Finding Your First Bug: Impact and Report Writing
Рет қаралды 6,695
Күн бұрынWelcome to the final episode in the Finding Your First Bug series, today we’re talking about the final stage of bug hunting, report writing. Specifically, we’re looking at: how do you know if you’ve found a bug? When do you report a bug? What should a bug report contain? What’s the key to getting high bounties? We’re going to talk all about those really key questions! And also talk about some bug bounty etiquette and how to express yourself.
Case Studies
- #536853 Unreleased CTF Levels are Revealed on /group/user/ID1?user=USERID endpoint: hackerone.com/reports/536853 #498052
- Password theft login.newrelic.com via Request Smuggling: hackerone.com/reports/498052 #716292 JumpCloud API Key leaked via Open Github Repository.: hackerone.com/reports/716292
- #674757 Total Paid Bounty Paid can be disclose: hackerone.com/reports/674757
- #792927 Email address of any user can be queried on Report Invitation GraphQL type when username is known: hackerone.com/reports/792927
- #156098 XSS At "pages.et.uber.com" : hackerone.com/reports/156098
- #180074 BAD Code !: hackerone.com/reports/180074
- Why I’m banned from hackerone? - Kenan - Medium: / why-im-banned-from-hac...
Further Reading Bugcrowd University
- How to Make a Good Bug Submission - KZbin: • Bugcrowd University - ...
Contact Me
@insiderPhD on Twitter
@omarbdrn 4 жыл бұрын
lol That Kholy report killed me 😂😂😂😂😂😂😂😂
@ImranKhan-tc8jz 3 жыл бұрын
Thank you! This series was sooo good, Looking forward to new stuff from you.
@christenw.1726 2 жыл бұрын
Yes, this video is very useful. Thank you for teaching us.
@robbie2044 4 жыл бұрын
Just got this in the feed. Big thumbs up for this video. Great presentation and explanation! This should have much much more views. But I guess it is like that... People like YT "low hanging fruit" (10min, be a haxor video) of how easy this job is and how everyone can do it.
@InsiderPhD 4 жыл бұрын
I wish I could explain how to hack in 10mins , believe me I'd have millions of views and $$$$. But turns out hacking is kinda hard who'd thunk it. Thanks for watching my video I do really appreciate it
@skwtf 4 жыл бұрын
Thanks for the video, Katie. Really interesting to see what sort of things the triagers have to go through. Can you please consider zooming in on the images a bit for the next video?
@InsiderPhD 4 жыл бұрын
Yes of course I realise that they were a little small this video!
@ismailramzan8927 4 жыл бұрын
Guess what? You are Amazing !!!
@mubashirparay545 4 жыл бұрын
THANKS, for producing content like this. It is truly epic. One more thing can u make a video on Wayback machine and how to find some easy bugs using wYBck.
@InsiderPhD 4 жыл бұрын
I’ll add it to the list :) I’m currently playing with it for a project of mine
@karimsz2009 3 жыл бұрын
Ty Dr for your unique content , That little immature attitude made me laugh a lot.
@tahasamar7223 2 жыл бұрын
you actually have the best "how to start bug bounty" in the youtube but I still can't find my answer to how to practically start doing it . I mean like how to work with a bug hunting website ?and what is N/A means that every body says we will see in starting days ?what are the steps to report and get answer and how do these sites pay? and these stuff
@fredricksilas8407 2 жыл бұрын
We are into the bug but more the impact Bigger the impact the bigger the cash and rep
@TheAlanCulley 4 жыл бұрын
Should I report a particularly vicious bee that attacked me the other day? I understand that they are becoming an endangered species so I am somewhat reluctant to take action. What would you recommend?
@gcm4312 4 жыл бұрын
38:20 "maybe they would have got triaged a little faster if they had fully explained it". The report was so good and concise it was triaged, solved and payed out in 24h.
@InsiderPhD 4 жыл бұрын
Whoops, good catch! My mistake!
@AnwarSabry 4 жыл бұрын
thanks for your content. i'm from Egypt so i have to tell you that your bad example about that Egyptian guy called as Ahmed Kholy was very good that guy is a big nothing ,he belongs to the family of the president of Egypt so that he was shown as a great hacker and save Egypt from terrorism !
@tamjid0x01 4 жыл бұрын
@skarverse 4 жыл бұрын
i am a beginner....i always like your way of explaining.....i have some questions,guess you could help me....how to find the bug-bounti-programs that does not frustrate me(Beginner) ?.....how to analyse the programs in bugcrowd or hackerone in this perspective? ....Thnx in Advance....
@InsiderPhD 4 жыл бұрын
I made a video on this called Choosing a Target, check it out and I think that will answer your questions :)
@skarverse 4 жыл бұрын
@@InsiderPhD thanks for responding✌....i have seen all your videos including it🤗...but Do i have to look for recently added programs ? because many programs that i come across has many bugs that are submitted already or having bad interface😥.......Some more Doubts😇 1.Do you check *each and every possible places* for bugs by *manually* going through it?...... 2.How to join a team for hunting online ?.....
@InsiderPhD 4 жыл бұрын
It's up to you to figure out what kind of program works for you. You can do the Hacker One CTF to gain points, once you have enough for a private invite you can wait for it, see if it's an established program (with lots of bugs found already), if it is you can reject and wait for the next invite. However I'd advise against doing that and picking something you're interested in and that has a scope you like. 1. Yes, I think manual testing is the way to go, it means you really understand both the app and any bug you find 2. Get involved, join channels on discord or slack, talk to people on twitter, make friends : twitter.com/sylv3on_/status/1247300974055653382
@skarverse 4 жыл бұрын
@@InsiderPhD Really you have cleared all my doubts👍.....Yeah i'll try talking to people and gain some experience😇.... *Thank you* for spending your _valuable time_ ,explaining me everything _calmly_ 🤗.....
@InsiderPhD 4 жыл бұрын
Just keep at it, don’t be afraid to ask questions, keep learning. You’ll understand more with more experience
@GeoLocading 4 жыл бұрын
! ur voice is too cute HAHAHHA!
BalcevMMA_BOXING
Рет қаралды 21 МЛН
Bug Bounty Reports Explained
Рет қаралды 15 М.