Finding Your First Bug: Choosing Your Target
Рет қаралды 158,898
Күн бұрынHi everyone, welcome to the second video in the "Finding Your First Bug" in this series I'm going to go over some good first bugs: explain what they are, how to find them, show some examples of real bugs in the wild that paid out and finally do a practical example with Burp on a real target.
In this video, I talk more theory, how to choose a target and what to look for when you're a beginner. These tips are designed for people who really don't know what to look for in a bounty program and give people some ideas on things they could look for. It begins with a lot of theory before diving into real programs and looking at how to find out if they're good for beginners.
0:00 Theory: What should you look for in a bug bounty program
20:43 Practical: Looking at HackerOne to find suitable programs
-- Social Media --
- Twitter: / insiderphd
@suryanshu15 3 жыл бұрын
Thanks, that was really informative for me as a beginner
@yunemse48 4 жыл бұрын
That' what I've been expecting for weeks.. Thanks!
@InsiderPhD 4 жыл бұрын
:D Glad you like it, I intend to do a bug bounty methdology/approach video as a follow up to this one soon
@filipesimoes5398 3 жыл бұрын
It was pretty much useful. Thank you very much for your help.
@William-B 2 жыл бұрын
I received my first bounty by targeting a small, relatively unknown, sub domain connected to a large public program. It used to belong to a small company that was recently bought out by the big one so I figured it might be an “untapped resource” if you will.
@KohzmikYT 2 жыл бұрын
Not to be intrusive or anything but what bug did you find??? I'm also starting to get into bug bounties and trying to find a good methodology 😁😁😁
@muhammedsillah111 4 жыл бұрын
you are absolutely amazing. Really appreciate the information you putting forward.Thanks!!!
@medicineman7894 9 ай бұрын
Please never stop doing these
@taylors4733 4 жыл бұрын
Thanks! Was informative. Keep uploading videos
@cyber-man 2 жыл бұрын
I really liked this presentation, will try to take into consideration every point
@jaiganesh851 4 жыл бұрын
Really doing a great job...Loved IT ..Waiting for more to come..
@InsiderPhD 4 жыл бұрын
Thank you so much, next video will be out tomorrow :)
@abdullahtanveer316 Жыл бұрын
an amazing video that's exactly what i was so confused about
@danielhemmati 4 жыл бұрын
I am speechless, thanks. it really helps. I will watch everything content you make you made my day. 😍😍😍😍🙏🙏🙏🙏🙏
@S0L4RW4V3 4 жыл бұрын
Thankyou Queen for being dope, Sharing your material to my newer team members has been a beauty.
@ashrafulalim1272 4 жыл бұрын
Subscribed just now! your videos are awesome ❤️ please keep sharing
@khneo 4 жыл бұрын
Thanks for the video, very useful !
@jonathanyturralde 4 жыл бұрын
Killer video, very useful, Thanks for taking the time to do this. :)
@htsec4923 2 жыл бұрын
Thank you, that’s helped me a lot
@ggmaxx66 3 жыл бұрын
thank you for your work!
@CryptoRootz 4 жыл бұрын
great video, im motivated.
@dees.9636 4 жыл бұрын
Massive thanks 💛
@CameronNoakes 2 жыл бұрын
brilliant video mate.
@zeecat7109 4 жыл бұрын
Great job. Thank you. And by the way, are you going to hack in to the pyramid(31:58) as well?. :)
@InsiderPhD 4 жыл бұрын
Ahaha my dissertation was on deciphering ancient languages, my wallpaper is a graphic I made for my dissertations, not Egyptian but greek! The writing system is called Linear B
@pentestical 4 жыл бұрын
Just subbed. Amazing content!
@InsiderPhD 4 жыл бұрын
Thank you!
@Timm2003 2 жыл бұрын
Thank u that was really useful
@wingwing2683 2 жыл бұрын
Thanks so much!
@ali7a-ts492 4 жыл бұрын
Great video! All the scrolling up and down in the last 5minutes made me a bit dizzy, but other than that great content. Thanks a lot 😂✌️
@bangraph1379 3 жыл бұрын
Great video ✌🏻✌🏻
@digvijaysadashivpatil650 3 жыл бұрын
It's a very helpful and interesting video. thanks
@InsiderPhD 3 жыл бұрын
Glad it was helpful! That's very kind of you :)
@TXejas19 3 жыл бұрын
This was so good
@coffeehousephilosopher7936 3 жыл бұрын
Brilliant content
@pawanlakhera8605 3 жыл бұрын
can u make a video on spf missing with what type of information should written in it nd proof also. plzz
@eduarddd7 4 жыл бұрын
Nicee, thank you for posting this video. It was very helpful
@SankizTime 3 жыл бұрын
You are everywhere bruh😂
@eduarddd7 3 жыл бұрын
@@SankizTime lol XD
@SankizTime 3 жыл бұрын
@@eduarddd7 bro, sorry! I don't have discord on this phone, so i am not able to talk to uu these days :(
@eduarddd7 3 жыл бұрын
@@SankizTime Oh, it's okay buddy, text me when u can.
@manishneupane6070 3 жыл бұрын
Thank you so much for sharing it,🙏💞🇳🇵
@peopleyoumustknow1325 2 жыл бұрын
Thank u from Vietnam
@tamjid0x01 4 жыл бұрын
Wow great one ..... very help-full
@fictioncentipede9846 3 жыл бұрын
perfect thanks
@RahulYadav-qg9ms 4 жыл бұрын
Will you also be making practical video's on bug hunting?
@InsiderPhD 4 жыл бұрын
R Y I intend to make a full bug bounty methodology/how to approach targets as a follow up to this one :)
@vimukthikumarasiri3993 2 жыл бұрын
It says 'enforces a Signal Requirement'. How I can find bug bounty programs without these requirements or how to fix them?
@Raj_darker 4 жыл бұрын
Awesome !! Video :D K33p Posting .Thanks
@eed5278 4 жыл бұрын
Amazing! What do you think about XSS as first Bug bounty for a Beginner ?
@InsiderPhD 4 жыл бұрын
I have mixed opinions, I think a few years ago XSS was great! But now there's a lot involved to finding an XSS bug and most are being found by pros with significantly more expertise in bypassing WAFs. However, other people tell me that this gives beginners a good chance to learn how javascript/hacking can work. So if you ask me XSS is dead or dying for beginners. If you ask others XSS is a good first bug still.
@Alexander007A Жыл бұрын
hello.. if i targeted my hacker one then how i will go their website? i will just login to their website through their link they are provided there?
@l2m773 4 жыл бұрын
Thank you! Now i don't roam around on h1 for 30 minutes then start a program and give up after 5 minutes lol
@InsiderPhD 4 жыл бұрын
It might help to force yourself to pick a program and just say "this week I am going to work on X, and I'm going to look for bug type Y and Z" like go deep
@l2m773 4 жыл бұрын
@@InsiderPhD indeed!
@fabiosanchez9595 4 жыл бұрын
thanks!
@GameSmilexD Жыл бұрын
Starting here and leaving this comment to check on in 12wks and hopefully already have found a a buf by then
@abdonito8254 Жыл бұрын
?
@thepotatogaming2340 6 ай бұрын
So did you find one?
@twinklesonkar3465 2 ай бұрын
?
@iitnakanpur.. 3 жыл бұрын
Sounds like aussie accent 😅😅 love your content.
@InsiderPhD 3 жыл бұрын
British :)
@cybersecurity3306 3 жыл бұрын
Why does it matter 3:06 4:30 Things to consider 4:30 5:58
@jessyjill7865 3 жыл бұрын
i want practical demonstration of finding bugs of any vulnerabilities step by step ? and how to find the qwebsites having the bugs or not?
@InsiderPhD 3 жыл бұрын
You can find this in my Finding Your First Bug series or my video on Live API Hacking, both have step by step guides. To find websites to hack you register on a bug bounty platform like HackerOne, Bugcrowd, Intigriti etc, and choose a target like I'm showing on this video
@nelson32 4 жыл бұрын
When showing a webpage.. could you slow down a bit? The constant scrolling doesn't allow the viewer to see what you are seeing.
@InsiderPhD 4 жыл бұрын
Thanks for the feedback, I will definitely slow down!
@mohamedkaddouri9622 3 жыл бұрын
Can you make a course please ?
@InsiderPhD 3 жыл бұрын
Spoilers :) by this is something I’m actively looking into less technical more how to find your first bug and get consistent :)
@zeuscybersec659 4 жыл бұрын
Katie pls help.What are the prior knowledge needed for bug bounties? Shoud I do vulnerable web applications?any good books
@InsiderPhD 4 жыл бұрын
zeus cybersec 0: How the web works (Web application hackers handbook - free at HackerOne is great for this) 1: How to use burp (my videos + practice) 2: What bugs are out there and the signs of them (my videos) 3: How to exploit these bugs (practice on CTFs /real targets)
@zeuscybersec659 4 жыл бұрын
@@InsiderPhD thing is I am in this field for 1 year.Preparing for oscp and done many oscp like ctfs.I am more of a network guy but I love web security too.I have done dvwa and Over the wire Natas challenge.I have a good idea on advancd used of Burpsuite.What ctfs/books do you recommend for Getting good in web?Also I don't feel confident as I have given most of my time to ctfs be it network or web.Please help me Katie🙁How can I boost my confidence and what web related books/ctfs should I finish before dipping my feet into bug bounty?
@InsiderPhD 4 жыл бұрын
I think given your experience you need to START HACKING. It’s always going to be tough but that’s eventually where you want to be so pick a bug, pick a target and just START HACKING. Will it be hard, of course! But nothing worth doing is easy!
@zeuscybersec659 4 жыл бұрын
@@InsiderPhD True.Thanks Katie☺️By the way can I add u on insta?I like connecting to people in the community
@InsiderPhD 4 жыл бұрын
I don't have instagram I'm afraid! But you can follow me on twitter and @ me any time if you have questions and I will DM you :)
@hbbss8684 4 жыл бұрын
best "complete beginner bug"?
@InsiderPhD 4 жыл бұрын
hbbss hbbss IDORs for sure, not that technically complex, and you can just methodically test endpoints one by one. Relies more on determination than technical skills
@hbbss8684 4 жыл бұрын
Sick! Thanks again for your help, love the content!!
@reinventingthewheel5603 Жыл бұрын
What is “scope”
@InsiderPhD Жыл бұрын
That’s the stuff you’re allowed to hack or not allowed, it means if you find a bug in X software they will pay a bounty :)
@reinventingthewheel5603 Жыл бұрын
@@InsiderPhD thanks so much
@reinventingthewheel5603 Жыл бұрын
Thought it was a tool or something
@j.a.7724 4 жыл бұрын
Yankee with no BRIM!!
@rhidzkhanahmad5227 2 жыл бұрын
Killer video, very useful, mic sucks
@imcool2791 3 жыл бұрын
lol i got no skills or knowledge about coding how can i do it
@InsiderPhD 3 жыл бұрын
Check out the whole series, especially Business Logic and IDORs which I think are great first bugs when you haven't got a lot of technical skills yet. You can also practice with CTFs
@CyberSecForce 3 жыл бұрын
Good
@kallikantzaros 4 жыл бұрын
How old are you?
@everything6504 Жыл бұрын
Hi what is your age plz
@prithviraj6529 4 жыл бұрын
very low audio volume. had a hard time tbh
@InsiderPhD 4 жыл бұрын
I’m unfortunately not a great KZbinr lmao and it took me a few attempts to get the audio right, for the moment just increase the volume but in the future I have fixed this issue!
@prithviraj6529 4 жыл бұрын
@@InsiderPhD i ran it on big speakers used earphones did eq on chrome to boost high end still was quite low. hoping to see a fix soon. thanks for resonding. #ayylmao for life.
@lightyagami5776 4 жыл бұрын
Cute voice
@aashikyadav4439 4 жыл бұрын
Love your voice. so sweet. :)
@aloneking5388 Жыл бұрын
Your voice is wery low please chenga your mic
Bug Bounty Reports Explained
Рет қаралды 139 М.
BSides Ahmedabad
Рет қаралды 35 М.