first

U da man Ben, I started out 6 months ago knowing nothing and i've learned so much from your videos. Thank You :-)

Always ready for part2❤🙂

Something that I noticed is that it takes so much mental energy to try out, in the wild a new type of attack. I learn about it, I test it locally but it's like I am afraid to test it in the wild, what if something go wrong. So I usually test it on a few hosts, them more, and then go full scale. But yeah, that is something that I feel is slowing me down by some days for each attack I am learning. Is this happening to you also? If you got over it, how did you do?

Definitely a part 2 please! ❤

Your posting a great content but please increase the volume or speak loudly, it is very difficult to heard you in noisy conditions... ❤

Great as always Waiting for part 2

One of the things I love about the industry is the continuous learning, but how do you manage burnout with the demand of keeping up to date?

Ben, please do a part 2!

This is surely not a clickbait video Naham.

Thanks for always motivating us ❤Is there any platform to practice real world vulnerabilities

@NahamSec, In regards to mindset, if you understand a cross-site scripting report can you read the report and turn it into layman terms. Like when I talk to ppl about network IP addresses, I'll say that it's an Address like sending a letter at Christmas if that host is offline or that family moved, you Christmas card will be "return to sender recipient does not live here anymore."

Could you make a video of how you create your own custom lists for finding subdomains? I saw that you used a custom list when hacking redbull a few weeks ago :)

Great Content

My memory is my biggest problem, always having to refer back to books or notes. Working full time and only having limited time to learn i don't build enough muscle memory 😥😥

plz speak more about defensive careers

I'm struggling with missing bugs or standard methodology/checklist to ensure the application is secure

Woohoo!

Where do I get started with hacking? I am a very structured person, so I feel I would need the fundamentals. Any recommendations would be appreciated.

This video is helpful for me < thank you :)

we want Part two

First man!

I’m struggling to sit down and learn/practice. Stupid video games are always more important and it is so frustrating, deep down I know what I have to do but it always gets in the way… Any tips on how to flip that switch? 😁

part 2, please.

Hello sir, I want to learn API Testing but don't know where to start, please can you give some guidence.

I dropped out of college last month, only for what I love the most. Hacking.

Hey Nahamsec Sir 🤩🤩🤩

Im at the point where I wanna try out bug bounty but I still have much to learn in AppSec. Should I focus learning more, efficiently at etc portswigger or should I just go into bug bounty and learn there?

we want videos on xss pleaseeeeee

1st view❤

01:20, sir is Javascript really needed to be a good bug bounty hunter as really i have came so far giving a lot of time to javascript in the past few months

❣

Salam valekum

❤

how long it took you to find your first bug?

Part 2

please make a video how much code learning is required to be able to find bugs nobody talk about it.

👍🏻

are you happy, Naham?

PLZZZ MAKE A VIDEO ON BUG BOUNTY REPORT WRITING

I've been trying for months, but I just can't find anything 😑

daddy ben any pentester lab give away :)

Pzl! make 3 videos a week.

Hello, Behrooz. Your speech is good, but it is a slogan. It is better to cover this in practice so that we can understand it better

I'm struggling to finding my 4th valid bug last 2 months 😐

PAYLOADS VIDEO HOW TO USE IT

I'm struggling with missing bugs, I remember finding one bug but due to lack of knowledge (at that time) I missed it now I don't even remember where did I saw it because as a beginner I jumped too many programs. I'm losing passion because I couldn't find a single bug in months. lastly I would like to know how to hack patiently and how other hackers find xss or other bugs in less than 1hr or 3hrs some says found 10 bugs in last 24hrs.

MY THREAD MODEL IS EASY - HIT THEM WHERE IT HURTS . EXAMPLE TAKE PAYPAL REST YOU KNOW 😈 !!!!

so i did some automated api endpoint enumeration testing (via feroxbuster) and managed to get into the /etc/passwd file on my friends web server he allowed me to hack-BUT - this was the contents of the file: root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin does anybody know how i can ACTUALLY get a hold of the password hashes for each user here in the second field after the first : ????????

Are you from iran? @NahamSec

Part 2