The Ugly Truth about Bug Bounty Hunting
The Ugly Truth about Bug Bounty Hunting
Why only a handful of security researchers and bounty hunters make it and how can you be one of them?
Free coding platforms:
https://freecodecamp.org
https://edabit.com
https://codewars.com
Free books:
https://www.py4e.com/book.php
https://www.golang-book.com/books/intro
https://books.goalkicker.com/BashBook/
__________
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
10 Points for PentesterLab PRO: http://bit.ly/awesomepentester
Join me and other cyber-geeks on discord: http://bit.ly/2KH6aST
Join my SQUAD (for discounts’n’stuff): http://bit.ly/2xhSvM2
Hire me as a penetration tester: https://dgtsec.com/penetration-testing-services/
101 Pentesting Training: https://dgtsec.com/cybersec-pentesting-training/
101 Cybersecurity Consulting: https://dgtsec.com/cybersec-pentesting-training/
Connect with me:
Help me keep creating videos: https://www.buymeacoffee.com/cristivlad
Linkedin: https://www.linkedin.com/in/cristivlad/
Twitter: https://twitter.com/CristiVlad25
Facebook page: https://www.facebook.com/CristiVladZ/
Facebook group: https://www.facebook.com/groups/cybersecpros/
Hackthebox: https://www.hackthebox.eu/profile/27034
Tryhackme: https://tryhackme.com/p/cristi
Peerlyst: https://www.peerlyst.com/users/cristi-vlad
Discord: https://disboard.org/server/608756357801443343
Books I recommend for Penetration Testing and Ethical Hacking:
1. TJ O’Connor – Violent Python: https://amzn.to/31vH2GB
2. Dafydd Stuttard – Web App Hacker’ s Handbook (2nd Ed): https://amzn.to/2MRcjk3
3. Peter Yaworski – Web Hacking 101: https://amzn.to/2KTvJSy
4. Jon Erickson – Hacking: The Art of Exploitation (2nd Ed):
https://amzn.to/2WHr3BD
5. Peter Kim – The Hacker Playbook 3 (2018): https://amzn.to/2MQiTXK
6. Peter Yaworski – Real-World Bug Hunting: https://amzn.to/37GB87K
It helps me tremendously if you support these educational videos:
https://www.patreon.com/cristivlad
My course Developing Ethical Hacking Tools with Python on Cybrary: http://bit.ly/2J5USbC
If you’re a Youtuber, how can you survive without TubeBuddy? http://bit.ly/37dgFYr
Learn hands-on pentesting (free trial): http://bit.ly/2LzKrPJ
Hacker Wearables: http://bit.ly/2IDAQEo
Paperspace credit: https://paperspace.io/&R=FMXH1BN
DigitalOcean credit: https://m.do.co/c/efe4365e60bd
Short-clips via: https://mixkit.co/
__________
Whatever type of tests you’re doing, only perform them in safe and legal environments and with the appropriate permissions. This video is for educational purposes only.
Those advices are precious! To be honest I tried to reject them to encourage my self but now I need to be more determine
Totally agree with you. Someone I found whom i can relate more – otherwise most of the people who got in security are mainly driven by the money. Interest is the first thing which require in bug bounty. I am pretty sure, people who have interest should have found this true and informative.
We are all gonna make it brothers,never give up!!
I just say. "No body needs to know what color my skivvies are or if I have any on or not".
hahah i can see the pain in some of the comments…..I am trying to get into this field and its hard, lets face it. You have to learn coding, networking, sysadmin, Linux, Firewalls, VPN heck even understand laws and policies!
I feel like in CyberSec you gotta be a jack of all trades and a master in few.
Become someone unlike everyone!
Seriously just saw this. Profound.
If you want to hack web applications become a freelance web developer first. If you want to hack mobile applications become a… Never mind you get the idea. You need to intimately understand the technology you are hacking and you must have a profound curiosity for all that it can end is not supposed to do.
Thank a ton best advice!
Deeply thinking about this lately, but then a question rises, where to start, cuz there are somuch to learn then, from dev side from security side and also to keep up with the latest vulnerability
This is basically saying perservere and you’ll do fine
Good gosh, what an eye opener video. Thanks for making it and then subsequently sharing it with everyone to see. I appreciate it.
but now everyone will follow your advice in this video resulting in you still following the herd
Only 4.5 minutes to break down all the BS artists out there. Well done!
Just found out your channel and you definitely have my attention.
"CRAFT YOUR UNIQUE APROACHE!" this is a golden advice! Thanks
You are just saying that
->You are programming
Everybody doing it
-> You are writing Hello world program
Everybody done it
->You are making Projects
But Everyone posted it and you are just copy pasting
Its Just completely demotivating
I understand bug hunting is quiet same but we can extend our journey to ETH or PEN TESTING .
Why not Learning Python, We use python in major and many hacking tools
Dude We Just Learn Small Bit Of Things Just By CopyPasting
Because Everything is already existed.and we are learning from it only
Its about the NEW IDEA. To get Suceeded in life.
Recon in Cybersecurity course: https://bit.ly/cybersecrecon
Python for Pentesters course: http://bit.ly/2I0sRkm
Python Basics course: http://bit.ly/37cmhlx
Hands-On Training with PentesterLab PRO: http://bit.ly/awesomepentester
For coaching in pentesting and bug bounty: https://dgtsec.com/cybersec-pentesting-training/
But if you become someone like nobody else how can you become yourself
i have been demotivated
Thanks for you ***** advice
Iam a beginner i want to learn ethical hacking
edabit and codewars.com …………………. well, everybody is doing it. PERIOD.
Yeah some people get it and some people think they get it. It seems like the ones with big egos are the ones who think they get it when they really don’t. The bigger the ego the smaller the _______.
That was too honest and true
Thank you
I see this video 3 month ago and I really upset about my inadequacy it was sound really hard to me starting coding. finally I start 2 months ago and I learned html and css (I know its design language) in this time I realize coding was fun and that motivate me and I am still learning javascript (once I stop learning programming because it was really boring) and soon I will learn nodejs. I am still didn’t quit because of learning new things hard and boring. Infact I want to full-stack javascript developer then start bug bounty. I found my way and I am really happy about it I can even spend years programming maybe I will forget starting hacking. thank you Cristi Vlad this video was really helpfull to me I hope the others will start programming. BY the way sorry for my language English is not my native language and I am learning it too 🙂
I use tryhackme to learn and plan to once I have the money to get my OSCP and start hacking legally. And honestly just do bug bounties when I need a bit of extra cash.
Great video!!!!
Soy de argentina y con ganar $1000/$2000, (un muy buen sueldo en Argentina)
Thank you so much brother
Bug bounty is not for everyone . Bug bounty is a lifetime career and it necessary that you haved passion and patience on it before you succeed as pro bug Hunter .
Oh good someone finally said it. Honestly I have several years as a pentester and thus can focus on lesser known bugs/quirks, and write my own custom recon scripts and wordlists and still sometimes struggle a bit to find a bug. The idea you can learn how XSS works and then run a 3 line bash script to find a bunch of XSS bugs stopped being viable in like 2012
For once the yt algorithm did something good and suggested this video.
Best. Advise. Ever.
I still think the thing I’m struggling with the most is understanding how to get into hacking. Me and a team of my friends want to start bug bountys however we need to learn more, and knowing all the terminology and functions and stuff is so hard.
You are a God-sent ! Really needed that….
If you ever stop learning the the industry. be prepared to fail. No researcher knows everything there is to know.
you are making videos
"Everyones doing that"
‘Be uncommon in a group of uncommon people…’
-David Goggins.
Yes it is this vision that a master must have, always looking at all and new elements. The $ bug is much more than just using scripts passively and waiting for some result, or paths already taken by other secs. Ever ever is work hard!
can we get at least $7000 to $10,000 a year through bug bounties?,pls reply it means a lot to me as i am from india and $10,000 is a whole lot of money here.
This is something I’ve been having in the back of my mind for quite some time… When it comes to Web App bug bounty hunting the secret lies in being a full stack web dev and dominating multiple popular stacks. Thanks for that.
But to learn how to be different you have to learn how others are doing it first.
this is all i wanted to hear.. after months of failed attempts to learn bug bounty hunting, i know where to focus on. those people who says coding isn’t important to start, thats a hoax. those people themselves are good coders.
Pen Testing is not for everyone tho
This video helps me to sleep peacefully.