$20,000 In Bounties From Hacking Into A Prison

Рет қаралды 11,788

3 ай бұрын

📚 Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
💵 Support the Channel:
You can support the channel by becoming a member and get access exclusive content, behind the scenes, live hacking session and more!
☕️ Buy Me Coffee:
www.buymeacoffee.com/nahamsec
JOIN DISCORD:
discordapp.com/invite/ucCz7uh
🆓 🆓 🆓 $200 DigitalOcean Credit:
m.do.co/c/3236319b9d0b
💬 Social Media
- / nahamsec
- / nahamsec
- twitch.com/nahamsec
- / nahamsec1
#bugbounty #ethicalhacking #infosec #cybersecurity #redteam #webapp

Пікірлер: 43

@agustinothadeus 3 ай бұрын

I always keep learning new things whenever I watch your videos. Thank you Nahamsec & Jason, you are making the way a whole lot easier for a bunch of people like me interested in bug bounty. I really can't thank you enough

@pkmumbreon937 3 ай бұрын

This was a treasure trove of extremely useful info about the thought process pivoting from point to point and things to keep in mind when looking at applications.

@1DRS 2 ай бұрын

Thats an incredible content .thanks a lot to both of you guys .

@aliveli-zq5gt 3 ай бұрын

I watched, learned, applied the mdisec series, and here I am... What you're explaining seems very simple to me. I guess MDI is pushing us too hard :)

@d8rh8r35 3 ай бұрын

Really solid cast lads...

@OthmanAlikhan 3 ай бұрын

Thanks for the video =)

@fokyewtoob8835 3 ай бұрын

Love these redacted episodes thanks to both of you for sharing these tips

@keppubgpc 3 ай бұрын

Yo nahamsec the video's is great but i think that when you are asking questions your voice is not clearly audible it should be greater. Besides that Really great video and motivatoinal.!

@bobbyrandomguy1489 3 ай бұрын

Cool how you went and set up the site to demo bugs found. Thanks for knowledge. Also getting prisoners calls is crazy!! Cant wait till I feel I have enough knowledge to go find some bounties!! $$$

@NahamSec 3 ай бұрын

Thanks for watching!

@RajatSharma_1111 3 ай бұрын

Hey Nahamsec, this is really cool. I really liked it. Can you please make a couple of more podcasts like this. We really learn a lot from your videos.

@NahamSec 3 ай бұрын

That's the plan! This is a monthly series!

@timecop1983Two 3 ай бұрын

@@NahamSec Way that is so good news. I like podcasts like OTW, John Hammond, David Bombal Security FWD and this also!! Thanks always love burp suite videos

@shubham_srt 3 ай бұрын

thanks

@DavidAlvesWeb 3 ай бұрын

Amazing walkthrough, thank you for this! 🏆

@gelzki5632 3 ай бұрын

Hi Ben and Jason, I have a few questions. 1. For logins, what if I found valid credentials from leaked or breached credentials. Is it okay to proceed using those creds to login to the app and look for vulnerability inside or should I already report it? 2. If I find sensitive information like passwords in content discovery and report it. Then moving forward I found another subdomain with login and the passwords I got from the first bug works is it okay to proceed since they did not change the password or is it reportable already? 3. After getting source code through content discovery and reporting it. Is it still okay to use that source code to look for vulnerability? I'm assuming that the client expects you to delete it already after reporting it. Thanks Ben for always sharing great content. Wishing you all the best. 😊

@njbmyv 3 ай бұрын

1. No. You should report them and stop there. You can get access to sensitive information. 2. No. Same as 1. 3. Depends. If they tell you to delete and then you report bugs from the source code what will happen? If you find credentials just report them. But not all programs accepts credentials from leaks and most of them are against this practice because they don't want to encourage credential stealing. Pay attention to the peograms terms because some of them might have a reason to refuse to pay you if you cross the limits.

@narsimharao8565 3 ай бұрын

Best content❤

@eugenekobby9676 3 ай бұрын

Great content! But sadly can't find my first bug in 3 months 😓

@agustinothadeus 3 ай бұрын

Don't despair. Keep hunting, hunting, hunting...I am sure day all that sweat will be rewarded, you just have to have the strength to take lessons from your failures

@eugenekobby9676 3 ай бұрын

@@agustinothadeus Hmm... honestly it feels sad because my 4gb ram laptop can't handle a lot of multitasking and when testing. I have a story to tell and i know i will surely find my first bug this month or the next

@agustinothadeus 3 ай бұрын

@@eugenekobby9676 In my experience most of the RAM during hunting is used by burp, you can try caido cli directly from the browser, it is much more lightweight

@eugenekobby9676 3 ай бұрын

@@camelotenglishtuition6394 where would you recommend i get the certs maybe we could talk privately

@kennyvolkov5724 3 ай бұрын

What vm he uses?

@TheCyberWarriorGuy 3 ай бұрын

Why not create a seperate playlist for %week Program & Redacted Series ?

@ElevenOO1 3 ай бұрын

that's awesome

@manuelarias6013 3 ай бұрын

What software thecore plis

@neadlead2621 3 ай бұрын

what do you mean

@shubham_srt 3 ай бұрын

<a href="#" class="seekto" data-time="647">10:47</a> 🥵🥵🥵🥵🥵🥵🥵🥵🥵🥵

@alirazm5724 3 ай бұрын

Hey behrooz. Tanx for the golden content

@_0x01m 3 ай бұрын

Thank you for sharing knowledge

@Amitte424 3 ай бұрын

I have found actuator endpoints with actuator,health and info path.I already tested heapdump,env,threads, like common other endpoints and found nothing. Is there any other things that I should check that I might be missing.😅😅Thanks for the help😊

@j0hnny_R3db34rd 3 ай бұрын

Git gud.

@Amitte424 3 ай бұрын

what is git gud??@@j0hnny_R3db34rd