Bug Bounty bootcamp // Get paid to hack websites like Uber, PayPal, TikTok and more
164,044
Published 2022-10-02
// MENU //
00:00 - In plain text!
00:24 - Introducing//Vickie Li
00:58 - Part 1//The Interview
01:01 - Origin//Bug Bounty Bootcamp
03:37 - What are Bug Bounty Programmes?
05:26 - Part Time Bug Hunting?
05:44 - Easy Way to Get Experience
07:45 - Which Bug Bounty Programmes for Beginners?
10:51 - Beginners//Don't Compete with Pros
13:15 - Duplicates as Valid Experience
14:23 - What You Need to Start
14:59 - Linux//Do You Need It?
15:55 - Automate!//Which Programming Language?
18:03 - Beginner Friendly Vulnerabilities
21:17 - Part 2//Exploiting IDOR Vulnerability Demo
21:24 - What is IDOR?
22:51 - PortSwigger IDOR Lab
24:05 - Live Chat IDOR
24:48 - View transcript
25:12 - Burp Suite Intercept
26:05 - What to Look For//IDs Aren't Always Obvious
26:56 - Burp Suite//Looking Through Headers
27:56 - Burp Suite//Repeater
28:30 - Testing View Transcript Again
29:18 - GET Request//Identifying Exploitable Endpoint
30:26 - Modifying GET Request
31:35 - Finding the right headers to modify
33:47 - Why the first attempt didn't work
34:09 - IRL//What You Would Do
34:23 - Password in Live Chat Transcript
35:40 - How to Prevent IDORs
36:01 - IDORs//Worth Pursuing?
39:57 - Bug Bounties//How to Start
41:21 - Learn More!//Vickie's Blog
41:38 - Follow Vickie's Twitter!
41:52 - Thank You & Closing
// Books //
Bug Bounty Bootcamp: amzn.to/3K2YDeJ
The Web Application Hacker's Handbook: amzn.to/3IZ2RTr
Hacking API’s by Corey J Ball: amzn.to/3JOJG0E
Alice and Bob learn application security by Tanya Janca: amzn.to/3oMyMij
Automate the boring stuff with Python: amzn.to/3N2QuYu
// Videos mentioned //
Nahamsec: • Bug Bounty: Get paid to hack PayPal a...
Corey Ball: • Free API Hacking course!
Tanya Janca: • #1 reason for data breaches! Free App...
Al Sweigart: • Get the Best Python Books for Free
// Vickie's social media //
Twitter: twitter.com/vickieli7
Website: vickieli.dev/
YouTube: / @vickielidev
Medium: vickieli.medium.com/
// Connect with David //
Discord: discord.com/invite/usKSyzb
Twitter: www.twitter.com/davidbombal
Instagram: www.instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: www.facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
YouTube: youtube.com/davidbombal
// Platforms mentioned //
HackerOne: www.hackerone.com/
bugcrowd: www.bugcrowd.com/
Intigriti: www.intigriti.com/
Huntr: huntr.dev/
// Connect with Nahamsec //
Twitter: twitter.com/nahamsec
YouTube: youtube.com/c/nahamsec
Github: github.com/nahamsec/Resources-for-Beginner-Bug-Bou…
Discord: discord.com/invite/ysndAm8
Instagram: www.instagram.com/nahamsec/
LinkedIn: www.linkedin.com/in/nahamsec/
Twitch: www.twitch.tv/nahamsec
Website: nahamsec.com/
// MY STUFF //
Monitor: amzn.to/3yyF74Y
More stuff: www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: [email protected]
bug
bugs
bug bounty
hackerone
intigriti
bugcrowd
bugbounty
hacking
cyber
security
bug bounties
ethical hacking
bug bounty hunting
burp suite
ethical hacker
pentest certificate
red teaming
bug bounty tips
bug bounty for beginners
bug bounty course
pentest basics
bugcrowd
bugbounty
hack
bugs
python
linux
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#python #hack #xss
All Comments (21)
-
How to get experience with no experience? Have a look at bug bounty programs. Vickie Lee demos Insecure Direct Object References and tells us how to get into bug bounty. We also discuss why her book Bug Bounty Bootcamp is a fantastic book to buy if you want to get into bug bounty. Get real world experience today. // MENU // 00:00 - In plain text! 00:24 - Introducing//Vickie Li 00:58 - Part 1//The Interview 01:01 - Origin//Bug Bounty Bootcamp 03:37 - What are Bug Bounty Programmes? 05:26 - Part Time Bug Hunting? 05:44 - Easy Way to Get Experience 07:45 - Which Bug Bounty Programmes for Beginners? 10:51 - Beginners//Don't Compete with Pros 13:15 - Duplicates as Valid Experience 14:23 - What You Need to Start 14:59 - Linux//Do You Need It? 15:55 - Automate!//Which Programming Language? 18:03 - Beginner Friendly Vulnerabilities 21:17 - Part 2//Exploiting IDOR Vulnerability Demo 21:24 - What is IDOR? 22:51 - PortSwigger IDOR Lab 24:05 - Live Chat IDOR 24:48 - View transcript 25:12 - Burp Suite Intercept 26:05 - What to Look For//IDs Aren't Always Obvious 26:56 - Burp Suite//Looking Through Headers 27:56 - Burp Suite//Repeater 28:30 - Testing View Transcript Again 29:18 - GET Request//Identifying Exploitable Endpoint 30:26 - Modifying GET Request 31:35 - Finding the right headers to modify 33:47 - Why the first attempt didn't work 34:09 - IRL//What You Would Do 34:23 - Password in Live Chat Transcript 35:40 - How to Prevent IDORs 36:01 - IDORs//Worth Pursuing? 39:57 - Bug Bounties//How to Start 41:21 - Learn More!//Vickie's Blog 41:38 - Follow Vickie's Twitter! 41:52 - Thank You & Closing // Books // Bug Bounty Bootcamp: amzn.to/3K2YDeJ The Web Application Hacker's Handbook: amzn.to/3IZ2RTr Hacking API’s by Corey J Ball: amzn.to/3JOJG0E Alice and Bob learn application security by Tanya Janca: amzn.to/3oMyMij Automate the boring stuff with Python: amzn.to/3N2QuYu // Videos mentioned // Nahamsec: https://youtu.be/9vaEwycet90 Corey Ball: https://youtu.be/CkVvB5woQRM Tanya Janca: https://youtu.be/nyhytT2tRN0 Al Sweigart: https://youtu.be/7iBqoc-DzTQ // Vickie's social media // Twitter: twitter.com/vickieli7 Website: vickieli.dev/ YouTube: www.youtube.com/channel/UCjQHiY2JeOkBamHSg_6UeFw Medium: vickieli.medium.com/ // Connect with David // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: youtube.com/davidbombal // Platforms mentioned // HackerOne: www.hackerone.com/ bugcrowd: www.bugcrowd.com/ Intigriti: www.intigriti.com/ Huntr: huntr.dev/ // Connect with Nahamsec // Twitter: twitter.com/nahamsec YouTube: youtube.com/c/nahamsec Github: github.com/nahamsec/Resources-for-Beginner-Bug-Bou… Discord: discord.com/invite/ysndAm8 Instagram: www.instagram.com/nahamsec/ LinkedIn: www.linkedin.com/in/nahamsec/ Twitch: www.twitch.tv/nahamsec Website: nahamsec.com/ // MY STUFF // Monitor: amzn.to/3yyF74Y More stuff: www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com/ Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.
-
I am big fan of Vickie Li. I have read Bug Bounty Bootcamp. After reading web hacking application edition 2. This is the best book for web application book.
-
I loved that ‘must be under 25 years old.... must have 35 years experience’ if that’s not the truth in absolutely every field. It’s quite ridiculous people with true passion and motivation are just thrown out to the curb. Your channel is a gold mine spewing with knowledge, thank you for helping everyone grow David!
-
David I know this has been said a lot but you're doing amazing and you're literally covering everything I am currently studying computer science and I share your channel with all of my friends who are into cybersecurity or networking
-
David you just gave me what I wanted. I mostly hunt for IDORs… and I’m a great fan of Vickie Li’s articles and her book Bug Bounty bootcamp.👏🏽👏🏽👏🏽
-
I’m a huge fan of this book!! It was the first resource that gave me a true understanding of the topic; absolutely changed my life. Thrilled that you had her on the show! :)
-
Thank you David and Vickie for this great video, it was informative and fun to watch.
-
Looking for unpaid bugs sounds like a great idea! I’ve been struggling lately staying up after every is sleeping to study my way into cybersecurity and this sounds like it can be a nice confidence boost. Thanks again for the quality content!
-
Fair play David is always bringing the top tier guests
-
Great video and guest, the concepts were given in a succint yet informative manner.
-
Thank you David and Vickie for this Amazing great Video...!
-
Thank you David, Thank you Vickie for this eye opening video, book ordered :)
-
Thank you David for another amazing interview and for exposing me to Vickie Lee
-
Very Informative, helpful and Educational video! Thx for the tutorial man!
-
Great talk and something would love to work on. Currently doing Hack The Box and will have to read your book for sure.
-
Love your videos. It helped me a lot! Thank you!!
-
A great guest .. very valuable 👌 thank you to you both
-
Great video! Thanks David and Vickie
-
We thank you very much for these videos David, you really inspires us to keeping on learning and see the side of real world of what we are learning.
-
Great video! Always love your content. Now I feel like I need to pick up another one of your guests’ books… your fans will end up paying the light bill at No Starch ha ha!