15:43 pentesterlab, OSCP 16:40 Mayonnaise 18:06 i run NMPA religiously, subdomains brutforcing, active reconnaissance 26:49 I can effectively read code, bash, python, curl 31:30 none of those tools would have caught that 34:58 nmap 36:00 ffuf 37:40 DNS brutforcing , resolution 46:53 bugchain 53:05 reject ? children, inti (securinti) 01:03:20... --------------------------------------------------------------------------------------------------------------- 01:06:17 you want inputs that you can put shits into... to get an ouput which is a bug 01:06:34 extend an attack surface, 01:06:51 find more dynamic content where we can actually throw bullshit into, that we can a response from, 01:07:30 web security fundamentals, burp suite ---------------------------------------------------------------------------------------------------------------- 01:10:19 burp, I use intruder 01:19:31 if you are looking for something for like half an hour or an hour and you are not getting any indicators at all there is a problem, make money, for 8 hours... refine my approach...

I've watched this interview three times already, and I will watch it again, thanks a lot Nahamsec and Naffy

2 hours passed just like that, had this been for another hour, I would still watch, NOT a single moment of boredom. #Naffy pours his heart out, very upfront.

Naffy is a real bro, this was a great interview. Thanks to both of you for siting down together and getting into it

Thanks Ben, thanks Naffy for your time, this has really been a great interview

"Just find what makes you happy and just fucking do that thing, like" - Naffy

Wow, these recon sunday interviews are just pure GOLD!

One of the best interviews and many more to come in near future

i'm so glad for find this interview and this clever man, thank you naham and naffy

Thanks naffy ... I searched a lot in nullcon as I heard you were there . Wish I could meet u ...

Best interview 😉 I was burning out, then I watch this content , now feeling very happy and motivated ☺️. Thank you for everything ❤️

Damn, this video is fully knowledge packed ..

Man this interview is a bomb!

Totally good dude. Cheers to ya both.

Bro's got some good taste in music

This Interview is 🔥🔥🔥💛

hope to see more interview with Naffy :)

Awesome! Thanks @nahamsec... First to report.. Yee-haw

Huge thanks guys 💚

This is so cool ... naffy is here wowow...!

This is pur goldmine ❤️

Legends ❤️

wtf is going on in the background of this mans audio

This is bugging me and wondering if anyone has the answer - naffy talks a lot about nmapping for ports etc. In my mind this must mean that he is scanning the entire IP range belonging to a company vs doing some subdomain recon and then scanning right? I can't see much value in scanning non-standard web ports for domain names other than the occasional time you might find something else running on a weird port. More likely, it seems he is scanning IPs for forgotten-about stuff hosted on the web that may not have a FQDN?

@Nahamsec Im really curious what is the average time watched on these Bug Bounty Talks. I usually watch them fully 2 or 3 times while taking notes and I consider them one of the most valuable thing in the bb community. If the averate time watched in less than 30-50% then some stuff will might make sense for me.

Awesome interview bro, as always, a great deal of experience being shared for the community.!!

can you start putting timeline in the video?

one day i will be interviewed👍

he's quite a geezer

Great interview

16:50 whos the guy thy are talking about?

@Nahamsec Next Time @Codecancare Thanks For Sharing!

Insane!

Guys which nmap command did he type ?

That's a lit song ....

good stuff

Naffy is gangster!

Naffy is the real cool guy

Real talk

Does my guy have porn on the background like it's ASMR

41:58 nmap 1:00:00

Five accounts man. It's true hackers don't like to pay for stuff. Its about freedom.

kzbin.info/www/bejne/i2nXdItojcSoabs Anyone understand that died CNAME bug? Did he mean that the CNAME is died and he just went to the orignal IP address? But how did he get that ip? DNS history? Thanks.

smart guy, at least I think so, from his thought process and everything. Not sure about him constantly showing off that shoulder tattoo though lol

I want to be bug bounty Hunter so bad

😍😍😍😍

1:20:00

He's talking about elliot alderson right 😂?

Haaay

What you said about Oscp proxy cert is good but taking India name is not correct Bro, I know lot people in other countries who got all certs but can't even understand basics.