Turning a $500 bounty into $30,000+

Рет қаралды 10,108

Күн бұрын

📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
www.buymeacoff...
JOIN DISCORD:
discordapp.com...
🆓 🆓 🆓 $200 DigitalOcean Credit:
m.do.co/c/3236...
💬 Social Media
- / nahamsec
- / nahamsec
- twitch.com/nah...
- / nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp

Пікірлер: 54

@NahamSec 5 ай бұрын

Come hangout with us on Discord! discordapp.com/invite/ucCz7uh Remember my example is simplified for the sake of this video and I did have to jump through a few hoops like: a small filter bypass, CSP, and finding a legacy API endpoint in order to get my account takeover to work. The next time you find an XSS find a way to gain access to your "victim's" account without just trying to leak their current session/cookies. P.S.: Course update is underway!

@jeanvanoudtshoorn9587 5 ай бұрын

Hi,thanx for the great channel.i am new to hackerone,i have a question,i have a server mis config bug,but dont know under what to report it as there is no description for it under reports.please help?

@Muthu.D 5 ай бұрын

Try to make videos about SSTI and SQLi. All are finding SQLi in cookie,param and login page. I can’t understand how the SQLi works in some areas. Please make a video about SSTI and SQLi.

@H3xOv3rflow 5 ай бұрын

Yes really needed that @NahamSec

@onikumabackspace 5 ай бұрын

I would love to have you opinion on wether i as a beginner should learn one vulnerability first and look for it anywhere, or i should pick a target and learn how to look for many vulnerabilities there.

@kmm4026 5 ай бұрын

You always talk about money, and I think you are trying to attract viewers because you know that they need money. You follow the same method as financial speculation videos and stock exchanges in attracting victims. The topic of Bounty Bugs is very difficult and requires knowledge and time to learn, and not in this way that you present and simplify it in order to attract views.

@benjaminmiller5930 5 ай бұрын

Good stuff and I can actually understand the way you explain stuff.

@AneeshD-l9q 5 ай бұрын

Hii, Can you share the links for 5 week program? I totally lost.

@ashifnewaz9348 5 ай бұрын

give us top 5 bugs finding tutorials..

@silenttravelerRahul 5 ай бұрын

need some video on RCE on latest app

@rctech1237 5 ай бұрын

Wow sir keep it up , present

@giodevJS 5 ай бұрын

Thanks, your videos are really well explained. Learning with your videos is a time saver in some research’s.

@NahamSec 5 ай бұрын

Thanks for watching

@alamlearnn 5 ай бұрын

Add some videos about SQLi , how ,where to find, how to identify and exploitation.

@ultmate948 5 ай бұрын

I would love if you could make your voice louder as it is a bit hard to hear from my side

@NahamSec 5 ай бұрын

Will take a look at audio settings! Thanks for flagging!

@sigma-yn3qd 5 ай бұрын

This dude still selling bs about big bounty come on man do your stuff and stop try to sell lies to people that wants to get a career cause you damn know very well that bug bounty unless you have another job and a lot of time do not pay shit

@MUHAMMADZEESHAN-mx4yg 5 ай бұрын

Is "US Dept Of Defense" paid bug bounty program or free?

@king_Joah 5 ай бұрын

Am new to this game any direction because I don't knw wey to start from and those 100+ pages books aren't helping

@Muby_Ajiwa 5 ай бұрын

Please Sir make a video on Business Logic Error vulnerability

@bountyproofs 5 ай бұрын

Information Disclosure --> It is popular and it has so many different types

@xshmr 5 ай бұрын

ey Naham you just got rickrolled by coffin haha

@zaidwithtech5444 Ай бұрын

we want vuln explain

@comosaycomosah 5 ай бұрын

I see you have hella notion notifications lol same same....hey you got any cool templates for notion or anything? Hacky things lol? Check lists? Im a sucker for a good checklist lol

@shriyanssudhi4545 5 ай бұрын

I have got a stored XSS, but you need to be an admin to inject payload. Any tips on this 😕

@mr.picklesworth 5 ай бұрын

How do you like the 8bitdo keyboard? I've been thinking about getting one.

@MarcelN1980 5 ай бұрын

Hey, will you do an update of the course materials? If so, when? :)

@NahamSec 5 ай бұрын

Very soon! There will be multiple updates. I have finished recording update 1.

@MarcelN1980 5 ай бұрын

@@NahamSec Thanks a lot! Can we help in any way? :)

@Adarsh.-. 5 ай бұрын

RCE naham

@fredenj-wr6qb 5 ай бұрын

It would be great to create SSRF content

@bashirkabiruzarewa 5 ай бұрын

Thats a cool escalation, Thanks for the continues contribution to the community👏🙏,

@NahamSec 5 ай бұрын

Thanks for watching!

@z-root8955 5 ай бұрын

very informative video thanks :)

@mihad0x1 5 ай бұрын

Business Logic Flaw 🤓🤓🤓🤓🤓🤓

@alpernaee 5 ай бұрын

Deep Dive RCE or SQLi

@robinmarte7990 5 ай бұрын

Fire video bro

@Linnocks 5 ай бұрын

IDOR

@brutexploiter 5 ай бұрын

Great!!

@bloatless 5 ай бұрын

Great Content ...

@danishbhat1536 5 ай бұрын

nice one

@shuvokumarsaha8478 5 ай бұрын

Awesome 🥰

@salehlardhi4635 5 ай бұрын

Thanks bro ❤

@MarkFoudy 5 ай бұрын

Hey Nahmsec! Hope you are well!

@NahamSec 5 ай бұрын

Hi 👋🏽

@monKeman495 5 ай бұрын

Can you guys validate this is this a valid bug: If there is a email change feature in application after login. In here by putting victim email instead of sending link to unregistered email we getting link on attacker email (base email ) is this a valid case or some case there is no verification email. We click on link and get registered? With victim email

@nux4857 5 ай бұрын

It's not a valid bug