Learn Bug Bounty Hunting with These Resources!
Рет қаралды 13,640
Күн бұрынI made this video a few years ago but as you can imagine the bug bounty community moves quickly, so here is a new list of resources for 2023 and some of my favourite newsletters, KZbin channels, blogs, write ups, books and more that I recommend if you're just getting started!
Link to the full article with more detail :) open.substack.com/pub/insider...
0:00 Introduction
1:57 I can't tell you what will work for you
3:44 There's no course/book/video/spell
5:32 VARIETY MAKES LEARNING EASY
6:29 The CTF Roadbump
8:00 Learning Isn't Linear
8:53 It's okay to not know what you're doing
9:23 Push Yourself
11:27 Structured Learning Paths
13:19 Courses
15:05 Videos / Streamers / Shorts
16:26 Lecture Videos
17:03 Tools
19:45 Conferences
21:31 Podcasts
22:39 Books
26:08 Write Ups and Disclosures
26:58 Newsletters
28:15 Vulnerability Lists
29:00 Actually Hacking Something
29:33 Community Engagement
31:33 Start with the fundamentals
33:39 Join the Community
@flavioferlin3127 Ай бұрын
Howdy to all. Dear Katie, bless your heart. Thank you, kudos.
@M3dU5aXX_Ray_Tierney 29 күн бұрын
Katie, you are a life saver!!! I could not wrap my brain around these for college exam!!❤🎉
@linuxluminary 4 күн бұрын
Thank you so much for the motivation, I started bug hunting on bugcrowd in July and so far I have reported over 15 bugs and all of them got either duplicate or information or not applicable. I am watching your videos to get motivated 😉😉😉
@asuhayda1 Ай бұрын
I really appreciate your point of view on this topic. I'm just getting started learning cybersecurity and found your video to be super helpful. Thanks!
@sergeantosiris Жыл бұрын
Great pointers as always!
@taiwomiracleveecthor2617 Жыл бұрын
Thank you so much Ma
@vipinsharma1984 Жыл бұрын
Great..very useful!
@Meimei025 11 ай бұрын
So powerful insight, thanks sister ^^
@Aditya_khedekar Жыл бұрын
was waiting for your video from so long
@sudani0zak Жыл бұрын
Thanks 😊
@harpocrat3s Жыл бұрын
Great video, thanks for the useful information
@rahmat_qurishi Жыл бұрын
You are the best❤😊
@maremeaxi3344 Жыл бұрын
great!
@arnd12940 Жыл бұрын
Amazing
@lawlietchang2556 Жыл бұрын
thank prof.
@alexandersoltesz8103 Жыл бұрын
Awesome, thank you so much! As for the tools, I've been debating if I should stick to burp or give a shot to Caido. I tried it out and fell in love with it, so clean, well structured and works great with Postman which is really effective for api hacking, so it's reassuring to hear other people are excited for it and its further developments too!
@InsiderPhD Жыл бұрын
Rhynorator is a big fan too especially because it works on his Chromebook!
@eyephpmyadmin6988 11 ай бұрын
My first "hack" was the most by the textbook CTF style almost like the developer just wanted it hacked, it was my school counties website (that they scrapped but kept online) had a search box with sqli and unhashed passwords and everyone used the same password for the super expensive golden door login site they had. I was 15 and got super popular bc of it but I wasnt even proud of myself for it was too easy. Yes I got arrested (not charged as adult thank God) 120 community service, two weeks juve, nothing that connects to Internet for year(like they could enforce that😂) I deleted everyones absents made people pass classes and it was the last month of school
@dub161 6 ай бұрын
Can you make a video on bug bounty setup? I have concern regarding IP ban and stuff.
@InsiderPhD 5 ай бұрын
I wouldn’t worry as long as you aren’t constantly hitting a server with payloads you won’t get an IP ban
@asuhayda1 Ай бұрын
You mentioned putting several links in the description but there aren't any there.
@walle1st Жыл бұрын
Hi Katie, what courses would you recommend for the recon and burpsuite phases?
@asynciome6737 5 ай бұрын
Your videos are amazing I learned so much and man idk what to say anywhere I can donate? ❤
@InsiderPhD 5 ай бұрын
You can but don’t worry about it :) the best thing you can do is sign up for a Bugcrowd account and start hacking ;)
@damiencalloway Жыл бұрын
Was there meant to be a link in the description? I cannot find it, can you please provide the link to the blog post?
@Alexander007A Жыл бұрын
Hello KATIE thank you for your all helpful videos i learned so much from them and its very good for a beginners like me you also teach us how to stick to them and keep our passion for it . but i learn idor and how its works but i didn't know where i can found and how i chose a website for idor can you explain us plz
@InsiderPhD Жыл бұрын
I’m actually going to do a livestream with Bugcrowd soon but any time you can see an ID as a number or a UUID (/resource/1, post=1) you wanna be checking for IDORs Tumblr is a great program to start with
@Alexander007A Жыл бұрын
@@InsiderPhD yes .. I understand these concept from your lectures and as well as web security academy labes now I just want land hands on practice.. please help me
@Alexander007A Жыл бұрын
@@InsiderPhD where I can find website to Scan?? Hacker one?
@birbalkumar3040 Жыл бұрын
Sir own cryptocurrency mining ke liya language pat hai par start kaha se kare code🤔🤔
@ReligionAndMaterialismDebunked Жыл бұрын
Early. :3
@MJ-vx5cz Жыл бұрын
Hey thank you for the good work ❤ I am trying to to jump in to bug bounty I tried to test an api of an app but I can't figure out how too see the api end points the app when i change the proxy of the wifi the app refuses to work I tried to install it in android simulator but they have some kind of security that will not allow you to install in simulator
@MJ-vx5cz Жыл бұрын
Any advice?
@InsiderPhD Жыл бұрын
I have some videos on this, but it’s usually because you need to break the ssl the app is using, the most reliable way is to use another tool called Frida use this scrip t codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/ with this tutorial infosecwriteups.com/hail-frida-the-universal-ssl-pinning-bypass-for-android-e9e1d733d29?gi=642ecc6dad06
@MJ-vx5cz Жыл бұрын
@@InsiderPhD thank you 🙏
@bertrandfossung1216 Жыл бұрын
First to comment 🎉
@mfinixone1417 Жыл бұрын
My problem is that I have to stop learning and start hacking
@InsiderPhD Жыл бұрын
You can make the jump, just try and explore the next bug bounty programme you see, just try and map out in your notes which requests power which functionality and what kind of bugs you might want to look for :)
@manan5 Жыл бұрын
hey wheres the blog post link?
@InsiderPhD Жыл бұрын
Didn’t get released in time :( should have it out before the weekend
@lowkeylyesmith 11 ай бұрын
Hi, I have a question that is very close to my heart. You have extremely much knowledge and also show a lot in your videos, but I'm just despairing. I really want to get into the Bug Bounty Hunter business as a side job, but I have no idea where and what to start. It kills me that I am apparently too stupid for it. I work as an IT forensics engineer in a government agency, before that I worked as a software engineer for a large food company in Austria, I have an IT technician and computer scientist degree, I graduated as a data scientist and business analyst, I had several trainings in databases and C# etc ... and am now too stupid to start as a Bug Bounty Hunter. I would like to ask you for advice and tell me what I am doing wrong or what other courses I should take. In the meantime I have several Udemy courses, got the APIsec University course, ... I am at the end of my rope. Sorry to bother you with this, but I didn't know what else to do. Thanks and best regards from Austria René
@InsiderPhD 11 ай бұрын
You're probably not too stupid to do anything, you already have a successful career - that's proof enough. You have a whole DEGREE that has taught you SO much about how to approach problems. When you started programming what improved your programming the most? Was it course after course showing you the basics of how objects work? NO IT WAS ACTUALLY PROGRAMMING. Stop taking courses and actually start hacking, look at websites, understand how they're built and what goes into an action like logging in to a website. Don't just spam payloads but think about the type of security constraints an application has implemented and how you might bypass them. Focus on training yourself to think like a hacker, you're looking at a black box, what's on the other side? You have a BIG advantage with your skillset! Don't expect a bug in your first 10 hours of looking at a real client, just explore the website, break down features into each request/response you need. Think about how what kind of security measures should be in place, if you were implementing it how would you do it? What mistakes would a junior make?
@itsm3dud39 11 ай бұрын
cybermentor dont do bug hunting
@InsiderPhD 11 ай бұрын
No but they're making a lot of API security videos at the moment!
@riteshraiharikarai3441 Жыл бұрын
Hello mam, How are you? Mam I also want to do bug bounty and ethical hacking. Can you guide me the road map and suggest some books? Mam I am unable to create effective virus +malicious with python. How can I solve it?
@TylerDurden-dd1tq 8 ай бұрын
You are absolutely wasting your time if you are bug bounty hunting for money instead of curiosity or passion.
@InsiderPhD 8 ай бұрын
Agreed, I think anyone looking for a quick buck is going to be disappointed
@ANiME_LoVE3r Жыл бұрын
Thank you a lot How can I dm you?
@InsiderPhD Жыл бұрын
Yup on Twitter or my email is on my website :)
@agapic445 7 ай бұрын
Hi i really want to contact you to tell you something just because i feel it might brighten your day in the future, basically i want to share a story of mine i am not even interested in getting a reply or a feedback just i want to tell you so later on i can give an update that hopefully it makes you understand more how are people like you are significant to the community is there anyway please? ( i don't trust telling it publicly)
@InsiderPhD 7 ай бұрын
Katie@insiderphd.dev
ТВ3 - сериалы и шоу
Рет қаралды 2,4 МЛН