How to Finding Easy Bug Bounty Targets
Рет қаралды 33,966
2 жыл бұрынAll my videos are for educational purposes with bug bounty hunters and penetration testers in mind KZbin don't take down my videos 😉
shop merch @ merch.phdsec.com
Follow me on Twitter = / phd_security
All My Courses = www.phdsec.com/
In this video I try to Help You find easy bug bounty targets
Follow me on Twitter = / phd_security
@runswithpencil 2 жыл бұрын
Just wanted to say thank you for sharing these tips, I'm a total noob and it's a heck of a steep learning curve, every bit of advice is greatly appreciated. Keep up the good work!
@scarytruths01 Жыл бұрын
Thank you for posting this video I been struggling a bit.
@BobBob-qm2bm 2 жыл бұрын
Thank you for sharing the knowledge👨💻
@MohamedEssam-dl2th Жыл бұрын
Thank you for sharing your knowledge 🌹
@abbasbavarsad4448 2 жыл бұрын
Thank you for sharing the knowledge
@157fsxedits6 3 ай бұрын
i dont know you that well but i really love you bro continue
@Blank_Chy Жыл бұрын
Goooodsss thank you so much, keep it up 💥💥💥
@AnthonyMcqueen1987 Жыл бұрын
There is nothing easy about this game to me the larger the scope and user friendly the better than anything else.
@Trapworkoutnation148 9 ай бұрын
I have a question if the subdomains aren't listed in program scope i still can get a bounty if i find any vulnerabilities ?
@davidkim2003 2 жыл бұрын
Thank you so much for the information! Is it possible for you to share the setup of your kali? I would really appreciate it if you could share the must have tools on kali and how to set up each of them. Thank you so much!
@ryan_phdsec 2 жыл бұрын
I am actually working on a tools course right now. Hoping to have it done by next week.
@davidkim2003 2 жыл бұрын
@@ryan_phdsec I am looking forward to it!
@DEADCODE_ Жыл бұрын
You're Good Dude
@Arjun-iz7lg Жыл бұрын
Sir which website is best for bug reporting like hacker one
@lordligma2529 2 жыл бұрын
You beautiful beautiful man you’re so incredibly helpful. Any suggestions for how to go about getting bug bounties. For example hacker1 or are there other sites? And what keeps you from getting in trouble when hacking sites? Do you need to open a VM from a sponsored site with a known IP so the customers know you aren’t malicious? Or do you just hack the site and stick solely to the scope and hope for the best?
@ryan_phdsec 2 жыл бұрын
Some programs will have you add a custom header in burp with your bug bounty username or suming like XXBUGCROWEDXX so they know you are not malicious. Some don't require it. I am always nervous about getting flagged as malicious, so in all my payloads I include my username.
@gamegunner9079 2 жыл бұрын
Amazing Tips
@Andrei-ds8qv Жыл бұрын
thanks a lot
@powerstock9464 Жыл бұрын
Thanks
@trixxxbdo Жыл бұрын
Hi, great vids bro Could you clarify a question for me? please I'm curious about for example the blog page you used in this example, if developers and the company don't know these blogs (or any similar page) are up, then that pages for sure will not be in the target scope in their program, for example, in hackerone. My question is: then i don't need to stick to the "in scope targets" when searching for bugs ? Maybe this is limitating me alot, but i'm not sure if i'm able to enumerate all the website's sub domains and directories or need to stick to only the "in scope" list they provide. I hope you can help me with my questions, and thank you so much man!!
@Freezpingui 10 ай бұрын
If you attack sites that are not in scope you can get into legal issues with them. Some programs say that out of scope are allowed if it's really something they should know, otherwise stay away from those
@trixxxbdo 10 ай бұрын
@@Freezpingui thank you so much, that's why I'm fear about attempting into non in-scope sites and keep stick into the in-scope list. So maybe I'll try to search for programs with a large, or completely open scope then.
@Freezpingui 10 ай бұрын
I'm also a beginner and yeah the best way is to look for large scopes but I've heard that even experts get out of scope many times so don't worry too much about it, just check once very x time if you're still in scope or not, it will get better with time
@robinhood3001 2 жыл бұрын
How can i find vulnerabilities on cms and report it? I'm a new bug hunter...
@ryan_phdsec 2 жыл бұрын
Look for version numbers and check to see if there are any known vulnerabilities and then test for them. Also, if you can find the type of cms, there are often tools that will check to see if the plugins or cms is out of date like wpscan.
@ryan_phdsec 2 жыл бұрын
Also check default logins. Look for default pages that give you more information about the web app
@ahmedahmedx9600 Жыл бұрын
Please sir, can you make a live bug bounty hunting on public program so as can learn recon and how to think like bug hunter ?
@skselim8536 2 жыл бұрын
Question: • What is the difference between session id and cookies? • Is session id is a part of cookie? I googled it, but it's a little confusing thing for me 😑
@lordligma2529 2 жыл бұрын
My guess would be a session ID is an instance where your settings or changes are temporarily stored, cookies are probably involved but it is a reference point for the site to return or record actions
@ryan_phdsec 2 жыл бұрын
Usually Cookies will store a lot of different information and a session id can be stored within a cookie. Sometimes you will see auth tokens that are linked to a session. The place a session id is stored can change depending on the website.
@MagicPlants Жыл бұрын
You should read a book on the internet first then start hacking. This is like asking the car mechanic if the spark plug goes in the radiator...
@Free.Education786 2 жыл бұрын
I am new in bug bounty. What to do after getting XSS reflected alert ⚠️ popup with 🍪 cookies ? Or document.domain popup alert ⚠️...
@ryan_phdsec 2 жыл бұрын
If you get XSS to pop you report it? If you are in a ctf usually you will just submit a flag.
@Free.Education786 2 жыл бұрын
@@ryan_phdsec That's what I am saying. Master how to escalate it further? Please provide one detailed video on reflected xss because this vulnerability is everywhere on every single website on internet....please share your knowledge. Thank ❤️💐🌺💥💯👍😘🥰😘💫
@davestorm6718 5 ай бұрын
How would you get rewarded? Call the company? Is there a good way to get a contract for payment if a bug is found?
@lorianindigo5556 5 ай бұрын
There are websites where a company will put out a bounty then you submit a report on the website where the bounty was posted
@jordangtt9860 2 жыл бұрын
No shade, just new to the scene. What is the point of bug bounty?
@ryan_phdsec Жыл бұрын
People Can hack big companies and get paid for it... It is kind of like freelancing or side gig for hackers
@jordangtt9860 Жыл бұрын
Ahhhh. Awesome cheers for cleaning things up mate
@denverzimunya8303 2 жыл бұрын
✊🏾🙏🏾👏🏾👏🏾
@himanshu3984 2 жыл бұрын
Hello sir can u please make a long video on your cybersecurity and bugbounty journey like how you started from where you learned it will help me alot as i also wants to become cybersecurity engineer
@ryan_phdsec 2 жыл бұрын
This is a great idea!
@himanshu3984 Жыл бұрын
@@ryan_phdsec so sir will it come?
@gamegunner9079 2 жыл бұрын
Hello Ryan McKenney,big fan :)
@sykoarmy5053 Жыл бұрын
yo bro i wanted learn bug bounty but i dont know where should i start and what should i do😢😢😢😢😢😢
@melonman1252 Жыл бұрын
Shut up
@Shintowel 2 жыл бұрын
Kopi mana kopi
@BusDrivingPOV Жыл бұрын
Check out Ridotto's bug bounty program, big money to be made
Bug Bounty Reports Explained
Рет қаралды 142 М.
BePractical
Рет қаралды 10 М.