Bug Bounty bootcamp // Get paid to hack websites like Uber, PayPal, TikTok and more 

How to get experience with no experience? Have a look at bug bounty programs. Vickie Lee demos Insecure Direct Object References and tells us how to get into bug bounty. We also discuss why her book Bug Bounty Bootcamp is a fantastic book to buy if you want to get into bug bounty. Get real world experience today. // MENU // 00:00 - In plain text! 00:24 - Introducing//Vickie Li 00:58 - Part 1//The Interview 01:01 - Origin//Bug Bounty Bootcamp 03:37 - What are Bug Bounty Programmes? 05:26 - Part Time Bug Hunting? 05:44 - Easy Way to Get Experience 07:45 - Which Bug Bounty Programmes for Beginners? 10:51 - Beginners//Don't Compete with Pros 13:15 - Duplicates as Valid Experience 14:23 - What You Need to Start 14:59 - Linux//Do You Need It? 15:55 - Automate!//Which Programming Language? 18:03 - Beginner Friendly Vulnerabilities 21:17 - Part 2//Exploiting IDOR Vulnerability Demo 21:24 - What is IDOR? 22:51 - PortSwigger IDOR Lab 24:05 - Live Chat IDOR 24:48 - View transcript 25:12 - Burp Suite Intercept 26:05 - What to Look For//IDs Aren't Always Obvious 26:56 - Burp Suite//Looking Through Headers 27:56 - Burp Suite//Repeater 28:30 - Testing View Transcript Again 29:18 - GET Request//Identifying Exploitable Endpoint 30:26 - Modifying GET Request 31:35 - Finding the right headers to modify 33:47 - Why the first attempt didn't work 34:09 - IRL//What You Would Do 34:23 - Password in Live Chat Transcript 35:40 - How to Prevent IDORs 36:01 - IDORs//Worth Pursuing? 39:57 - Bug Bounties//How to Start 41:21 - Learn More!//Vickie's Blog 41:38 - Follow Vickie's Twitter! 41:52 - Thank You & Closing // Books // Bug Bounty Bootcamp: amzn.to/3K2YDeJ The Web Application Hacker's Handbook: amzn.to/3IZ2RTr Hacking API’s by Corey J Ball: amzn.to/3JOJG0E Alice and Bob learn application security by Tanya Janca: amzn.to/3oMyMij Automate the boring stuff with Python: amzn.to/3N2QuYu // Videos mentioned // Nahamsec: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-9vaEwycet90.html Corey Ball: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-CkVvB5woQRM.html Tanya Janca: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-nyhytT2tRN0.html Al Sweigart: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-7iBqoc-DzTQ.html // Vickie's social media // Twitter: twitter.com/vickieli7 Website: vickieli.dev/ RU-vid: ru-vid.com/show-UCjQHiY2JeOkBamHSg_6UeFw Medium: vickieli.medium.com/ // Connect with David // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal RU-vid: ru-vid.com // Platforms mentioned // HackerOne: www.hackerone.com/ bugcrowd: www.bugcrowd.com/ Intigriti: www.intigriti.com/ Huntr: huntr.dev/ // Connect with Nahamsec // Twitter: twitter.com/nahamsec RU-vid: ru-vid.com Github: github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters Discord: discord.com/invite/ysndAm8 Instagram: instagram.com/nahamsec/ LinkedIn: www.linkedin.com/in/nahamsec/ Twitch: www.twitch.tv/nahamsec Website: nahamsec.com/ // MY STUFF // Monitor: amzn.to/3yyF74Y More stuff: www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

I am big fan of Vickie Li. I have read Bug Bounty Bootcamp. After reading web hacking application edition 2. This is the best book for web application book.

I loved that ‘must be under 25 years old.... must have 35 years experience’ if that’s not the truth in absolutely every field. It’s quite ridiculous people with true passion and motivation are just thrown out to the curb. Your channel is a gold mine spewing with knowledge, thank you for helping everyone grow David!

David you just gave me what I wanted. I mostly hunt for IDORs… and I’m a great fan of Vickie Li’s articles and her book Bug Bounty bootcamp.👏🏽👏🏽👏🏽

David I know this has been said a lot but you're doing amazing and you're literally covering everything I am currently studying computer science and I share your channel with all of my friends who are into cybersecurity or networking

I’m a huge fan of this book!! It was the first resource that gave me a true understanding of the topic; absolutely changed my life. Thrilled that you had her on the show! :)

Fair play David is always bringing the top tier guests

Thank you David and Vickie for this great video, it was informative and fun to watch.

Looking for unpaid bugs sounds like a great idea! I’ve been struggling lately staying up after every is sleeping to study my way into cybersecurity and this sounds like it can be a nice confidence boost. Thanks again for the quality content!

Thank you David for another amazing interview and for exposing me to Vickie Lee

Thank you David, Thank you Vickie for this eye opening video, book ordered :)

Great video and guest, the concepts were given in a succint yet informative manner.

Thank you David and Vickie for this Amazing great Video...!

A great guest .. very valuable 👌 thank you to you both

Great video! Thanks David and Vickie

Great talk and something would love to work on. Currently doing Hack The Box and will have to read your book for sure.

Very Informative, helpful and Educational video! Thx for the tutorial man!

Love your videos. It helped me a lot! Thank you!!

Great book. Highly recommended for beginner.

Great interview and awesome advice 👏

We thank you very much for these videos David, you really inspires us to keeping on learning and see the side of real world of what we are learning.

Great video! Always love your content. Now I feel like I need to pick up another one of your guests’ books… your fans will end up paying the light bill at No Starch ha ha!

Thank you for this great content.

Amazing Video David... Your guests are the best! Being a Vickie Li follower, I was extremely excited to view this. Thank you once again.. This channel just gets better after every post!!

Good mentoring video. Great Job David ! Thanks for inspiring people to this field.

really great video..thanks for both of you.😀

Thanks a lot David and Vickie...

Hi David, I see you have a wealth of knowledge (your bookshelf) while in this video, Vickie appears to have an eye for creativity. My question to you is ''How important is the left brain/right brain according to your line of work? Thanks and keep up the good work!

I wish I have found this video sooner. Thank you.

Not affiliated at all but as of 12/3/22 4 of the 5 books mentioned are available on humble bundle for less than one of the hard copies.

Thanks you for this David.

Thank you man for sharing this stuff

I had no idea the stuff I was doing on forums back in the day was an actual exploit ahaha good to learn :D Also damn IDOR exploits have been around for so long (I was messing with forums over 20 years ago now lol)

thank you for sharing this with us!!!

Useful for those starting out in BBH

Great content !!!

You really good at explaining thank you

I never used burp, just the dev console of the browser for this, and it seems to do the job. Good practice is getting bugs in the Facebook games of the smaller startups. Games? Yes! Finding ways to bypass paying for in-game bonuses, messing with other users data (these IDORs), cross site scripting... You may not get paid but you'll be thanked (usually).

Thanks for the video!!

Good evening sir David I'm huge fan of Li and it's seems to be like you have changed subject from python to bugbounty hope you have a amazing weekend and see you in next week in marvellous content perfect coach.

Thanks a lot David for this video. I needed a video on website hacking badly. Thanks again. Please do more videos on website hacking and website pentesting.

Keep it up sir ... Nice video

You should do episodes explaining real life hacks that’s happening in the real world today.

Amazing!

Hey David 💪🏽, would you happen to have any friends in cyber law? It's a super underrated topic that I would love to learn more of

When people start selling shovels, that should tell you that the gold mine is empty.

Love your content :}

Best Video Sir

I'm crushing on her😍, she is soon intelligent and wise. Wonderful content, learned a ton🔥💖

Interesting!

Thank you david

Do we need to know command line, html, python to work by the method she present?

Hi David, Just curious, is there any e-book for this?

Hi Mr. David. Can you please tell us some important topics to learn to get a junior pentester job or something like that? Or perhaps you can interview someone related to offensive security and ask them this question?

thank you so much for teaching us..

Awesome 👍 Sir

Mr. Bombay, is there any bug bounty video course that you recommend.

Bought the book can’t wait to check this out I’ll let you know what I think.

good video

How does it with asking permission to hack them? if you dont ask firs they can sue you

thank you m8! big 'preciation!

Should I learn Linux with WSL, or it is a bad idea(I have heard that it's not real linux, like Docker and other things don't work very well)?

Thanks

nice video

very good！

Are books still viable for learning or is it too slow, due to the speed of things?

I have no linux knowledge nor basic IT. I'm 31 and my 1st cell phone was at 17. So where should I start? Coding languages first or basic IT terms. School? Or online academies ??

I am 30+ years old and I have decided to learn bug bounty. I only know networking,os and a little bit of web development. Don't know if I will succeed or not. Trying my best.

Does most of the bug bounty hunters are using the scripts, scanners to get bugs Does all the companies allows to use scripts and scan for bug bounty

Wheres the list of ctfs

Please I need a book

Please make a video on, How to trace mobile with IMEI number?

David please do video on how to hack wifi using termux without route

how much programming skilss

I honestly thought this said "Big Booty Bootcamp". Time for a new glasses prescription...

This guy, David, really man, i mean seriously this guy earns from youtube by just posting his video calls with some guys in his field 😂😂

what websites that offer bug bounties?

Can you introduce resources for developers who want to become better web dev? My main focus is Javascript and python and Stanford have a good course about Security in Javascript and Node...looking for similar source to avoid writing insecure code or have checklist. I know 100% security is not possible however I look to learn to avoid 80% mistakes that could be avoided by putting resealable amount of time. (100-200 hours of studying).

How to get experience with no experience?

Is it actually websites to teach bug bounty?? Like freecodecamp or Odin project??

what if a pentester who is testing application of a company gets caught and his/her ip is traced under bug bounty program than what happens? is it considered safe ? will company take any action against a pentester or a bug hunter who is searching vulnerability?

I love all of this. It's a bug in my cellphone that keeps deepfakeing me as if I work for the FBI. So I can be murder on the eastern Shore VA. But I'm going to figure this out and alleviate this bug.

Any way to get the book for free?

Hey David, thanks for this interview videos! So usefull. I am preparing to take the CEH in two weeks. Your videos somehow help me to illustrate the study content. Appreciate

Here, I live in a country where a hacker found a serious bug in the website of the Govt Telecommunications company which controls all the telecommunication things.... He informed the office but they did not pay any heed to him, let alone getting paid 😂😂😂😂😂😂. So, he hacked the website and got the server down for a certain time....

Alissa Knight is also an expert in hacking API's

Hello David! Do you have a tutorial where we can try to hack a social media using hydra or other tools. Do you also have a tutorial where we can track someone's device without installing something on the target's device. I'm just curious on how to do it and just asking for educational purpose only. Thanks

Hey David, I have a question, If I want to get started with ethical hacking(probably not as a career) I think I will need to start with absolute basics of cyber security first but all the basic cyber security courses I saw on youtube mainly, were quiet old according to me and I am not also sure how to start with cyber secuirty as a hobby if I want to, so can you tell me a course or just a general road map or just how should I start with cyber security if I want to or what should I do. Thankyou.

Open soft soft and press F1 and you’ll never be a noob again

👍

❤

3:34 looks like he is Maksim Yakubets

Hey can you do a termux hacking course.

integrity of Cybersecurity 💀

I'm in africa and I'd like to get those books how can I do to get them plz

TO ANYONE who is interested!!! There is a hacker book bundle available on HUMBLE BUNDLE! It is ALL from NO STARCH PRESS and BUG BOUNTY BOOTCAMP is in there! As well as HACKING APIs and BLACK HAT PYTHON 2nd ed. many more are on there as well for £30.44 combined. the total value of the bundle is £548. You can get it for £30. Individually most of the books are atleast £20-£40. If you are interested. It is up for 20 days from the day I am posting this.

Hey David I’m trying to install black arch Linux and I’m stuck on the rootfs what is the command I need to put in

image/pdf exploit rat tool one video plz sir

❤❤❤❤❤❤👍👍👍👍👍

Okay, okay yes, I get tNice tutorials and I get that-