VIDEO
HIGHLIGHT
Log InSign up
2023 Path to Hacking Success: Top 3 Bug Bounty Tips
SummaryTranscriptChat

2023 Path to Hacking Success: Top 3 Bug Bounty Tips

Introduction and Saving Money at a Young Age

In this section, the speaker introduces a friend named Adam who has saved a significant amount of money at a young age. The importance of having a mindset focused on learning and passion rather than just making money is emphasized.

Saving Money for the Future

  • Adam, a 17 or 18-year-old who recently graduated high school, has saved all the money he earned.
  • Having the mentality of learning and becoming better at web hacking, even if it brings in additional income, is crucial.
  • Passion for web hacking should be the driving force rather than solely focusing on monetary gains.

Importance of Passion in Web Hacking

This section highlights the significance of being passionate about web hacking rather than pursuing it solely for financial gain. The speaker emphasizes that genuine interest leads to greater success and enjoyment in any industry.

Pursuing Web Hacking with Passion

  • Genuine passion for web hacking will lead to greater achievements and satisfaction compared to pursuing quick monetary gains.
  • Many industries lose their appeal when people focus only on making money overnight.
  • The speaker's mission is to help individuals find their first valid vulnerability through various activities like pentests, CTFs, bug bounties, or VDPs.

Sponsorship by Brilliant.org

This section acknowledges Brilliant.org as the sponsor of the video. The interactive and hands-on approach offered by Brilliant.org's courses is highlighted.

Sponsorship by Brilliant.org

  • Brilliant.org is praised for its teaching methods and interactive courses.
  • Programming with Python and introduction to neural networks are mentioned as some favorite courses.
  • Interactive learning experiences are more effective than traditional methods like reading books or watching videos.

Interactive Learning with Brilliant.org

This section demonstrates the interactive learning experience provided by Brilliant.org through a series of questions and visual examples.

Interactive Learning Experience

  • The speaker presents a series of questions from Brilliant.org's AI training.
  • The first question involves guessing the object in a black and white image, which becomes clearer when color is added.
  • Another question asks to identify a specific part of an image, demonstrating how context matters in perception.
  • The interactive nature of Brilliant.org's courses allows learners to answer these questions themselves.

Benefits of Interactive Hands-On Training

This section emphasizes the effectiveness of interactive hands-on training, such as that offered by Brilliant.org. Traditional methods like reading books or watching videos are considered less effective for learning.

Effectiveness of Interactive Hands-On Training

  • Learners benefit more from interactive hands-on training compared to passive methods like reading books or watching videos.
  • Brilliant.org's courses provide an engaging and practical learning experience.
  • The speaker encourages viewers to take advantage of Brilliant.org's 30-day trial with a 20% discount using the provided link.

Introduction to Bug Bounty with Ben Nahorney

In this section, the speaker introduces Ben Nahorney as a special guest who has achieved significant success in bug bounty programs. The importance of following Ben's channel for bug bounty information is highlighted.

Introduction to Ben Nahorney and Bug Bounty Programs

  • Ben Nahorney is introduced as an expert in bug bounty programs.
  • Viewers are encouraged to subscribe to his channel for valuable bug bounty information.
  • Ben's recent success in earning $100,000 within a few weeks is mentioned, generating interest among viewers.

Money-Making Potential in Bug Bounty

This section addresses the misconception that bug bounty programs no longer offer significant financial rewards. The speaker highlights Ben's success as proof of the money-making potential in bug bounty.

Debunking Misconceptions about Bug Bounty Programs

  • Despite claims that bug bounty programs are no longer lucrative, Ben's success demonstrates otherwise.
  • The speaker acknowledges the importance of standing out and bringing something new to succeed in bug bounty.
  • With numerous bug bounty programs available, there is ample opportunity to earn money through ethical hacking.

Making Money and Providing Content from Bug Bounties

This section discusses how Ben's recent success not only helped him financially but also provided valuable content for his channel.

Financial Gain and Content Creation from Bug Bounties

  • Ben's recent success was not planned but provided a great opportunity to make money.
  • Luck played a role, but it also generated content for his channel.
  • The speaker emphasizes that every industry has money-making potential; it is essential to find ways to stand out and compete effectively.

Increasing Opportunities in Bug Bounties

This section reiterates the potential for earning money through bug bounties due to the increasing number of available programs. Standing out and delivering quality work are crucial factors for success.

Growing Opportunities in Bug Bounties

  • The number of bug bounty programs has increased, leading to more opportunities for earning money.
  • Quality work, innovation, and competition with other hackers are key elements for achieving success.
  • The speaker mentions two main programs that will be discussed further in the video.

New Section

In this section, the speaker talks about their experience in hacking and gives advice to beginners.

Top Three Non-Technical Tips

  • Patience is key in hacking, just like any other endeavor in life.
  • Consistency is crucial. Dedicate regular time to learning and practicing hacking skills.
  • Find someone who can push you and serve as an accountability buddy or a learning partner.

Top Three Technical Tips

  • Learn the basics of networking, DNS, and web servers to understand how things work behind the scenes.
  • Understand vulnerabilities at their core, not just how to exploit them but why they work on the server or application side.
  • Develop a hacker mentality by thinking outside the box and finding loopholes in systems.

Hacking Mindset

  • Hacking is not limited to technical skills. It's about having a mindset of exploring and finding creative solutions.
  • Apply the hacker mentality to various aspects of life, such as finding loopholes or unconventional approaches.

Learning Hacking Skills

  • Instead of focusing solely on learning to hack, focus on hacking to learn. The process of hacking helps deepen understanding and knowledge.

Understanding How Maps and Attachments Work

In this section, the speaker emphasizes the importance of learning how maps work in programming and hacking. They also discuss the significance of attachments as tools in these processes.

Importance of Hands-On Learning

  • It is crucial to actively engage in practical learning rather than just consuming content.
  • Watching videos and tutorials alone will not enable one to effectively hack or program.
  • The key is to jump in, overcome self-doubt, and start applying the concepts learned.

Practice Makes Perfect

  • Just like riding a bicycle, reading about it or watching videos won't make you proficient until you actually do it.
  • Consistent practice and effort are essential for improvement.
  • Whether it's technical skills or any other aspect of life, practice leads to mastery.

Building Consistency

  • Consistency is vital for progress. Small but consistent improvements can lead to significant results over time.
  • Developing a habit of regular practice strengthens your skills and knowledge.
  • The book "Atomic Habits" highlights the power of consistent 1% increases in achieving success.

Overcoming Challenges

  • Hacking requires effort and time investment, especially for individuals with more responsibilities like jobs and families.
  • However, younger individuals have an advantage due to having more free time and fewer responsibilities.
  • Investing time in learning hacking skills can lead to job opportunities, particularly for teenagers or those in their early 20s.

Bug Bounty Platforms and Recommended Resources

In this section, the speaker discusses three recommended resources for learning bug bounty hunting. These platforms provide valuable knowledge on hacking techniques and vulnerabilities.

Learning Resources

  1. PicoCTF:
  • A well-known platform that teaches hacking techniques through challenges and puzzles.
  • Covers various aspects such as website behavior when typing in the address bar.
  1. Websec Academy by PortSwigger:
  • Offers written content and possibly videos to learn the basics of vulnerabilities.
  • Provides labs where learners can practice exploiting specific bugs.
  1. Bug Bounty Programs:
  • Participating in bug bounty programs allows individuals to apply their knowledge and skills in real-world scenarios.
  • These programs offer opportunities to discover vulnerabilities and earn rewards.

The transcript does not provide information about specific bug bounty platforms or competition against other hackers.

New Section

In this section, the speaker discusses bug bounty programs and how they can help individuals learn hacking skills and potentially earn money.

Bug Bounty Programs

  • Bug bounty programs offer points for finding flags in their systems.
  • Accumulating enough points can lead to an invitation to a private bug bounty program on the platform.
  • The speaker recommends three bug bounty platforms: HackerOne, Bugcrowd, and Intigriti/Synack (for European users).
  • It is advised to focus on one primary platform and have a secondary one for backup.
  • Loyalty to a platform can result in more invitations and perks.

New Section

This section focuses on starting out in bug bounties and the importance of participating in non-paid programs initially.

Starting Out in Bug Bounties

  • Competing against experienced hackers when targeting big companies may be challenging for beginners.
  • The speaker suggests participating in Vulnerability Disclosure Programs (VDPs) as a starting point.
  • VDPs allow reporting vulnerabilities without monetary rewards but provide opportunities to showcase skills.
  • By hacking on VDPs, individuals can gain experience, build their profile, and develop their own methodology for finding vulnerabilities.

New Section

This section emphasizes the impact of crashing a bug bounty program and using it as leverage to gain attention from other platforms.

Crashing a Bug Bounty Program

  • Crashing just one bug bounty program can lead to significant earnings (e.g., $4,000-$6,000) and attract attention from other platforms.
  • Building momentum through successful exploits increases chances of receiving more invitations.
  • Demonstrating experience through bug bounties can open doors for job opportunities even without prior professional experience.

New Section

This section highlights the benefits of bug bounty programs in showcasing skills and gaining experience.

Showcasing Skills and Gaining Experience

  • Bug bounty programs serve different purposes for individuals, such as learning, earning money, or building a track record.
  • Participating in bug bounties allows individuals to demonstrate their capabilities and develop their own methodologies.
  • By focusing on one program and consistently delivering successful exploits, individuals can establish themselves as reliable hackers.

The transcript is already in English.

Getting Your First Job in Tech through Bug Bounty

The speaker shares their experience of getting their first job in tech through bug bounty programs. They emphasize the value of finding vulnerabilities and putting them on their resume.

  • By finding vulnerabilities, whether it was in Yahoo or other companies, the speaker was able to put them on their resume and secure their first job in tech.
  • Listing the number of cross-site scripting vulnerabilities found, along with confirmation from reputable companies, helped the speaker gain credibility and credentials for a job in the industry.

Goals and Opportunities in Bug Bounty

The speaker discusses how bug bounty programs can serve different goals and provide various opportunities depending on individual aspirations.

  • Bug bounty programs can be pursued with different goals in mind. If the goal is to get a job, finding vulnerabilities and showcasing them on a resume can be beneficial.
  • However, bug bounty programs also offer an opportunity to gain real-world experience and understanding beyond just securing a job.
  • The speaker highlights that bug bounty programs are particularly valuable for young individuals or those transitioning from other industries as they provide practical experience that stands out on a resume.

Benefits of Bug Bounty Programs for Young Individuals

The speaker emphasizes the advantages of bug bounty programs for young individuals, such as gaining financial independence at an early age and having impressive achievements for future endeavors.

  • Bug bounty programs offer unique benefits to young individuals who may not have extensive work experience. For example, earning significant amounts of money at a young age can cover college expenses or personal investments.
  • By engaging in bug bounties at a young age, individuals can accumulate impressive achievements that set them apart from their peers when applying for jobs or further education.
  • The speaker shares an anecdote about someone who bought their first laptop using earnings from hacking on their iPad or Android device.

Financial Opportunities in Bug Bounty Programs

The speaker discusses the financial opportunities that bug bounty programs can provide, highlighting the potential to earn substantial amounts of money at a young age.

  • Engaging in bug bounty programs can lead to significant financial gains. The speaker mentions an example of someone making $15,000 over the summer at the age of 17, which surpasses what most teenagers would earn from regular jobs in a year.
  • Bug bounty earnings can cover various expenses such as college tuition, purchasing a car, or funding vacations.
  • Additionally, bug bounty programs allow individuals to pursue their passion and enjoy their work rather than being limited to traditional jobs they may not find fulfilling.

Minimal Requirements for Bug Bounty Programs

The speaker highlights the minimal requirements needed to participate in bug bounty programs, emphasizing that all one needs is a laptop and a Wi-Fi connection.

  • Engaging in bug bounty programs has low barriers to entry. All that is required is a laptop and access to Wi-Fi.
  • The speaker humorously adds that having coffee or tea is optional but not necessary for participating in bug bounties.
  • This accessibility makes bug bounty programs inclusive and allows individuals with limited resources to get involved.

Starting with Limited Resources

The speaker shares stories of individuals who started with limited resources but managed to make money through bug bounties by leveraging their passion for web hacking.

  • Individuals have successfully started their journey into bug bounties using devices like iPads or Android phones before acquiring laptops.
  • By approaching bug bounties with a mindset focused on learning and improving web hacking skills rather than solely chasing monetary rewards, individuals can achieve significant returns on investment.
  • Passion for web hacking drives long-term success and enjoyment in the bug bounty field compared to solely pursuing quick financial gains.

Long-Term Success and Enjoyment in Bug Bounty Programs

The speaker emphasizes that long-term success and enjoyment in bug bounty programs come from a genuine passion for web hacking rather than solely focusing on monetary rewards.

  • The speaker advises against approaching bug bounties with a mindset of overnight success or quick money, as it is not sustainable.
  • Genuine passion for web hacking leads to long-term success and a more enjoyable experience compared to pursuing bug bounties solely for financial gain.
  • The speaker highlights the importance of finding joy in the process of learning and becoming better at web hacking.

Recommended YouTube Channels for Bug Bounty

The speaker recommends several YouTube channels that provide valuable content related to bug bounty programs.

  • InsiderPhD (Katie) offers beginner-friendly content and has gained expertise through mentorship programs.
  • Farah Hawa, previously working at Bugcrowd and now employed by Facebook, creates informative content about bug bounties.
  • Stok's channel provides great content, although he is currently taking a break from creating new videos.
  • Bug Bounty PhD focuses specifically on bug bounties and offers valuable insights into the field.
  • Other notable channels mentioned include John Hammond, Jacoby, HackerSploit, and Bug Bounty Explained by Greg.

Additional YouTube Channels for Hacking Content

The speaker mentions other YouTube channels that focus on hacking beyond just bug bounty programs.

  • In addition to bug bounty-related channels, there are numerous other channels dedicated to hacking topics such as John Hammond, Jacoby, and HackerSploit.
  • While not extensively discussed in this transcript, these channels offer valuable resources for individuals interested in broader aspects of hacking.

Encouragement to Support Content Creators

The speaker encourages viewers to support content creators by sharing their favorite channels and showing appreciation for the valuable content they produce.

  • The speaker acknowledges that there are many new content creators in the field, and it is impossible to mention all of them.
  • Viewers are encouraged to leave comments below the video, mentioning their favorite content creators and expressing gratitude for their contributions.
  • This support helps content creators thrive and continue producing amazing content for the community.

Recommended Books for Getting Started

The speaker suggests a book titled "The Hacking APIs" as a valuable resource for learning how to hack APIs.

  • Among the books recommended by the speaker, "The Hacking APIs" is highlighted as an excellent choice for those interested in learning about API hacking.
  • While not explicitly mentioned in this transcript, there may be additional book recommendations provided in the video.

New Section

In this section, the speaker recommends three books for bug bounty hunters and mentions No Starch as a good publisher.

Top 3 Bug Bounty Books

  • No Starch is recommended for bug bounty books.
  • The speaker suggests "Web Hacking 101" by Peter Yaworski as a comprehensive book covering the basics and tools like Burp Suite.
  • Other good books from No Starch are mentioned but not specified.

New Section

In this section, the speaker discusses three categories of technologies that are important for bug bounty hunters.

Top 3 Technologies

  • Learning scripting is essential to automate work and improve efficiency. Bash scripting is recommended, but Python is even better for a deeper understanding of how things work.
  • Understanding web programming, such as building a website using WordPress, helps in learning Linux basics and gaining knowledge about how everything works.
  • Familiarity with JavaScript is beneficial to understand request creation, variables, and code analysis. It's not necessary to become a full-stack developer but rather to gain insights into how JavaScript functions in hacking scenarios.

New Section

In this section, the speaker talks about his YouTube channel and its purpose.

Purpose of the YouTube Channel

  • The speaker recently discovered his "why" behind his YouTube channel: to help people change their lives through hacking, whether it's bug bounties or cybersecurity careers. He aims to assist viewers in finding their first valid vulnerability or successful submission in pentesting or CTFs.
  • The goal is to guide people towards their first bug bounty and empower them to transform their lives.

New Section

In this section, the speaker shares where people can find him on social media platforms.

Social Media Presence

  • The speaker streams regularly on Twitch, primarily on Sundays, Mondays, and Tuesdays, where he interviews and performs live hacking sessions. On YouTube, he posts weekly content every Monday. He also has accounts on Twitter and Instagram for additional updates and personal insights.
  • For those interested in learning about hacking, the speaker recommends YouTube and Twitch as the best platforms to follow him.

New Section

In this section, the interviewer expresses admiration for the speaker's channel growth and encourages viewers to support him.

Support for the Channel

  • The interviewer commends the speaker's progress on various social media platforms like Instagram, Twitter, and YouTube. They encourage viewers to show support by subscribing to his channel and helping him reach 100K subscribers or even a million in the future.
  • The speaker expresses gratitude for any support received from reaching milestones like a hundred thousand subscribers or earning a hundred thousand dollars through hacking endeavors.
Playlists: Cybersecurity
Video description

He made $100K in 2 months from Bug Bounty! Learn from one of the best! Big thanks to Brilliant for sponsoring this video! Get started with a free 30 day trial and 20% discount: https://brilliant.org/DavidBombal Ben (Nahamsec) hacks platforms legally and with their permission! He gives us his top 3 Bug Bounty tips for 2023. // Websites recommended by Ben // * https://hackerone.com * https://www.bugcrowd.com/ * https://picoctf.org/ * https://portswigger.net/web-security * https://www.intigriti.com/ * https://www.hacker101.com/ * https://www.synack.com/ // Ben’s Social // Twitch: https://www.twitch.tv/nahamsec YouTube: https://www.youtube.com/c/nahamsec Github: https://github.com/nahamsec Instagram: https://www.instagram.com/nahamsec Twitter: https://twitter.com/NahamSec Website: https://nahamsec.com/ // Videos mentioned // Ben's $100K video: https://youtu.be/TKIEXwOcbfc Kali Linux Nethunter Android Install in 5 minutes (Rootless): https://youtu.be/KxOGyuGq0Ts // Youtube channels recommended by Ben// @InsiderPHD: https://www.youtube.com/@InsiderPhD @FarahHawa: https://www.youtube.com/@FarahHawa @STOKFredrik: https://www.youtube.com/@STOKfredrik @phd_security: https://www.youtube.com/@phd_security @_JohnHammond: https://www.youtube.com/@_JohnHammond @IamJakoby: https://www.youtube.com/@IamJakoby @HackerSploit: https://www.youtube.com/@HackerSploit @BugBountyReportsExplained: https://www.youtube.com/@BugBountyReportsExplained // Recommended Books // Atomic Habits by James Clear: https://amzn.to/46D8yDE Hacking API’s by Corey J. Ball: https://amzn.to/3NRTafh Bug Bounty Bootcamp by Vickie Li: https://amzn.to/3JAPZWS The Web Application Hacker’s Handbook 2 by Daffyd Stuttard and Marcus Pinto: https://amzn.to/3XvNmLp // MENU // 00:00 - Coming up 01:00 - Brilliant sponsored segment 02:31 - Making $100K in 2 months with bug bounty 04:43 - Top 3 tips for starting with bug bounty 06:15 - Top 3 technical tips for bug bounty 08:10 - "Don't learn to hack, hack to learn" // Consistency is key 11:32 - Top 3 free learning platforms for bug bounty 12:47 - Top 3 bug bounty platforms 15:08 - Vulnerability Disclosure Programs // How VDPs can open doors to opportunities 19:55 - Top 3 recommended YouTube channels 21:27 - Top 3 recommended books 22:17 - Top 3 technologies to understand 23:45 - Helping others // Twitch, YouTube & Twitter 25:35 - Conclusion // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com xss cross site scripting portswigger ajax jscript javascript xss attack penetration testing ethical hacking bug bounty Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #xss #hack #javascript