Practical Bug Bounty

Рет қаралды 77,853

Күн бұрын

www.tcm.rocks/KeeperDemo Keeper Security’s next-gen privileged access management solution delivers enterprise-grade password, secrets and privileged connection management in one unified platform. Request a demo on how you can protect your organization against cyber threats with zero-trust Enterprise Password Management (EPM). www.tcm.rocks/KeeperDemo
Check out the full Practical Bug Bounty course here: www.tcm.rocks/PracticalBugBounty
You can sign up for Intigriti's Program here: www.tcm.rocks/IntigritiSignUp
Labs for this video: drive.google.com/file/d/1RhCn...
Sponsor a Video: www.tcm.rocks/Sponsors
Pentests & Security Consulting: tcm-sec.com
Get Trained: academy.tcm-sec.com
Get Certified: certifications.tcm-sec.com
Merch: merch.tcm-sec.com
0:00:00 - Intro
0:03:00 - Keeper Security Sponsorship
0:03:48 - Course Introduction
0:10:02 - Importance of Web App Security
0:16:26 - Web App Security Standards and Best Practices
0:29:57 - Bug Bounty Hunting vs Penetration Testing
0:40:16 - Phases of a Web App Pentest
0:57:36 - CryptoCat Introduction
0:59:19 - Understanding Scope, Ethics, Code of Conduct, etc.
1:13:29 - Common Scoping Mistakes
1:37:59 - Installing VMWare / VirtualBox
1:41:14 - Installing Linux
1:50:20 - Lab Installation
1:57:36 - Web Technologies
2:02:14 - HTTP & DNS
2:05:47 - Fingerprinting Web Technologies
2:18:00 - Directory Enumeration and Brute Forcing
2:38:07 - Subdomain Enumeration
2:55:43 - Burp Suite Overview
3:34:35 - Introduction to Authentication
3:36:11 - Brute-force Attacks
3:43:11 - Attacking MFA
3:48:38 - Authentication Challenge Walkthrough
3:58:38 - Intro to Authorization
3:59:48 - IDOR - Insecure Direct Object Reference
4:06:15 - Introduction to APIs
4:11:04 - Broken Access Control
4:19:33 - Testing with Autorize
4:27:02 - Introduction to LFI/RFI
4:28:39 - Local File Inclusion Attacks
4:32:59 - Remote File Inclusion Attacks
4:40:37 - File Inclusion Challenge Walkthrough
4:45:05 - Conclusion
📱Social Media📱
___________________________________________
Twitter: / thecybermentor
Twitch: / thecybermentor
Instagram: / thecybermentor
LinkedIn: / heathadams
TikTok: / thecybermentor
Discord: / discord
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
/ thecybermentor
Support the stream (one-time): streamlabs.com/thecybermentor
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: amzn.to/31GN7iX
The Hacker Playbook 3: amzn.to/34XkIY2
Hacking: The Art of Exploitation: amzn.to/2VchDyL
The Web Application Hacker's Handbook: amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: amzn.to/31HAmVx
Linux Basics for Hackers: amzn.to/34WvcXP
Python Crash Course, 2nd Edition: amzn.to/30gINu0
Violent Python: amzn.to/2QoGoJn
Black Hat Python: amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: amzn.to/30d1UW1
EVGA 2080TI: amzn.to/30d2lj7
MSI Z390 MotherBoard: amzn.to/30eu5TL
Intel 9700K: amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: amzn.to/2M638Zb
Razer Nommo Chroma Speakers: amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: amzn.to/31MOgpu
My Recording Equipment:
Panasonic G85 4K Camera: amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: amzn.to/2LIRxAp
Aston Origin Microphone: amzn.to/2LFtNNE
Rode VideoMicro: amzn.to/309yLKH
Mackie PROFX8V2 Mixer: amzn.to/31HKOMB
Elgato Cam Link 4K: amzn.to/2QlicYx
Elgate Stream Deck: amzn.to/2OlchA5
*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.

Пікірлер: 77

@jasperthetom 5 ай бұрын

This free video covers a lot more topics than a course. I really appreciate what you guys are doing. I really like watching your videos. Love from India Sir.

@husseindhooma5816 5 ай бұрын

Thank you, Heath, for providing us with this amazing information, we all need to learn the Practical aspects of Bug Bounty especially for some of us that would like to earn some extra cash.

@4b5urd. 5 ай бұрын

I"ve got a subscription to TCM Academy but I just wanted to show some love here. You guys are awesome. Thanks for all you do for the community

@Erubius37 5 ай бұрын

Taking the PJWT (the relevant cert for this course) tomorrow! Massively excited to put what I’ve learned to the test!

@hendrasetiawan7220 5 ай бұрын

Good luck! I wanna take it too

@_CryptoCat 5 ай бұрын

Good luck! 💜

@PAW15622 5 ай бұрын

Good luck my friend

@lalalala3235 5 ай бұрын

Good Luck!

@abeamin9182 5 ай бұрын

Good luck!

@siddharthraychaudhuri7250 5 ай бұрын

Thanks, guys. I bought the Pnpt and a 3 month membership mainly for this course, during the sale. Thought I'd be able to complete it too with PNPT. Kinda overestimated myself and am still working through PEH. 10th March my monthly subscription ends, and I don't think I can afford it anymore. Was really sad that this one will remain incomplete. At least now I know that even if my subscription ends, I can still cover some part of the curriculum because of this upload.😢

@agp436 3 ай бұрын

How's is the tcm Security Courses?? Are they worth it in terms of skills and do they provide practical lab to practice??

@martinlastname8548 5 ай бұрын

Currently doing the PNPT. Enjoying it. More so than the PEN-200

@dhruvildesai8378 5 ай бұрын

Thank you, Heath, for providing us with this amazing information!

@adarshsingh4693 3 ай бұрын

What you learned after completing this ?

@butler_NA 5 ай бұрын

I love this! Thank you so much!

@bikramshiwakoti 5 ай бұрын

Can't believe this premium content available for free

@Resh7374 Ай бұрын

Awesome video guys, thanks. Ill be coming over to your website to take some training soon.

@TCMSecurityAcademy Ай бұрын

Awesome! Here's a link to our bug bounty course: www.tcm.rocks/pbb-y

@BongzandTakudzwa 5 ай бұрын

Thank you Heath

@johnsnow1062 5 ай бұрын

Great resource for 2024

@javierarzon4853 5 ай бұрын

Love your Videos......awesome

@MFoster392 5 ай бұрын

Awesome, I'm doing this on the TCM website right now. :)

@Manas0_0 5 ай бұрын

Is this the exact first part of that website course?

@MFoster392 5 ай бұрын

Yes this is the first half of the practical bug bounty he also has a free complete course on ethical hacking if you're wanting to be a Penetration Tester kzbin.info?search_query=practical+ethical+hacking+-+the+complete+course @@Manas0_0

@fuzelmultani2290 5 ай бұрын

i love you TCM.

@TravelWithMufaa 4 ай бұрын

Hey.... Dear, Can I run this BugBounty-v1.1 LAB on my Windows OS...???

@ibtesamRicky 2 ай бұрын

Thanks always for the free content. Can we get the Detection engineering for beginners course content please? Thank you!

@_CryptoCat 5 ай бұрын

Let's go! 🔥

@anonyghost7422 5 ай бұрын

Heath with another fat W taking care of the noobs (like me) !

@AbdelrahmanMagdy-ny9wy 23 күн бұрын

im having trouble with the api labs, server keeps responding with missing fields and i didn't manipulate the prepared requests, i copy pasted them into my terminal.

@gandalfthegrey2777 3 ай бұрын

I am having a problem, I cannot open the Lab locally, what is the local host port it's running on? In the video he just went to localhost without any port or IP

@meh.7539 5 ай бұрын

@16:40 I thought the dog snoring in the background was mine.

@profesurtom 26 күн бұрын

i want to give italian kiss to this course>>>>>😗

@carsmadness8555 2 ай бұрын

i have a question. in the rules for azena program. it said request_header: X-Intigriti-Username: {Username} how to add it?

@Prateek_d_y Ай бұрын

i have gone through a lot of setting check but still my browser says "proxy server refusing connections"...

@yooyoo2903 11 күн бұрын

Please upload the full course

@soanzin 4 ай бұрын

I have a doubt. IF the scope says that automation tools are not allowed, is this related only for vuln scanners or to all other tools, like directory/asset discovery. Tools like ffuf, gobuster, etc.

@prathmeshchaudhari7613 4 ай бұрын

It's related to vulnerability scanners only like nuclei

@soanzin 4 ай бұрын

@@prathmeshchaudhari7613 Good to know .. thanks !!

@prathmeshchaudhari7613 4 ай бұрын

@@soanzin welcome!

@andrewthurstenson3359 Ай бұрын

If anyone else ran into an error when setting up the lab stating "'172.20.0.4' is not allowed to connect to this MySQL server in /var/www/html/db.php". I was able to resolve this by removing the volumes for the mysql container, bb-db, in the compose file

@saminbinhumayun858 4 ай бұрын

If there is scope given in bb program do we need to do directory bruteforcing?

@orionblu3 3 ай бұрын

Brute force the domain that's in scope at a rate that won't flood the programs defense team

@ellerionsnow3340 5 ай бұрын

Aye!

@d3crypt_m3 25 күн бұрын

Capstone folder is missing in Google drive link

@user-hq7pq9rm3q 4 ай бұрын

Very awesome Content

@khadijaijaz6428 21 күн бұрын

Is it a full detail course on bug bounty?

@johnsnow1062 5 ай бұрын

Cool

@youtubeshort2068 5 ай бұрын

How to download lab ?

@tiknikalsupport 5 ай бұрын

❤

@abdulmalik_1_2_0_5 3 ай бұрын

Please sir hope you are having a wonderful time How can i get the course lab sur

@eyezikandexploits 5 ай бұрын

Do i have to pay for the course completion certificate?

@eyezikandexploits 5 ай бұрын

Or is it for a lack of better terms; free to play

@anonyghost7422 5 ай бұрын

@@eyezikandexploits You will have to sign up in order to unlock the rest of the course and get the certificate of completion. A monthly membership is around $30 USD