How to get experience with no experience? Have a look at bug bounty programs. Vickie Lee demos Insecure Direct Object References and tells us how to get into bug bounty. We also discuss why her book Bug Bounty Bootcamp is a fantastic book to buy if you want to get into bug bounty. Get real world experience today. // MENU // 00:00 - In plain text! 00:24 - Introducing//Vickie Li 00:58 - Part 1//The Interview 01:01 - Origin//Bug Bounty Bootcamp 03:37 - What are Bug Bounty Programmes? 05:26 - Part Time Bug Hunting? 05:44 - Easy Way to Get Experience 07:45 - Which Bug Bounty Programmes for Beginners? 10:51 - Beginners//Don't Compete with Pros 13:15 - Duplicates as Valid Experience 14:23 - What You Need to Start 14:59 - Linux//Do You Need It? 15:55 - Automate!//Which Programming Language? 18:03 - Beginner Friendly Vulnerabilities 21:17 - Part 2//Exploiting IDOR Vulnerability Demo 21:24 - What is IDOR? 22:51 - PortSwigger IDOR Lab 24:05 - Live Chat IDOR 24:48 - View transcript 25:12 - Burp Suite Intercept 26:05 - What to Look For//IDs Aren't Always Obvious 26:56 - Burp Suite//Looking Through Headers 27:56 - Burp Suite//Repeater 28:30 - Testing View Transcript Again 29:18 - GET Request//Identifying Exploitable Endpoint 30:26 - Modifying GET Request 31:35 - Finding the right headers to modify 33:47 - Why the first attempt didn't work 34:09 - IRL//What You Would Do 34:23 - Password in Live Chat Transcript 35:40 - How to Prevent IDORs 36:01 - IDORs//Worth Pursuing? 39:57 - Bug Bounties//How to Start 41:21 - Learn More!//Vickie's Blog 41:38 - Follow Vickie's Twitter! 41:52 - Thank You & Closing // Books // Bug Bounty Bootcamp: amzn.to/3K2YDeJ The Web Application Hacker's Handbook: amzn.to/3IZ2RTr Hacking API’s by Corey J Ball: amzn.to/3JOJG0E Alice and Bob learn application security by Tanya Janca: amzn.to/3oMyMij Automate the boring stuff with Python: amzn.to/3N2QuYu // Videos mentioned // Nahamsec: kzitem.info/news/bejne/mqyXq6uvnJelbGU Corey Ball: kzitem.info/news/bejne/pKGM3HZrsKGChYI Tanya Janca: kzitem.info/news/bejne/z6-e36iKa6aDgWU Al Sweigart: kzitem.info/news/bejne/mJ9416OZZnarh4Y // Vickie's social media // Twitter: twitter.com/vickieli7 Website: vickieli.dev/ KZitem: kzitem.info/rock/jQHiY2JeOkBamHSg_6UeFw Medium: vickieli.medium.com/ // Connect with David // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZitem: kzitem.info // Platforms mentioned // HackerOne: www.hackerone.com/ bugcrowd: www.bugcrowd.com/ Intigriti: www.intigriti.com/ Huntr: huntr.dev/ // Connect with Nahamsec // Twitter: twitter.com/nahamsec KZitem: kzitem.info Github: github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters Discord: discord.com/invite/ysndAm8 Instagram: instagram.com/nahamsec/ LinkedIn: www.linkedin.com/in/nahamsec/ Twitch: www.twitch.tv/nahamsec Website: nahamsec.com/ // MY STUFF // Monitor: amzn.to/3yyF74Y More stuff: www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.
@lawdalamail4551
2 жыл бұрын
Sir please do video on how to hack wifi using termux without route and without wifi adaptor
@jamesmarsh9655
Жыл бұрын
what websites that offer bug bounties?
@TheGreyLineMatters
Жыл бұрын
I'm not sure how many of us out there know how to disable Microsoft's Intel Management Engine and still have a functional computer to use, but I sure hope it never gets discovered by your lot. It's unfortunate that "hackers" have gone from free knowledge activists to capitalists in such a short span, but I'm sticking to my roots and I sure ain't telling, not even for all the money Microsoft has.
@bertrandfossung1216
2 жыл бұрын
David you just gave me what I wanted. I mostly hunt for IDORs… and I’m a great fan of Vickie Li’s articles and her book Bug Bounty bootcamp.👏🏽👏🏽👏🏽
@davidbombal
2 жыл бұрын
Very happy to hear that! Vickie's good is fantastic.
@AerosDaDinoHoodie
Жыл бұрын
I just got her book the other day, and I'm about halfway through. It's an excellent book! Very well written, gives a security novice like me a great introduction to the common web vulnerabilities.
@bxnny0374
Жыл бұрын
I’m a huge fan of this book!! It was the first resource that gave me a true understanding of the topic; absolutely changed my life. Thrilled that you had her on the show! :)
@deeznuts1358
Жыл бұрын
I loved that ‘must be under 25 years old.... must have 35 years experience’ if that’s not the truth in absolutely every field. It’s quite ridiculous people with true passion and motivation are just thrown out to the curb. Your channel is a gold mine spewing with knowledge, thank you for helping everyone grow David!
@batserke6006
Жыл бұрын
There are ways arround that, just be creative.
@AnotherSkyTV
Жыл бұрын
...and must be willing to work at intern's pay with that experience 🤷🏻
@sammcewan3834
2 жыл бұрын
Looking for unpaid bugs sounds like a great idea! I’ve been struggling lately staying up after every is sleeping to study my way into cybersecurity and this sounds like it can be a nice confidence boost. Thanks again for the quality content!
@youfanlimboo6158
2 жыл бұрын
I am big fan of Vickie Li. I have read Bug Bounty Bootcamp. After reading web hacking application edition 2. This is the best book for web application book.
@davidbombal
2 жыл бұрын
Both are great books!
@miscellaneouszone
2 жыл бұрын
Wow
@ItzShinePlayz
2 жыл бұрын
I didn't read any books💀 I read oni 1 or 2
@uwaborsimon7525
2 жыл бұрын
Am simon by name, am a newbie on ethical hacking please help me out I really want to go deep on the course
@mdmonsurbeg
2 жыл бұрын
@@davidbombal yeah , david your right! Web App Hackers Handbook & Bug Bounty Bootcamp both are great! But Web App hackers handbook 2 is Little bit old... But also an great book...!
@mradams101
Жыл бұрын
Not affiliated at all but as of 12/3/22 4 of the 5 books mentioned are available on humble bundle for less than one of the hard copies.
@knowledgedose1956
Жыл бұрын
is it 3rd of December or 12th of March😂
@mradams101
Жыл бұрын
@@knowledgedose1956 😂😂😂 December 12
@saneyalam7434
Жыл бұрын
Great book. Highly recommended for beginner.
@crouzilles37
Жыл бұрын
Thank you David, Thank you Vickie for this eye opening video, book ordered :)
@esaelvladimir3672
2 жыл бұрын
Good evening sir David I'm huge fan of Li and it's seems to be like you have changed subject from python to bugbounty hope you have a amazing weekend and see you in next week in marvellous content perfect coach.
@davidbombal
2 жыл бұрын
I'm covering a lot of different topics on the channel. Are you looking for more Python videos?
@esaelvladimir3672
2 жыл бұрын
@@davidbombal oh 👌 yeah David you got me😁
@threeMetreJim
Жыл бұрын
I never used burp, just the dev console of the browser for this, and it seems to do the job. Good practice is getting bugs in the Facebook games of the smaller startups. Games? Yes! Finding ways to bypass paying for in-game bonuses, messing with other users data (these IDORs), cross site scripting... You may not get paid but you'll be thanked (usually).
@1ko9
Жыл бұрын
Thank you David and Vickie for this great video, it was informative and fun to watch.
@Dheeraj_k18
2 жыл бұрын
I am 30+ years old and I have decided to learn bug bounty. I only know networking,os and a little bit of web development. Don't know if I will succeed or not. Trying my best.
@idreesgul
Жыл бұрын
Anyone can do that, Just keep it up, stay motivated and keep learning
@JonBeeee
2 жыл бұрын
Great video and guest, the concepts were given in a succint yet informative manner.
@jorde40oz
2 жыл бұрын
Hi David, I see you have a wealth of knowledge (your bookshelf) while in this video, Vickie appears to have an eye for creativity. My question to you is ''How important is the left brain/right brain according to your line of work? Thanks and keep up the good work!
@ProfessorOfCookies
2 жыл бұрын
I had no idea the stuff I was doing on forums back in the day was an actual exploit ahaha good to learn :D Also damn IDOR exploits have been around for so long (I was messing with forums over 20 years ago now lol)
@saleemahmed8302
2 жыл бұрын
Thanks a lot David for this video. I needed a video on website hacking badly. Thanks again. Please do more videos on website hacking and website pentesting.
@macktheripper7454
Жыл бұрын
Have you looked into dvwa?
@mrmuffin5046
2 жыл бұрын
You should do episodes explaining real life hacks that’s happening in the real world today.
@josepablofernandez5045
2 жыл бұрын
Great video! Thanks David and Vickie
@lordofallworlds9244
2 жыл бұрын
Hey David 💪🏽, would you happen to have any friends in cyber law? It's a super underrated topic that I would love to learn more of
@Lovepreet_mehrok
2 жыл бұрын
Good mentoring video. Great Job David ! Thanks for inspiring people to this field.
@andreiacatarinapereiramont5784
Жыл бұрын
Very Informative, helpful and Educational video! Thx for the tutorial man!
@srikeshmaharaj
2 жыл бұрын
Amazing Video David... Your guests are the best! Being a Vickie Li follower, I was extremely excited to view this. Thank you once again.. This channel just gets better after every post!!
@macktheripper7454
Жыл бұрын
A great guest .. very valuable 👌 thank you to you both
@mohammedaminelm7836
Жыл бұрын
Love your videos. It helped me a lot! Thank you!!
@weatherdonemulenga9711
2 жыл бұрын
We thank you very much for these videos David, you really inspires us to keeping on learning and see the side of real world of what we are learning.
@qkb3128
2 жыл бұрын
Bought the book can’t wait to check this out I’ll let you know what I think.
@duscraftphoto
2 жыл бұрын
Great video! Always love your content. Now I feel like I need to pick up another one of your guests’ books… your fans will end up paying the light bill at No Starch ha ha!
@myhackertech
2 жыл бұрын
Useful for those starting out in BBH
@nephildevil
Жыл бұрын
How does it with asking permission to hack them? if you dont ask firs they can sue you
@GGLyrics21
2 жыл бұрын
How to get experience with no experience?
@Rise_and_Shine1
2 жыл бұрын
Best Video Sir
@davidbombal
2 жыл бұрын
Thank you!
@ranjanadissanayaka5390
2 жыл бұрын
really great video..thanks for both of you.😀
@hans7714
2 жыл бұрын
Thanks a lot David and Vickie...
@SantoshKumar-vd7ft
2 жыл бұрын
thank you so much for teaching us..
@uwaborsimon7525
2 жыл бұрын
Am new on this course
@uwaborsimon7525
2 жыл бұрын
Am new on this course
@ando440
2 жыл бұрын
Great interview and awesome advice 👏
@mvip4927
Жыл бұрын
You really good at explaining thank you
@EliteMindsetJourney
2 жыл бұрын
Awesome 👍 Sir
@davidbombal
2 жыл бұрын
Thank you!
@cartoonchannel5584
Жыл бұрын
Thank you man for sharing this stuff
@fakhrioficial8061
Жыл бұрын
thank you for sharing this with us!!!
@lofi-chillstep
Жыл бұрын
I have no linux knowledge nor basic IT. I'm 31 and my 1st cell phone was at 17. So where should I start? Coding languages first or basic IT terms. School? Or online academies ??
@rdx8122
Жыл бұрын
This guy, David, really man, i mean seriously this guy earns from youtube by just posting his video calls with some guys in his field 😂😂
@dew3darchitecture998
2 жыл бұрын
Open soft soft and press F1 and you’ll never be a noob again
@Giusep_A1
2 жыл бұрын
I'm in africa and I'd like to get those books how can I do to get them plz
@davidbombal
2 жыл бұрын
Amazon is a good place to buy them I've found. But, that will depend I suppose on where you are in Africa.
@AS-ew9fb
2 жыл бұрын
@@davidbombal best way for him is to get digital book, and can read on any smart device as in terms of kindle app, and buy digital book is cheaper than paperbook.
@Giusep_A1
2 жыл бұрын
@@AS-ew9fb thanks I think this will be easy
@abrarfaiyazkhan6242
2 жыл бұрын
Here, I live in a country where a hacker found a serious bug in the website of the Govt Telecommunications company which controls all the telecommunication things.... He informed the office but they did not pay any heed to him, let alone getting paid 😂😂😂😂😂😂. So, he hacked the website and got the server down for a certain time....
@abrarfaiyazkhan6242
2 жыл бұрын
@@afzalhussain8817 I don't want to share...
@abrarfaiyazkhan6242
Жыл бұрын
@@afzalhussain8817 If I could tell the reason then I could also tell you the name of the country
@threeMetreJim
Жыл бұрын
Sounds like Spain and the precursor to wannacry. I knew someone that got that malware, and it seemed to come via their internet connection (they were using a mobile dongle and a vulnerable version of windows).
@rconlinetech4495
2 жыл бұрын
Please make a video on, How to trace mobile with IMEI number?
@inknoidrobot1227
2 жыл бұрын
I love all of this. It's a bug in my cellphone that keeps deepfakeing me as if I work for the FBI. So I can be murder on the eastern Shore VA. But I'm going to figure this out and alleviate this bug.
@Yash15361
2 жыл бұрын
Love your content :}
@UBCATamilselvanTBCA
2 жыл бұрын
Does most of the bug bounty hunters are using the scripts, scanners to get bugs Does all the companies allows to use scripts and scan for bug bounty
@krishg767
2 жыл бұрын
Keep it up sir ... Nice video
@yusufjansen3126
2 жыл бұрын
Alissa Knight is also an expert in hacking API's
@jon636374
Жыл бұрын
TO ANYONE who is interested!!! There is a hacker book bundle available on HUMBLE BUNDLE! It is ALL from NO STARCH PRESS and BUG BOUNTY BOOTCAMP is in there! As well as HACKING APIs and BLACK HAT PYTHON 2nd ed. many more are on there as well for £30.44 combined. the total value of the bundle is £548. You can get it for £30. Individually most of the books are atleast £20-£40. If you are interested. It is up for 20 days from the day I am posting this.
@artyommart
2 жыл бұрын
Should I learn Linux with WSL, or it is a bad idea(I have heard that it's not real linux, like Docker and other things don't work very well)?
@syamkarni
2 жыл бұрын
Thank you david
@LearnWithBahman
2 жыл бұрын
Can you introduce resources for developers who want to become better web dev? My main focus is Javascript and python and Stanford have a good course about Security in Javascript and Node...looking for similar source to avoid writing insecure code or have checklist. I know 100% security is not possible however I look to learn to avoid 80% mistakes that could be avoided by putting resealable amount of time. (100-200 hours of studying).
@tyrojames9937
2 жыл бұрын
Interesting!
@gamesstatusglerygames6864
2 жыл бұрын
thank you m8! big 'preciation!
@faizankhd
2 жыл бұрын
how much programming skilss
@nathanaelmehari1909
3 ай бұрын
3:34 looks like he is Maksim Yakubets
@charlscomedy3993
2 жыл бұрын
Please I need a book
@ibrahimbah4234
Жыл бұрын
Any way to get the book for free?
@Fuzzycap
2 жыл бұрын
Is it actually websites to teach bug bounty?? Like freecodecamp or Odin project??
@Z0nd4
2 жыл бұрын
Hey David, thanks for this interview videos! So usefull. I am preparing to take the CEH in two weeks. Your videos somehow help me to illustrate the study content. Appreciate
@programmerdev7251
2 жыл бұрын
good video
@evilthrei013
2 жыл бұрын
nice video
@ianlestherbacus8095
2 жыл бұрын
Hello David! Do you have a tutorial where we can try to hack a social media using hydra or other tools. Do you also have a tutorial where we can track someone's device without installing something on the target's device. I'm just curious on how to do it and just asking for educational purpose only. Thanks
@threeMetreJim
Жыл бұрын
Send a url of a page that uploads the position of the device in a message. You'll have to social engineer it so that the target will click allow for positioning and click the link in the first place (if they don't, then they don't get whatever the temptation used is). May only work once, but is ok if you get the timing right. KZitem rules don't allow tutorials like that.
@47minutes39
2 жыл бұрын
image/pdf exploit rat tool one video plz sir
@bigprogramming579
2 жыл бұрын
Hey David, I have a question, If I want to get started with ethical hacking(probably not as a career) I think I will need to start with absolute basics of cyber security first but all the basic cyber security courses I saw on youtube mainly, were quiet old according to me and I am not also sure how to start with cyber secuirty as a hobby if I want to, so can you tell me a course or just a general road map or just how should I start with cyber security if I want to or what should I do. Thankyou.
@macktheripper7454
Жыл бұрын
This wasn't for me but sign up to try hack me. They have an absolute beginner path which will teach you all the background stuff up to intermediate / advanced.. good luck 👍
@bigprogramming579
Жыл бұрын
@@macktheripper7454 Thankyou, I will give it a try and thankyou for the wishesh.
@ghostgaming-78-l5l
2 жыл бұрын
Hey David I’m trying to install black arch Linux and I’m stuck on the rootfs what is the command I need to put in
@xerox290
2 жыл бұрын
Sudo _ps aux | grep
@ghostgaming-78-l5l
2 жыл бұрын
@@xerox290 doesn’t work
@tonyvelasquez6776
2 жыл бұрын
@@ghostgaming-78-l5l go on stack overflow not youtube lmao
@ghostgaming-78-l5l
2 жыл бұрын
@@tonyvelasquez6776 KZitem shows the videos and there is people on here that is experts
@tonyvelasquez6776
2 жыл бұрын
@@ghostgaming-78-l5l there are 10000000x as many experts on stack overflow. I doubt David bombal knows anything about black arch. He's a cisco guy
@gjfmaker
2 жыл бұрын
Okay, okay yes, I get tNice tutorials and I get that-
@alimuhammadlearns
11 ай бұрын
I'm watching with 144p and pretending like I got everything she told LOL
@muzammildharwadkar8101
Жыл бұрын
❤
@henoktekeba1797
2 жыл бұрын
👍
@omkargadave1089
Жыл бұрын
❤❤❤❤❤❤👍👍👍👍👍
@oksanatulpa7984
2 жыл бұрын
I am not allowed , even to publish any provocative stuff . It's not because "Putin" . It's because of my children )
@TryorDie2024
Ай бұрын
Think about it if a guy really was a millionaire do you think he would spend so much time on KZitem? Come on don't be so stupid
@woutervanneerrijnen9129
2 жыл бұрын
Hey guys, what do you find the best site(s) to stay up to date with the newest found exploits/ cves? To help your company stay safe and help others to do the same.
@bravo-6900
2 жыл бұрын
So basic book most of attacks don't work IRL. Beginners rather take a glimpse on owasp testing guide and source code review and portswigger for rescue
@Badyoda
2 жыл бұрын
Thank you for this video, I wanted to start bug bounty but didn't know how and from where to start now I know
@Azalga1
Жыл бұрын
Great video, i'm a student and was looking a job or some mission to earn some money and build expérience in cybersecurity do some thing like try hack me but i always doubt of my skill, the bug bounty and seems good to build some exp and build skill in real thing not controled ctf for exemple
@seif9923
2 жыл бұрын
David I know this has been said a lot but you're doing amazing and you're literally covering everything I am currently studying computer science and I share your channel with all of my friends who are into cybersecurity or networking
@Jianju69
2 жыл бұрын
I honestly thought this said "Big Booty Bootcamp". Time for a new glasses prescription...
@NemoScene
Жыл бұрын
I wish I have found this video sooner. Thank you.
@vincentlivera2948
4 ай бұрын
Thank you David and Vickie for this Amazing great Video...!
@are223
2 жыл бұрын
Hi Mr. David. Can you please tell us some important topics to learn to get a junior pentester job or something like that? Or perhaps you can interview someone related to offensive security and ask them this question?
@davidbombal
2 жыл бұрын
Lots of videos like that on my channel. Have a look at this playlist as a start: kzitem.info/door/PLhfrWIlLOoKPqmsoVb0STYzw4IaTe1fxn
@are223
2 жыл бұрын
@@davidbombal Thanks David, I am new to this channel so I didn't know where to look. Sorry if I disturbed you.
@TonyShasta
Жыл бұрын
@@are223 Don't be disturbing David!
@trenvert123
Жыл бұрын
When people start selling shovels, that should tell you that the gold mine is empty.
@bowsim
2 жыл бұрын
Fair play David is always bringing the top tier guests
@abdulmuntasirmasum7914
2 жыл бұрын
Mr. Bombay, is there any bug bounty video course that you recommend.
@johnr39
13 күн бұрын
If her book is explained the way she was "explaining" how to find bugs/ vulnerabilities in this video then i rather buy a burger and ask a homeless dude to teach me how to find bugs.
@ItzShinePlayz
2 жыл бұрын
integrity of Cybersecurity 💀
@TheConstantLearnerGuy
2 жыл бұрын
:)
@miscellaneouszone
2 жыл бұрын
Thank you for this great content.
@sahilharad9222
7 ай бұрын
Great content !!!
@testpatel
Жыл бұрын
what if a pentester who is testing application of a company gets caught and his/her ip is traced under bug bounty program than what happens? is it considered safe ? will company take any action against a pentester or a bug hunter who is searching vulnerability?
@threeMetreJim
Жыл бұрын
I used to bug hunt for fun. Never a member of a bounty program. As long as you don't do anything stupid/damaging, and notify the company about the problem, everything should be ok. Only ever got money from Facebook, but a thank you from various other places (and the bugs being fixed).
@ahmedraza-nl7ro
Ай бұрын
@@threeMetreJim could you help me ?
@yamashita8822
Жыл бұрын
I'm crushing on her😍, she is soon intelligent and wise. Wonderful content, learned a ton🔥💖
@nnofficial2414
4 ай бұрын
Amazing!
@lawdalamail4551
2 жыл бұрын
David please do video on how to hack wifi using termux without route
@taiquangong9912
Жыл бұрын
Are books still viable for learning or is it too slow, due to the speed of things?
@purpleman173
2 жыл бұрын
Thank you David for another amazing interview and for exposing me to Vickie Lee
@ibnuaufar7584
2 жыл бұрын
Hi David, Just curious, is there any e-book for this?
Пікірлер: 160