The Ugly Truth about Bug Bounty Hunting

The Ugly Truth about Bug Bounty Hunting

Why only a handful of security researchers and bounty hunters make it and how can you be one of them?

Free coding platforms:

Free books:

Recon in Cybersecurity course:
Python for Pentesters course:
Python Basics course:
10 Points for PentesterLab PRO:

Join me and other cyber-geeks on discord:
Join my SQUAD (for discounts’n’stuff):

Hire me as a penetration tester:
101 Pentesting Training:
101 Cybersecurity Consulting:

Connect with me:

Help me keep creating videos:

Facebook page:
Facebook group:

Books I recommend for Penetration Testing and Ethical Hacking:

1. TJ O’Connor – Violent Python:
2. Dafydd Stuttard – Web App Hacker’ s Handbook (2nd Ed):
3. Peter Yaworski – Web Hacking 101:
4. Jon Erickson – Hacking: The Art of Exploitation (2nd Ed):
5. Peter Kim – The Hacker Playbook 3 (2018):
6. Peter Yaworski – Real-World Bug Hunting:

It helps me tremendously if you support these educational videos:

My course Developing Ethical Hacking Tools with Python on Cybrary:

If you’re a Youtuber, how can you survive without TubeBuddy?
Learn hands-on pentesting (free trial):
Hacker Wearables:
Paperspace credit:
DigitalOcean credit:

Short-clips via:

Whatever type of tests you’re doing, only perform them in safe and legal environments and with the appropriate permissions. This video is for educational purposes only.


  1. Trinity on October 10, 2021 at 8:09 am

    Those advices are precious! To be honest I tried to reject them to encourage my self but now I need to be more determine

  2. Adarsh Anand on October 10, 2021 at 8:10 am

    Totally agree with you. Someone I found whom i can relate more – otherwise most of the people who got in security are mainly driven by the money. Interest is the first thing which require in bug bounty. I am pretty sure, people who have interest should have found this true and informative.

  3. Dark Sekiro on October 10, 2021 at 8:11 am

    We are all gonna make it brothers,never give up!!

  4. Bulvine Scatologist on October 10, 2021 at 8:11 am

    I just say. "No body needs to know what color my skivvies are or if I have any on or not".

  5. ManOFSteel on October 10, 2021 at 8:12 am

    hahah i can see the pain in some of the comments…..I am trying to get into this field and its hard, lets face it. You have to learn coding, networking, sysadmin, Linux, Firewalls, VPN heck even understand laws and policies!

    I feel like in CyberSec you gotta be a jack of all trades and a master in few.

  6. Sreeraj K on October 10, 2021 at 8:12 am

    Become someone unlike everyone!

  7. Jon Magee on October 10, 2021 at 8:14 am

    Seriously just saw this. Profound.

  8. Josh Campbell on October 10, 2021 at 8:19 am

    If you want to hack web applications become a freelance web developer first. If you want to hack mobile applications become a… Never mind you get the idea. You need to intimately understand the technology you are hacking and you must have a profound curiosity for all that it can end is not supposed to do.

  9. rootxpauras on October 10, 2021 at 8:19 am

    Thank a ton best advice!

  10. init_6 on October 10, 2021 at 8:20 am

    Deeply thinking about this lately, but then a question rises, where to start, cuz there are somuch to learn then, from dev side from security side and also to keep up with the latest vulnerability

  11. Vernon Robinson on October 10, 2021 at 8:20 am

    This is basically saying perservere and you’ll do fine

  12. Anand Jambhulkar on October 10, 2021 at 8:21 am

    Good gosh, what an eye opener video. Thanks for making it and then subsequently sharing it with everyone to see. I appreciate it.

  13. Over Yonder on October 10, 2021 at 8:22 am

    but now everyone will follow your advice in this video resulting in you still following the herd

  14. Paul van Driel on October 10, 2021 at 8:24 am

    Only 4.5 minutes to break down all the BS artists out there. Well done!

  15. Tiago on October 10, 2021 at 8:25 am

    Just found out your channel and you definitely have my attention.

  16. Fritz EYOK on October 10, 2021 at 8:25 am

    "CRAFT YOUR UNIQUE APROACHE!" this is a golden advice! Thanks

  17. Unknown Indian on October 10, 2021 at 8:25 am

    You are just saying that
    ->You are programming
    Everybody doing it
    -> You are writing Hello world program
    Everybody done it
    ->You are making Projects
    But Everyone posted it and you are just copy pasting

    Its Just completely demotivating
    I understand bug hunting is quiet same but we can extend our journey to ETH or PEN TESTING .
    Why not Learning Python, We use python in major and many hacking tools
    Dude We Just Learn Small Bit Of Things Just By CopyPasting
    Because Everything is already existed.and we are learning from it only

    Its about the NEW IDEA. To get Suceeded in life.

  18. Cristi Vlad on October 10, 2021 at 8:30 am

    Recon in Cybersecurity course:
    Python for Pentesters course:
    Python Basics course:
    Hands-On Training with PentesterLab PRO:
    For coaching in pentesting and bug bounty:

  19. Lucaso Curry on October 10, 2021 at 8:32 am

    But if you become someone like nobody else how can you become yourself

  20. Ashish Siby on October 10, 2021 at 8:32 am

    i have been demotivated
    Thanks for you ***** advice

  21. Mery Option on October 10, 2021 at 8:33 am

    Iam a beginner i want to learn ethical hacking

  22. jaydev solanki on October 10, 2021 at 8:34 am

    edabit and …………………. well, everybody is doing it. PERIOD.

  23. dᴉlℲ on October 10, 2021 at 8:36 am

    Yeah some people get it and some people think they get it. It seems like the ones with big egos are the ones who think they get it when they really don’t. The bigger the ego the smaller the _______.

  24. Alaa ILA on October 10, 2021 at 8:36 am

    That was too honest and true

  25. Master Mace on October 10, 2021 at 8:37 am

    Thank you

  26. tyler durden on October 10, 2021 at 8:40 am

    I see this video 3 month ago and I really upset about my inadequacy it was sound really hard to me starting coding. finally I start 2 months ago and I learned html and css (I know its design language) in this time I realize coding was fun and that motivate me and I am still learning javascript (once I stop learning programming because it was really boring) and soon I will learn nodejs. I am still didn’t quit because of learning new things hard and boring. Infact I want to full-stack javascript developer then start bug bounty. I found my way and I am really happy about it I can even spend years programming maybe I will forget starting hacking. thank you Cristi Vlad this video was really helpfull to me I hope the others will start programming. BY the way sorry for my language English is not my native language and I am learning it too 🙂

  27. Olivia drinkwine on October 10, 2021 at 8:42 am

    I use tryhackme to learn and plan to once I have the money to get my OSCP and start hacking legally. And honestly just do bug bounties when I need a bit of extra cash.

  28. Randle Boyd on October 10, 2021 at 8:43 am

    Great video!!!!

  29. El Admin on October 10, 2021 at 8:48 am

    Soy de argentina y con ganar $1000/$2000, (un muy buen sueldo en Argentina)

  30. it's me pritam on October 10, 2021 at 8:49 am

    Thank you so much brother

  31. Ryan Barcebal on October 10, 2021 at 8:50 am

    Bug bounty is not for everyone . Bug bounty is a lifetime career and it necessary that you haved passion and patience on it before you succeed as pro bug Hunter .

  32. A C on October 10, 2021 at 8:53 am

    Oh good someone finally said it. Honestly I have several years as a pentester and thus can focus on lesser known bugs/quirks, and write my own custom recon scripts and wordlists and still sometimes struggle a bit to find a bug. The idea you can learn how XSS works and then run a 3 line bash script to find a bunch of XSS bugs stopped being viable in like 2012

  33. Orlando De Vincenzo on October 10, 2021 at 8:53 am

    For once the yt algorithm did something good and suggested this video.

    Best. Advise. Ever.

  34. MrFox666 on October 10, 2021 at 8:54 am

    I still think the thing I’m struggling with the most is understanding how to get into hacking. Me and a team of my friends want to start bug bountys however we need to learn more, and knowing all the terminology and functions and stuff is so hard.

  35. elliot alderson on October 10, 2021 at 8:55 am

    You are a God-sent ! Really needed that….

  36. J JJ on October 10, 2021 at 8:55 am

    If you ever stop learning the the industry. be prepared to fail. No researcher knows everything there is to know.

  37. shivansh Rahangdale on October 10, 2021 at 8:56 am

    you are making videos

    "Everyones doing that"

  38. BareGrillz on October 10, 2021 at 8:57 am

    ‘Be uncommon in a group of uncommon people…’

    -David Goggins.

  39. Alisson Pelcer on October 10, 2021 at 8:57 am

    Yes it is this vision that a master must have, always looking at all and new elements. The $ bug is much more than just using scripts passively and waiting for some result, or paths already taken by other secs. Ever ever is work hard!

  40. sarah williams on October 10, 2021 at 8:59 am

    can we get at least $7000 to $10,000 a year through bug bounties?,pls reply it means a lot to me as i am from india and $10,000 is a whole lot of money here.

  41. EONRaider on October 10, 2021 at 9:01 am

    This is something I’ve been having in the back of my mind for quite some time… When it comes to Web App bug bounty hunting the secret lies in being a full stack web dev and dominating multiple popular stacks. Thanks for that.

  42. Nanof Urbiznis on October 10, 2021 at 9:02 am

    But to learn how to be different you have to learn how others are doing it first.

  43. ॐ Dhiraj ॐ on October 10, 2021 at 9:05 am

    this is all i wanted to hear.. after months of failed attempts to learn bug bounty hunting, i know where to focus on. those people who says coding isn’t important to start, thats a hoax. those people themselves are good coders.

  44. Jerickson Jaspe on October 10, 2021 at 9:05 am

    Pen Testing is not for everyone tho

  45. DAW Works on October 10, 2021 at 9:09 am

    This video helps me to sleep peacefully.