Bug Bounty bootcamp // Get paid to hack websites like Uber, PayPal, TikTok and more

preview_player
Показать описание
How to get experience with no experience? Have a look at bug bounty programs. Vickie Li demos Insecure Direct Object References (IDOR) and tells us how to get into bug bounty. We also discuss why her book Bug Bounty Bootcamp is a fantastic book to buy if you want to get into bug bounty. Get real world experience today.

// MENU //
00:00 - In plain text!
00:24 - Introducing//Vickie Li
00:58 - Part 1//The Interview
01:01 - Origin//Bug Bounty Bootcamp
03:37 - What are Bug Bounty Programmes?
05:26 - Part Time Bug Hunting?
05:44 - Easy Way to Get Experience
07:45 - Which Bug Bounty Programmes for Beginners?
10:51 - Beginners//Don't Compete with Pros
13:15 - Duplicates as Valid Experience
14:23 - What You Need to Start
14:59 - Linux//Do You Need It?
15:55 - Automate!//Which Programming Language?
18:03 - Beginner Friendly Vulnerabilities
21:17 - Part 2//Exploiting IDOR Vulnerability Demo
21:24 - What is IDOR?
22:51 - PortSwigger IDOR Lab
24:05 - Live Chat IDOR
24:48 - View transcript
25:12 - Burp Suite Intercept
26:05 - What to Look For//IDs Aren't Always Obvious
26:56 - Burp Suite//Looking Through Headers
27:56 - Burp Suite//Repeater
28:30 - Testing View Transcript Again
29:18 - GET Request//Identifying Exploitable Endpoint
30:26 - Modifying GET Request
31:35 - Finding the right headers to modify
33:47 - Why the first attempt didn't work
34:09 - IRL//What You Would Do
34:23 - Password in Live Chat Transcript
35:40 - How to Prevent IDORs
36:01 - IDORs//Worth Pursuing?
39:57 - Bug Bounties//How to Start
41:21 - Learn More!//Vickie's Blog
41:38 - Follow Vickie's Twitter!
41:52 - Thank You & Closing

// Books //

// Videos mentioned //

// Vickie's social media //

// Connect with David //

// Platforms mentioned //

// Connect with Nahamsec //

// MY STUFF //

// SPONSORS //

bug
bugs
bug bounty
hackerone
intigriti
bugcrowd
bugbounty
hacking
cyber
security
bug bounties
ethical hacking
bug bounty hunting
burp suite
ethical hacker
pentest certificate
red teaming
bug bounty tips
bug bounty for beginners
bug bounty course
pentest basics
bugcrowd
bugbounty
hack
bugs
python
linux

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Disclaimer: This video is for educational purposes only.

#python #hack #xss
  1. David Bombal
  2. idor
  3. Insecure Direct Object References
  4. bug bounty
  5. bugbounty
  6. hacking
Рекомендации по теме
Bug Bounty bootcamp 0:42:19

Bug Bounty bootcamp // Get paid to hack websites like Uber, PayPal, TikTok and more

If I Started 0:08:18

If I Started Bug Bounty Hunting in 2024, I'd Do this

Advice for bug 0:02:31

Advice for bug bounty beginners

'Bug Bounty Bootcamp' 0:04:40

'Bug Bounty Bootcamp' by Vickie Li - Book Review #1

Book Review: Bug 0:07:42

Book Review: Bug Bounty Bootcamp

Kickstart Your Bug 0:00:48

Kickstart Your Bug Bounty Career with Vickie's Bug Bounty Boot Camp

Best bug bounty 0:03:13

Best bug bounty training ground

How I made 0:01:28

How I made 200$ in 2 Minutes on Hackerone - Zomato Bug Bounty Program - POC

Vickie Li's Bug 0:00:53

Vickie Li's Bug Bounty Bootcamp shares her experience.

Bug Bounty Course 11:21:04

Bug Bounty Course 2024 Updated

Bug Bounty advice 0:00:54

Bug Bounty advice for beginners

MY BUG BOUNTY 0:05:27

MY BUG BOUNTY JOURNEY!

5 Books to 0:00:58

5 Books to get into bug bounty and web hacking #infosec #hacking #bugbounty #redteam #hackers

Easy $500 Vulnerabilities! 0:13:19

Easy $500 Vulnerabilities! // How To Bug Bounty

Beginner to Advanced 11:20:15

Beginner to Advanced Bug Bounty Hunting Course | 2022

How To Learn 0:07:25

How To Learn Bug Bounty Hunting - a Full Guide (2024)

Here's how to 0:00:16

Here's how to ACTUALLY start bug bounties

NahamSec - Bug 0:00:33

NahamSec - Bug Bounty is a good place to learn hacking #shorts

$780,000 with Bug 0:00:49

$780,000 with Bug Bounty 😳

The Truth About 0:11:31

The Truth About Bug Bounties

Vickie Li explains 0:02:14

Vickie Li explains what bug bounty is!

How To Start 0:11:38

How To Start Bug Bounty 2023

Bug Bounty expectations 0:00:09

Bug Bounty expectations vs Reality 😂🔥

Bug Bounties is 0:02:06

Bug Bounties is a way to get experience, without experience!

Комментарии
Автор

How to get experience with no experience? Have a look at bug bounty programs. Vickie Lee demos Insecure Direct Object References and tells us how to get into bug bounty. We also discuss why her book Bug Bounty Bootcamp is a fantastic book to buy if you want to get into bug bounty. Get real world experience today.

// MENU //
00:00 - In plain text!
00:24 - Introducing//Vickie Li
00:58 - Part 1//The Interview
01:01 - Origin//Bug Bounty Bootcamp
03:37 - What are Bug Bounty Programmes?
05:26 - Part Time Bug Hunting?
05:44 - Easy Way to Get Experience
07:45 - Which Bug Bounty Programmes for Beginners?
10:51 - Beginners//Don't Compete with Pros
13:15 - Duplicates as Valid Experience
14:23 - What You Need to Start
14:59 - Linux//Do You Need It?
15:55 - Automate!//Which Programming Language?
18:03 - Beginner Friendly Vulnerabilities
21:17 - Part 2//Exploiting IDOR Vulnerability Demo
21:24 - What is IDOR?
22:51 - PortSwigger IDOR Lab
24:05 - Live Chat IDOR
24:48 - View transcript
25:12 - Burp Suite Intercept
26:05 - What to Look For//IDs Aren't Always Obvious
26:56 - Burp Suite//Looking Through Headers
27:56 - Burp Suite//Repeater
28:30 - Testing View Transcript Again
29:18 - GET Request//Identifying Exploitable Endpoint
30:26 - Modifying GET Request
31:35 - Finding the right headers to modify
33:47 - Why the first attempt didn't work
34:09 - IRL//What You Would Do
34:23 - Password in Live Chat Transcript
35:40 - How to Prevent IDORs
36:01 - IDORs//Worth Pursuing?
39:57 - Bug Bounties//How to Start
41:21 - Learn More!//Vickie's Blog
41:38 - Follow Vickie's Twitter!
41:52 - Thank You & Closing

// Books //

// Videos mentioned //

// Vickie's social media //

// Connect with David //

// Platforms mentioned //

// Connect with Nahamsec //

// MY STUFF //

// SPONSORS //

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Disclaimer: This video is for educational purposes only.

davidbombal
Автор

I am big fan of Vickie Li. I have read Bug Bounty Bootcamp. After reading web hacking application edition 2. This is the best book for web application book.

youfanlimboo
Автор

I loved that ‘must be under 25 years old.... must have 35 years experience’ if that’s not the truth in absolutely every field. It’s quite ridiculous people with true passion and motivation are just thrown out to the curb. Your channel is a gold mine spewing with knowledge, thank you for helping everyone grow David!

deeznuts
Автор

David you just gave me what I wanted. I mostly hunt for IDORs… and I’m a great fan of Vickie Li’s articles and her book Bug Bounty bootcamp.👏🏽👏🏽👏🏽

bertrandfossung
Автор

David I know this has been said a lot but you're doing amazing and you're literally covering everything I am currently studying computer science and I share your channel with all of my friends who are into cybersecurity or networking

seif
Автор

I’m a huge fan of this book!! It was the first resource that gave me a true understanding of the topic; absolutely changed my life. Thrilled that you had her on the show! :)

bxnny
Автор

Looking for unpaid bugs sounds like a great idea! I’ve been struggling lately staying up after every is sleeping to study my way into cybersecurity and this sounds like it can be a nice confidence boost. Thanks again for the quality content!

sammcewan
Автор

Not affiliated at all but as of 12/3/22 4 of the 5 books mentioned are available on humble bundle for less than one of the hard copies.

mradams
Автор

Thank you David and Vickie for this Amazing great Video...!

vincentlivera
Автор

I wish I have found this video sooner. Thank you.

NemoScene
Автор

Fair play David is always bringing the top tier guests

bowsim
Автор

Great book. Highly recommended for beginner.

saneyalam
Автор

I never used burp, just the dev console of the browser for this, and it seems to do the job. Good practice is getting bugs in the Facebook games of the smaller startups. Games? Yes! Finding ways to bypass paying for in-game bonuses, messing with other users data (these IDORs), cross site scripting... You may not get paid but you'll be thanked (usually).

threeMetreJim
Автор

Good evening sir David I'm huge fan of Li and it's seems to be like you have changed subject from python to bugbounty hope you have a amazing weekend and see you in next week in marvellous content perfect coach.

esaelvladimir
Автор

Thank you David, Thank you Vickie for this eye opening video, book ordered :)

crouzilles
Автор

I am 30+ years old and I have decided to learn bug bounty.
I only know networking, os and a little bit of web development.
Don't know if I will succeed or not.
Trying my best.

Dheeraj_k
Автор

Thank you David and Vickie for this great video, it was informative and fun to watch.

ko
Автор

Great video and guest, the concepts were given in a succint yet informative manner.

JonBeeee
Автор

Thank you David for another amazing interview and for exposing me to Vickie Lee

purpleman
Автор

Hi Mr. David. Can you please tell us some important topics to learn to get a junior pentester job or something like that?
Or perhaps you can interview someone related to offensive security and ask them this question?

are