDIA. :)
@bakeery 7 ай бұрын
What should I do to be invited in vdp?
@abhinavkumar8052 7 ай бұрын
Can you make a video how to moniter a JS file because JS file end name changes as the code updates like main_3c34f.js, main_2r2efw.js
@torryboy2503 7 ай бұрын
Give some idea for creating blind xss waf free
@ReligionAndMaterialismDebunked 7 ай бұрын
WAF bypass, please. It seems like the holy grail. I'm going to be focusing on it more. Shalom. Salaam. Namaste. :3
@aftabsaifi2436 7 ай бұрын
Common bugs for Beginners to get first Bounty through it
@saadeddine6418 7 ай бұрын
do deep dive on meta
@HackAll-ue3sr 7 ай бұрын
Sql injection on a bug bounty program
@Mo3in5233 7 ай бұрын
استاد دوره باگ بانتی که آف گذاشته بودین و رایگان شده بود رو تخفیفشو دوباره نمیزارین؟
@pamruth6380 7 ай бұрын
How to be successful as a bug bounty hunter, just like ben ;)
@jackcoder2103 7 ай бұрын
nice
@crusader_ 7 ай бұрын
Do epic games next
@vjxi 7 ай бұрын
Communication with triagers
@AliYar-Khan 7 ай бұрын
more real word hacking
@user-dz6yl7rb7f 7 ай бұрын
Looking forward for videos on how to do deep and effective recon and a guide for finding manual bugs
@riadhasan2276 7 ай бұрын
Create something for beginners 🙂
@NahamSec 7 ай бұрын
Is this not for beginners?!
@junior0x00 7 ай бұрын
Try Hacking manually just using burp suite and browser bro 😂🔥🔥
@cazacubogdan9020 7 ай бұрын
Make a jailbrake for the latest firmware update on ps4!!!
@andreeaszilagyi6865 7 ай бұрын
Hello, it is possible to hack a whatsapp number if I don't have access to his phone?
@dencam 7 ай бұрын
SQL injection
@danishbhat1536 7 ай бұрын
doing same shit from past 2 years lol.
@jaredelfaz2558 7 ай бұрын
where is the interview with a beginner but successful bug hunter ?👿👿👿😠😠
@ishowmonkey5918 7 ай бұрын
first again
@NahamSec 7 ай бұрын
FIRST!!
@clarencemulenga 7 ай бұрын
Second
@newbiejember9854 7 ай бұрын
what about LinkedIn ? It seems interesting considering that it's hard to get bugs other than BAC there :)
Critical Thinking - Bug Bounty Podcast
Рет қаралды 2,5 М.