$0 👉🏼 $1,000/Month With Bug Bounties

Рет қаралды 65,752

Күн бұрын

Signup for Snyk's CTF today: snyk.co/nahamsecctf
Hacking Full Time Blog Post:
nahamsec.com/p...
📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
www.buymeacoff...
JOIN DISCORD:
discordapp.com...
🆓 🆓 🆓 $200 DigitalOcean Credit:
m.do.co/c/3236...
💬 Social Media
/ nahamsec
/ nahamsec
twitch.com/nah...
/ nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp

Пікірлер: 137

@NahamSec Ай бұрын

Purchase my course and learn about bug bounty hunting with over 11 hours of content, 100+ labs, and 15+ vulnerability types bugbounty.nahamsec.training

@bhaveshatwal8142 Ай бұрын

Can you please provide a voucher for this if any?

@bhaveshatwal8142 Ай бұрын

Can you please provide a voucher for this one ?

@rdx8122 11 ай бұрын

01:15 == Mindset - Through negativity out of the room when you are hunting, there are always bugs - Show some Impact on the company, No impact = no value of your bug - CTF approach 04:20 == Approach 07:34 == The right vehicle / Think before you pick a program 09:58 == Collaboration is the key 10:41 == Celebrate the Success / Enjoy the little moments Love you Nahamsec sir ! 🙌🙌💖💖

@Nohope__ 8 ай бұрын

true true true true true

@vsulli Жыл бұрын

I bet you've had feed back from noobs where ppl are frustrated that they are not finding vulns, but you should emphasize that ppl who have found a bug, written it up, submitted it to the bug program, and received a 'Duplicate,' should be praised for their progress. Think of all the skills that went into producing just the first report. > Recon > Training on what to look for > Mindset, CTF attitude of not giving up > Investigating the vagueness of information ( digging for diamonds in dirt) tuning your bounty senses > Hypothesis, investigation, and proof of concept > Writing a report. All of these things together need to be developed in concert in order to produce a report that could even qualify for a submission. Forget about the fact that in the end it turned out to be a "Duplicate," first time bug hunters should be proud that they are writing a turning in a report at all!!! 😍😍

@therelatableladka 11 ай бұрын

I feel motivated even though i haven't found one yet.

@dominusfalchion8020 8 ай бұрын

@@therelatableladka Bro could we connect on discord

@brendan8665 Жыл бұрын

@bxnny0374 Жыл бұрын

This is my goal. I've been studying so hard to reach it. Hope to find my first bug soon :)

@NahamSec Жыл бұрын

Best of luck!

@Moyocoyotzin700 Жыл бұрын

Can we be an accountable partners on bug bounty

@Moyocoyotzin700 Жыл бұрын

@@camelotenglishtuition6394 Can we be accountable partners on bug bounty

@LearnTv-qy5xb 4 ай бұрын

@bxnny0374 did you find bug ?

@lucianjohr5569 Жыл бұрын

Thanks so so much Naham. Overwhelming for me as a beginner. But exciting and interesting. Thanks

@ultrahdgood 9 ай бұрын

00:04 Bug bounty hunting can change our lives and provide a new career path with significant financial opportunities. 01:36 Approach bug bounty hunting with a positive attitude and focus on finding vulnerabilities. 03:00 Bug bounty hunters have a relentless mindset and are always looking for solutions to problems 04:28 Choosing between manual and automated bug hunting determines your approach 05:53 Manual approach is recommended for new bug bounty hunters 07:14 Choosing the right bug bounty program is crucial 08:40 Use metrics to choose a good bug bounty program and consider the minimum bounty amount 10:03 Collaborate with others to find more vulnerabilities and make more money together.

@vsulli Жыл бұрын

Nahamsec, regarding some hunters that are running a scan in the background and aggregating their data to find better vulnerabilities, can you talk you talk about how people setup systems that support their niche interests. It seems like we need to double down on the TTPs (tactics, techniques, procedures) that we are familiar with and learn how to leverage those interests when summing up the impact in our vulnerability reports.

@socdot-x6l 11 ай бұрын

You are one of the best, thnak you very much for all what you are offering to the comunity

@bayaspirinha Жыл бұрын

the more i learn, the more i realize i don't know anything, but it motivates me, so i dedicate more hours each day, i don't feel nowhere near ready to start doing bug bounty, but i know it will come.

@courier3567 Жыл бұрын

Eventually you'll be familiar with 100 things and you won't know how to use those things well but you'll know what they are after learning about 100 more things you'll start to realize how they work together and how you can chain the things you know together to get results it's a long process but each day it will get easier. The best thing you can do is just keep learning and really go deep look at other peoples comments and advice because it will really help you start making those connections in what you know and what to look for.

@castillorafi Жыл бұрын

honestly we can't choose between those two. So please please please do both, and if it's possible add a third video showing how you can mixte the two of them. thank you.

@shaunakkhosla3569 Жыл бұрын

where's the blog post where you talk about how to select a good BB target, also, would love to see a video on the automated method you briefly mentioned.

@NahamSec Жыл бұрын

Here you go! nahamsec.com/posts/hacking-full-time

@shaunakkhosla3569 Жыл бұрын

Thanks! you're a G@@NahamSec

@adyp487 Жыл бұрын

You're a true inspiration, Ben! ❤

@AnthonyMcqueen1987 11 ай бұрын

Large scopes is where the gold is and mix manual with automation that will make you a better hacker and focus on one vulnerability class at a time.

@chaospixxie Жыл бұрын

Would love to see a video on using both manual and automated methods combined

@georgejones5019 Жыл бұрын

This. A combined or hybrid method, aggregating info to find higher value bugs.

@derciogulele8682 Жыл бұрын

It is really great man. Don't get tired of us. We are working hard to get there... btw...what chair are you using? Maybe that can be a starting point lol

@haroonrehman8156 9 ай бұрын

7:18 YES we want to hear from you about this, If you have made a video please update description, comment section and the, I Button (recommendation/suggestion etc).

@darthsidious3377 Жыл бұрын

hey Ben i would like to see both aproaches in order to be able to adapt to every single situation possible

@yamizaki7 9 ай бұрын

I definitely want to hear more about combining automation with manual hacking.

@loneliestwolf4228 Жыл бұрын

Eagerly waiting for nahamsec to release his new membership video on hacking a target

@Hruthwik Жыл бұрын

MANUAL APPRAOCH VIDEO NEEDED ASAP , THANKS

@Piyush-rz8kd Жыл бұрын

Awesome video my mentor ❤❤🎉🎉

@thatcyberlad 11 ай бұрын

Thank you so much for an awesome video..!!

@dominusfalchion8020 8 ай бұрын

I would love to learn Manual testing, I've been struggling for over a year now haven't even started hacking still trying to understand vulns please teach us the manual approach

@Mark71697 11 ай бұрын

Definitely would love to know more about manual and automated. I am brand new to this.

@Gamer-zo2dm Жыл бұрын

We're waiting the manual vs automated video ❤❤

@NahamSec Жыл бұрын

Soon :)

@christiangl6610 Жыл бұрын

I hope someday i'll be commenting here again celebrating my very first bounty.

@prospectchizororo5836 Жыл бұрын

It seems simple as you're saying when you're saying it like this, but it's intimidating out there...

@helalsadat2077 6 ай бұрын

If it was easy everyone would be doing it

@anotherguy9402 6 ай бұрын

It's KZbin. He's the one making 1k a month from bug bounties but it actually from bug bounty vids KZbin ad revenue 😂

@edvandromauricio7353 6 ай бұрын

@@anotherguy9402 shut up bro 😂😂😂😂

@ILoveGettingPegged Ай бұрын

You're all retards. First off OP, that logic is there because people look up videos too much and otherwise piss away time. It's resolved by going out and jumping in to it. KZbinr isn't making 1,000 a month from bounties. He never said how much he's making, you're just rudely assuming. And while I'm sure hes getting revenue from these videos, I doubt it is much. tl;dr stfu and do bug bounties

@hussainmakda6143 Жыл бұрын

In next video please give us more information about both manual and automated approach and if possible please tell some tools for both approach which are used commonly, and one more thing you are creating great videos hacking and bug bounty programs , thank you for sharing great contents

@shriyanssudhi4545 Жыл бұрын

Though automation is good, but I made more with manual

@OthmanAlikhan 9 ай бұрын

Thanks for the video =)

@ahmedahmedx9600 Жыл бұрын

Hi nahamsec, how you deal with frustration when you started bbh ?

@PhayulInspires Жыл бұрын

Thank you for this informative video, do you think it is good idea to pursue bug bounty after getting the OSCP?

@nnofficial2414 5 ай бұрын

Thank you!

@josephblack7408 Жыл бұрын

Wish me a luck for my first bounty

@Nastale Жыл бұрын

Thanks Nahamsec, I very appreciate if you go next video with manual method.

@webdesignsbytom 10 ай бұрын

wait full time and you only make a 1000 bucks?

@crunchied8 Жыл бұрын

i would like manual more than automated I am looking at packet type bugs

@jaypanchal9748 Жыл бұрын

both manual and automated approach like combination and make also some videos on some rare internal bug which is not disclosed by companies which was highest paid so talk about that also. thank you

@MarcelN1980 11 ай бұрын

Awesome! Will you update your coursev or create some more? 😊

@feedomomics8103 Жыл бұрын

Love you ben ❤️

@laurent9255 Жыл бұрын

Sometimes i find p1 bugs ( example: ssti ) that cannot be exploited at all despite all my efforts . It is weird because i find these bugs very quickly but since i cannot exploit them i do not report and i get very frustrated. I know i should collaborate but for now i prefer learning on my own .

@jannmoon Жыл бұрын

if you cant exploit them then they probably arent bugs 😊

@laurent9255 Жыл бұрын

My latest example: I could inject a ssti payload in email , playing with the "change email function". The payload was like +something{{7*7}} then i checked my emails and i received +something49 . Then i tried to read some template variables with this payload +something{{var1}}{{var2}}{{var3}} i received : +somethingFalseFalseFalse Obviously i didn't report since i could'nt go any further. As you mentioned for me it is not a real bug but though :(

@laurent9255 Жыл бұрын

ho the payload was in fact ...{{var1 != null}}...

@jxkz7 11 ай бұрын

I want to know more about manaul bug bounty hunting. Can you upload thats type of videos

@gamingworld2328 11 ай бұрын

thanks man🙏

@rickd8174 Жыл бұрын

I've been studying my ass off. I'll be happy if I find a $100 bounty.

@avainnovations587 Жыл бұрын

Care to collaborate on the journey? Studying my ass off here too.

@rickd8174 Жыл бұрын

@@avainnovations587 sorry I have to be able to do this on my own. Maybe after I'm comfortable knowing that I'm good enough to bring something to the table for collaboration.

@codeinspector Жыл бұрын

Studying my ass here also! I am I interested !

@avainnovations587 Жыл бұрын

@@codeinspector what's your Twitter handle or email?

@therelatableladka 11 ай бұрын

Studying my ass ass off man. I can feel you

@andreshernandez730 Жыл бұрын

@NahamSec is your Udemy course still relevant, where do I start learning?

@ethyhack Жыл бұрын

i want to know how much time should spend before given a up finding a vulnerability on a specific target.

@olabodeolaleye1795 Жыл бұрын

Am the first to comment you are my mentor ❤🎉❤🎉 I love your great work bro

@olabodeolaleye1795 Жыл бұрын

I follow you every social media platform I have and the notifications are always on 😂😂😂😂

@NahamSec Жыл бұрын

You are the best

@sigo2076 Жыл бұрын

Manual vs. Automatic

@codedsprit Жыл бұрын

Traditional approach, same thing. But what if one don't have any machine to do further, the condition where I am standing 😢

@prabhuchristopher1795 5 ай бұрын

How to buy course

@TheBenchPressBoss Жыл бұрын

Can you teach me im semi retired and been learnings python with no direction. Id like to make 1-2k month while doing ethical hacking.

@srikumarnimmala1042 2 ай бұрын

Thanks

@ragnarok55 Жыл бұрын

To days most of the companys before posting bug platform they are doing lot automated scannings using ai tools and internal security teams testings even 3rd party audits, after they are posting bug platforms me like new beginners can find any bug in real world success rate ???

@jaredelfaz2558 Жыл бұрын

found my first bug, but couldn't move any further :(, should I quit hacking for a while and learn Web development and get back to hacking? or should I do both in parallel? what would you do if you were in my place?

@jaredelfaz2558 Жыл бұрын

@@camelotenglishtuition6394 it was blind xss

@Zerefxstar Жыл бұрын

1st manual Then auto

@mehrankurd 3 ай бұрын

thanks

@lukeempty3386 Жыл бұрын

Any idea when the course will get an update?

@NahamSec Жыл бұрын

Soon! Working on labs is taking a bit longer than expected

@lukeempty3386 Жыл бұрын

@@NahamSec No worries. I've owned it a while and I'll wait for the update to go through it. Thanks for what you do man. Take it easy

@ArSiddharth Жыл бұрын

1:18

@ucheugbomah2228 7 ай бұрын

you are the best

@meljithpereira5532 Жыл бұрын

Are you active on twitch !!!

@NahamSec Жыл бұрын

I will be back soon :)

@JimmyNeutronAdHdCuzzin 7 ай бұрын

New to this comment section and a new subscriber. Would you recommend TCM bug bounty course or Hack The Box CBBH before trying

@ferdusalam7260 9 ай бұрын

manual like arch angel dougles day mindset .................

@arjunn7683 Жыл бұрын

BRO CAN CORS INCREASE IMPACT OF SUBDOMAIN TAKEOVER

@crusader_ Жыл бұрын

Both videos

@casualcaspero Жыл бұрын

Duuude 1000$/mo in Poland and im reach AF

@persiangopher Жыл бұрын

عاشقتم

@rdx8122 Жыл бұрын

I don't freaking understand why man ? just why ? i mean Nahamsec sir posts a video and maybe he will be thinking : "Ohh let me give this knowledge to my community people ", but here whenever i watch his new video i get the Motivation to hack more and more with the right positive mindset of a bug bounty hunter like Nahamsec 😂😂, also with new and crystal-clear knowledge and critical thinking,, Thank you very very much sir, i don't know if you have this idea that your content is helping this much to the newbies out there like me, really thank you very much by heart 💖💖💖💖

@NahamSec Жыл бұрын

get to hacking!

@rdx8122 Жыл бұрын

@@NahamSec For sure sir ! Sir i have a doubt if you can answer me please, sir i have a bug bounty program, but this web application has very less functionality, the product of this company is mainly the android app of games (gambling games), but they do have this website in scope, but this website doesn't have any login/upload/download functionality, but what it has is apis, api of payment api and other 2 apis, and simply the android app, and currently i am not into android apps, so should i hack this website for findinf my first valid bug ?? this website in based in my country india and this program is on indian bug bounty platform so many less people from outside india have looked on it, i tried, but should i spend some days into this program to find hidden assets if there are any, or just leave this and find a new program on hackerone ?

@Anonymous-cx7ht Жыл бұрын

First again ❤

@Mirza14 Жыл бұрын

Hello, if I'm new to Bug Bounty Hunting, would you recommend Web 2 or Web 3 bug hunting?

@NahamSec Жыл бұрын

I don't do any web3.0, so Web 2 forsure

@sz2131 8 ай бұрын

Bug Bounty is a Myth. Don’t fall in to it by hearing these guys

@darkalpha2701 Жыл бұрын

Manual pls

@Aditya_khedekar Жыл бұрын

manual

@geniusesml3700 Жыл бұрын

manuel plz or 50 / 50

@mr.bouttacheck6656 Жыл бұрын

Manual

@rahmat_qurishi Жыл бұрын

❤❤❤

@Birch_Lv Жыл бұрын

Manual. 😅

@brunoeligiopavesi6987 Жыл бұрын

these videos are all the same. Nothing new. Same things repeated again again and again.

@AbhishekTiwari-u8y Жыл бұрын

Avengers Assemble 😁😁

@ucheugbomah2228 7 ай бұрын

i am late 😮‍💨

@SleepyAizawa69 2 ай бұрын

Noice

@cguzmanvisuals Жыл бұрын

First!

@NahamSec Жыл бұрын

😮‍💨

@TheDa6781 7 ай бұрын

Ask yourselves people why would someone teach people to become his competition?

@NahamSec 7 ай бұрын

Because when I first started hacking, there wasn't a lot of resources for me to learn from. If it wasn't for me peers and friends publishing their write ups, I wouldn't have learned all the stuff I did! Those write-ups pushed me to the right direction. Not everyone has an agenda to teach you stuff to become their competition. :) And honestly, I don't think me giving you advice on how to approach bug bounties and learning how to hack is going to make someone my competition overnight.

@ishowmonkey5918 Жыл бұрын

HEHEEE yoo

@ishowmonkey5918 Жыл бұрын

if you don't mind can you please make a video in the MANUAL approach. i feel like manual is harder to wrap the head around than automation

@NahamSec Жыл бұрын

Will do!

@sssqqq-ik6hb 11 ай бұрын

Free Palestine 🇵🇸

@Scorpion_Yug 7 ай бұрын

Free Playstation

@bobanmilisavljevic7857 Жыл бұрын

Thank you for the info! 🦾🥳

@loneliestwolf4228 Жыл бұрын

manual approach please..........................!!!!!!!!!!!!!!!!!!!!!!!!

@iljabrudel6224 Жыл бұрын

Thank you for the video NahamSec, I would like to see a manual recorded approach how to for a target. I started like from your video How to (Bug Bounty Hunting in 2023)[kzbin.info/www/bejne/fHXIpoKeepqAnrc] with a VDP program (DoD) and trying to find any Bugs to build up confidence. For other viewers, you can re-evaluate your comfort level after watching the video by answering the following questions: 1. Mindset for Bug Bounty Hunting How does a positive mindset impact bug bounty hunting? Why is it essential to leave negativity behind when approaching bug bounties? How do CTF players' mindsets benefit them in bug bounty hunting? 2. Approach to Bug Bounty Hunting What are the pros and cons of automated vs. manual bug hunting? How can someone ensure their automated tools are up-to-date? Why might a manual approach be better for beginners? 3. Choosing the Right Bug Bounty Program How can one determine if a bug bounty program is active and worthwhile? Why might larger companies or applications be more lucrative for bug hunters? How can metrics like the number of bugs paid and average bounty amounts influence one's choice of a program? 4. Celebrating Small Wins Related Questions: Why is it important to celebrate small achievements in bug bounty hunting? How can celebrating small wins impact one's motivation and drive? What are some ways to celebrate these wins?