Practical Bug Bounty

Рет қаралды 72,153

Күн бұрын

www.tcm.rocks/KeeperDemo Keeper Security’s next-gen privileged access management solution delivers enterprise-grade password, secrets and privileged connection management in one unified platform. Request a demo on how you can protect your organization against cyber threats with zero-trust Enterprise Password Management (EPM). www.tcm.rocks/KeeperDemo
Check out the full Practical Bug Bounty course here: www.tcm.rocks/PracticalBugBounty
You can sign up for Intigriti's Program here: www.tcm.rocks/IntigritiSignUp
Labs for this video: drive.google.com/file/d/1RhCn...
Sponsor a Video: www.tcm.rocks/Sponsors
Pentests & Security Consulting: tcm-sec.com
Get Trained: academy.tcm-sec.com
Get Certified: certifications.tcm-sec.com
Merch: merch.tcm-sec.com
0:00:00 - Intro
0:03:00 - Keeper Security Sponsorship
0:03:48 - Course Introduction
0:10:02 - Importance of Web App Security
0:16:26 - Web App Security Standards and Best Practices
0:29:57 - Bug Bounty Hunting vs Penetration Testing
0:40:16 - Phases of a Web App Pentest
0:57:36 - CryptoCat Introduction
0:59:19 - Understanding Scope, Ethics, Code of Conduct, etc.
1:13:29 - Common Scoping Mistakes
1:37:59 - Installing VMWare / VirtualBox
1:41:14 - Installing Linux
1:50:20 - Lab Installation
1:57:36 - Web Technologies
2:02:14 - HTTP & DNS
2:05:47 - Fingerprinting Web Technologies
2:18:00 - Directory Enumeration and Brute Forcing
2:38:07 - Subdomain Enumeration
2:55:43 - Burp Suite Overview
3:34:35 - Introduction to Authentication
3:36:11 - Brute-force Attacks
3:43:11 - Attacking MFA
3:48:38 - Authentication Challenge Walkthrough
3:58:38 - Intro to Authorization
3:59:48 - IDOR - Insecure Direct Object Reference
4:06:15 - Introduction to APIs
4:11:04 - Broken Access Control
4:19:33 - Testing with Autorize
4:27:02 - Introduction to LFI/RFI
4:28:39 - Local File Inclusion Attacks
4:32:59 - Remote File Inclusion Attacks
4:40:37 - File Inclusion Challenge Walkthrough
4:45:05 - Conclusion
📱Social Media📱
___________________________________________
Twitter: / thecybermentor
Twitch: / thecybermentor
Instagram: / thecybermentor
LinkedIn: / heathadams
TikTok: / thecybermentor
Discord: / discord
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
/ thecybermentor
Support the stream (one-time): streamlabs.com/thecybermentor
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: amzn.to/31GN7iX
The Hacker Playbook 3: amzn.to/34XkIY2
Hacking: The Art of Exploitation: amzn.to/2VchDyL
The Web Application Hacker's Handbook: amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: amzn.to/31HAmVx
Linux Basics for Hackers: amzn.to/34WvcXP
Python Crash Course, 2nd Edition: amzn.to/30gINu0
Violent Python: amzn.to/2QoGoJn
Black Hat Python: amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: amzn.to/30d1UW1
EVGA 2080TI: amzn.to/30d2lj7
MSI Z390 MotherBoard: amzn.to/30eu5TL
Intel 9700K: amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: amzn.to/2M638Zb
Razer Nommo Chroma Speakers: amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: amzn.to/31MOgpu
My Recording Equipment:
Panasonic G85 4K Camera: amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: amzn.to/2LIRxAp
Aston Origin Microphone: amzn.to/2LFtNNE
Rode VideoMicro: amzn.to/309yLKH
Mackie PROFX8V2 Mixer: amzn.to/31HKOMB
Elgato Cam Link 4K: amzn.to/2QlicYx
Elgate Stream Deck: amzn.to/2OlchA5
*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.

Пікірлер: 74

@jasperthetom 4 ай бұрын

This free video covers a lot more topics than a course. I really appreciate what you guys are doing. I really like watching your videos. Love from India Sir.

@husseindhooma5816 4 ай бұрын

Thank you, Heath, for providing us with this amazing information, we all need to learn the Practical aspects of Bug Bounty especially for some of us that would like to earn some extra cash.

@martinlastname8548 4 ай бұрын

Currently doing the PNPT. Enjoying it. More so than the PEN-200

@4b5urd. 4 ай бұрын

I"ve got a subscription to TCM Academy but I just wanted to show some love here. You guys are awesome. Thanks for all you do for the community

@Erubius37 4 ай бұрын

Taking the PJWT (the relevant cert for this course) tomorrow! Massively excited to put what I’ve learned to the test!

@hendrasetiawan7220 4 ай бұрын

Good luck! I wanna take it too

@_CryptoCat 4 ай бұрын

Good luck! 💜

@PAW15622 4 ай бұрын

Good luck my friend

@lalalala3235 4 ай бұрын

Good Luck!

@abeamin9182 4 ай бұрын

Good luck!

@dhruvildesai8378 4 ай бұрын

Thank you, Heath, for providing us with this amazing information!

@adarshsingh4693 3 ай бұрын

What you learned after completing this ?

@butler_NA 4 ай бұрын

I love this! Thank you so much!

@siddharthraychaudhuri7250 4 ай бұрын

Thanks, guys. I bought the Pnpt and a 3 month membership mainly for this course, during the sale. Thought I'd be able to complete it too with PNPT. Kinda overestimated myself and am still working through PEH. 10th March my monthly subscription ends, and I don't think I can afford it anymore. Was really sad that this one will remain incomplete. At least now I know that even if my subscription ends, I can still cover some part of the curriculum because of this upload.😢

@agp436 2 ай бұрын

How's is the tcm Security Courses?? Are they worth it in terms of skills and do they provide practical lab to practice??

@Resh7374 19 күн бұрын

Awesome video guys, thanks. Ill be coming over to your website to take some training soon.

@TCMSecurityAcademy 19 күн бұрын

Awesome! Here's a link to our bug bounty course: www.tcm.rocks/pbb-y

@BongzandTakudzwa 4 ай бұрын

Thank you Heath

@bikramshiwakoti 4 ай бұрын

Can't believe this premium content available for free

@javierarzon4853 4 ай бұрын

Love your Videos......awesome

@johnsnow1062 4 ай бұрын

Great resource for 2024

@_CryptoCat 4 ай бұрын

Let's go! 🔥

@fuzelmultani2290 4 ай бұрын

i love you TCM.

@MFoster392 4 ай бұрын

Awesome, I'm doing this on the TCM website right now. :)

@Manas0_0 4 ай бұрын

Is this the exact first part of that website course?

@MFoster392 4 ай бұрын

Yes this is the first half of the practical bug bounty he also has a free complete course on ethical hacking if you're wanting to be a Penetration Tester kzfaq.info?search_query=practical+ethical+hacking+-+the+complete+course @@Manas0_0

@ibtesamRicky Ай бұрын

Thanks always for the free content. Can we get the Detection engineering for beginners course content please? Thank you!

@MufaExplores 3 ай бұрын

Hey.... Dear, Can I run this BugBounty-v1.1 LAB on my Windows OS...???

@anonyghost7422 4 ай бұрын

Heath with another fat W taking care of the noobs (like me) !

@profesurtom 5 күн бұрын

i want to give italian kiss to this course>>>>>😗

@meh.7539 4 ай бұрын

@16:40 I thought the dog snoring in the background was mine.

@tiknikalsupport 4 ай бұрын

❤

@johnsnow1062 4 ай бұрын

Cool

@andrewthurstenson3359 25 күн бұрын

If anyone else ran into an error when setting up the lab stating "'172.20.0.4' is not allowed to connect to this MySQL server in /var/www/html/db.php". I was able to resolve this by removing the volumes for the mysql container, bb-db, in the compose file

@ellerionsnow3340 4 ай бұрын

Aye!

@gandalfthegrey2777 2 ай бұрын

I am having a problem, I cannot open the Lab locally, what is the local host port it's running on? In the video he just went to localhost without any port or IP

@soanzin 3 ай бұрын

I have a doubt. IF the scope says that automation tools are not allowed, is this related only for vuln scanners or to all other tools, like directory/asset discovery. Tools like ffuf, gobuster, etc.

@prathmeshchaudhari7613 3 ай бұрын

It's related to vulnerability scanners only like nuclei

@soanzin 3 ай бұрын

@@prathmeshchaudhari7613 Good to know .. thanks !!

@prathmeshchaudhari7613 3 ай бұрын

@@soanzin welcome!

@youtubeshort2068 4 ай бұрын

How to download lab ?

@saminbinhumayun858 4 ай бұрын

If there is scope given in bb program do we need to do directory bruteforcing?

@orionblu3 3 ай бұрын

Brute force the domain that's in scope at a rate that won't flood the programs defense team

@AbdelrahmanMagdy-ny9wy 2 күн бұрын

im having trouble with the api labs, server keeps responding with missing fields and i didn't manipulate the prepared requests, i copy pasted them into my terminal.

@khadijaijaz6428 15 сағат бұрын

Is it a full detail course on bug bounty?

@carsmadness8555 Ай бұрын

i have a question. in the rules for azena program. it said request_header: X-Intigriti-Username: {Username} how to add it?

@Prateek_d_y 22 күн бұрын

i have gone through a lot of setting check but still my browser says "proxy server refusing connections"...

@user-hq7pq9rm3q 4 ай бұрын

Very awesome Content

@abdulmalik_1_2_0_5 3 ай бұрын

Please sir hope you are having a wonderful time How can i get the course lab sur

@ahmedrao7951 17 күн бұрын

i think there is a problem with auth 0x05, it doesn't show credentials like in the video and also when i put username: jeremy and password:cheesecake, the response says error and required field missing. Am i doing something wrong?

@abcdefg91111 Ай бұрын

1:50:00

@d3crypt_m3 4 күн бұрын

Capstone folder is missing in Google drive link

@shivakumarmv4249 3 ай бұрын

This video is more detailed about Burpsuite...

@eyezikandexploits 4 ай бұрын

Do i have to pay for the course completion certificate?

@eyezikandexploits 4 ай бұрын

Or is it for a lack of better terms; free to play

@anonyghost7422 4 ай бұрын

@@eyezikandexploits You will have to sign up in order to unlock the rest of the course and get the certificate of completion. A monthly membership is around $30 USD

@abcdefg91111 Ай бұрын

3:37:00