How to get experience with no experience? Have a look at bug bounty programs. Vickie Li demos Insecure Direct Object References (IDOR) and tells us how to get into bug bounty. We also discuss why her book Bug Bounty Bootcamp is a fantastic book to buy if you want to get into bug bounty. Get real world experience today.
// MENU //
00:00 – In plain text!
00:24 – Introducing//Vickie Li
00:58 – Part 1//The Interview
01:01 – Origin//Bug Bounty Bootcamp
03:37 – What are Bug Bounty Programmes?
05:26 – Part Time Bug Hunting?
05:44 – Easy Way to Get Experience
07:45 – Which Bug Bounty Programmes for Beginners?
10:51 – Beginners//Don’t Compete with Pros
13:15 – Duplicates as Valid Experience
14:23 – What You Need to Start
14:59 – Linux//Do You Need It?
15:55 – Automate!//Which Programming Language?
18:03 – Beginner Friendly Vulnerabilities
21:17 – Part 2//Exploiting IDOR Vulnerability Demo
21:24 – What is IDOR?
22:51 – PortSwigger IDOR Lab
24:05 – Live Chat IDOR
24:48 – View transcript
25:12 – Burp Suite Intercept
26:05 – What to Look For//IDs Aren’t Always Obvious
26:56 – Burp Suite//Looking Through Headers
27:56 – Burp Suite//Repeater
28:30 – Testing View Transcript Again
29:18 – GET Request//Identifying Exploitable Endpoint
30:26 – Modifying GET Request
31:35 – Finding the right headers to modify
33:47 – Why the first attempt didn’t work
34:09 – IRL//What You Would Do
34:23 – Password in Live Chat Transcript
35:40 – How to Prevent IDORs
36:01 – IDORs//Worth Pursuing?
39:57 – Bug Bounties//How to Start
41:21 – Learn More!//Vickie’s Blog
41:38 – Follow Vickie’s Twitter!
41:52 – Thank You & Closing
// Books //
Bug Bounty Bootcamp: https://amzn.to/3K2YDeJ
The Web Application Hacker’s Handbook: https://amzn.to/3IZ2RTr
Hacking API’s by Corey J Ball: https://amzn.to/3JOJG0E
Alice and Bob learn application security by Tanya Janca: https://amzn.to/3oMyMij
Automate the boring stuff with Python: https://amzn.to/3N2QuYu
// Videos mentioned //
Nahamsec: https://youtu.be/9vaEwycet90
Corey Ball: https://youtu.be/CkVvB5woQRM
Tanya Janca: https://youtu.be/nyhytT2tRN0
Al Sweigart: https://youtu.be/7iBqoc-DzTQ
// Vickie’s social media //
Twitter: https://twitter.com/vickieli7
Website: https://vickieli.dev/
YouTube: https://www.youtube.com/channel/UCjQHiY2JeOkBamHSg_6UeFw
Medium: https://vickieli.medium.com/
// Connect with David //
Discord: https://discord.com/invite/usKSyzb
Twitter: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/davidbombal
// Platforms mentioned //
HackerOne: https://www.hackerone.com/
bugcrowd: https://www.bugcrowd.com/
Intigriti: https://www.intigriti.com/
Huntr: https://huntr.dev/
// Connect with Nahamsec //
Twitter: https://twitter.com/nahamsec
YouTube: https://www.youtube.com/c/nahamsec
Github: https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
Discord: https://discord.com/invite/ysndAm8
Instagram: https://www.instagram.com/nahamsec/
LinkedIn: https://www.linkedin.com/in/nahamsec/
Twitch: https://www.twitch.tv/nahamsec
Website: https://nahamsec.com/
// MY STUFF //
Monitor: https://amzn.to/3yyF74Y
More stuff: https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
bug
bugs
bug bounty
hackerone
intigriti
bugcrowd
bugbounty
hacking
cyber
security
bug bounties
ethical hacking
bug bounty hunting
burp suite
ethical hacker
pentest certificate
red teaming
bug bounty tips
bug bounty for beginners
bug bounty course
pentest basics
bugcrowd
bugbounty
hack
bugs
python
linux
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#python #hack #xss
source
How to get experience with no experience? Have a look at bug bounty programs. Vickie Lee demos Insecure Direct Object References and tells us how to get into bug bounty. We also discuss why her book Bug Bounty Bootcamp is a fantastic book to buy if you want to get into bug bounty. Get real world experience today.
// MENU //
00:00 – In plain text!
00:24 – Introducing//Vickie Li
00:58 – Part 1//The Interview
01:01 – Origin//Bug Bounty Bootcamp
03:37 – What are Bug Bounty Programmes?
05:26 – Part Time Bug Hunting?
05:44 – Easy Way to Get Experience
07:45 – Which Bug Bounty Programmes for Beginners?
10:51 – Beginners//Don't Compete with Pros
13:15 – Duplicates as Valid Experience
14:23 – What You Need to Start
14:59 – Linux//Do You Need It?
15:55 – Automate!//Which Programming Language?
18:03 – Beginner Friendly Vulnerabilities
21:17 – Part 2//Exploiting IDOR Vulnerability Demo
21:24 – What is IDOR?
22:51 – PortSwigger IDOR Lab
24:05 – Live Chat IDOR
24:48 – View transcript
25:12 – Burp Suite Intercept
26:05 – What to Look For//IDs Aren't Always Obvious
26:56 – Burp Suite//Looking Through Headers
27:56 – Burp Suite//Repeater
28:30 – Testing View Transcript Again
29:18 – GET Request//Identifying Exploitable Endpoint
30:26 – Modifying GET Request
31:35 – Finding the right headers to modify
33:47 – Why the first attempt didn't work
34:09 – IRL//What You Would Do
34:23 – Password in Live Chat Transcript
35:40 – How to Prevent IDORs
36:01 – IDORs//Worth Pursuing?
39:57 – Bug Bounties//How to Start
41:21 – Learn More!//Vickie's Blog
41:38 – Follow Vickie's Twitter!
41:52 – Thank You & Closing
// Books //
Bug Bounty Bootcamp: https://amzn.to/3K2YDeJ
The Web Application Hacker's Handbook: https://amzn.to/3IZ2RTr
Hacking API’s by Corey J Ball: https://amzn.to/3JOJG0E
Alice and Bob learn application security by Tanya Janca: https://amzn.to/3oMyMij
Automate the boring stuff with Python: https://amzn.to/3N2QuYu
// Videos mentioned //
Nahamsec: https://youtu.be/9vaEwycet90
Corey Ball: https://youtu.be/CkVvB5woQRM
Tanya Janca: https://youtu.be/nyhytT2tRN0
Al Sweigart: https://youtu.be/7iBqoc-DzTQ
// Vickie's social media //
Twitter: https://twitter.com/vickieli7
Website: https://vickieli.dev/
YouTube: https://www.youtube.com/channel/UCjQHiY2JeOkBamHSg_6UeFw
Medium: https://vickieli.medium.com/
// Connect with David //
Discord: https://discord.com/invite/usKSyzb
Twitter: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/davidbombal
// Platforms mentioned //
HackerOne: https://www.hackerone.com/
bugcrowd: https://www.bugcrowd.com/
Intigriti: https://www.intigriti.com/
Huntr: https://huntr.dev/
// Connect with Nahamsec //
Twitter: https://twitter.com/nahamsec
YouTube: https://www.youtube.com/c/nahamsec
Github: https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
Discord: https://discord.com/invite/ysndAm8
Instagram: https://www.instagram.com/nahamsec/
LinkedIn: https://www.linkedin.com/in/nahamsec/
Twitch: https://www.twitch.tv/nahamsec
Website: https://nahamsec.com/
// MY STUFF //
Monitor: https://amzn.to/3yyF74Y
More stuff: https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
I'm crushing on her😍, she is soon intelligent and wise. Wonderful content, learned a ton🔥💖
Thank you Vickie and David.
How does it with asking permission to hack them? if you dont ask firs they can sue you
Thank you David and Vickie for this great video, it was informative and fun to watch.
Thank you man for sharing this stuff
This guy, David, really man, i mean seriously this guy earns from youtube by just posting his video calls with some guys in his field 😂😂
Thanks you for this David.
You really good at explaining thank you
Very Informative, helpful and Educational video! Thx for the tutorial man!
thank you for sharing this with us!!!
Viki li is a very great person. I love her book . Her book was amazing and very informative. Thanks david sir for taking interview of vikili . This video is very amazing.
❤❤❤❤❤❤👍👍👍👍👍
I loved that ‘must be under 25 years old…. must have 35 years experience’ if that’s not the truth in absolutely every field. It’s quite ridiculous people with true passion and motivation are just thrown out to the curb. Your channel is a gold mine spewing with knowledge, thank you for helping everyone grow David!
A great guest .. very valuable 👌 thank you to you both
Great talk and something would love to work on. Currently doing Hack The Box and will have to read your book for sure.
David, I think, the wrong name was put into description — Vickie Lee instead of Vickie LI
I am 30+ years old and I have decided to learn bug bounty.
I only know networking,os and a little bit of web development.
Don't know if I will succeed or not.
Trying my best.
Hi David, Just curious, is there any e-book for this?
I will check out her book!
Thanks David Bombal
I love all of this. It's a bug in my cellphone that keeps deepfakeing me as if I work for the FBI. So I can be murder on the eastern Shore VA. But I'm going to figure this out and alleviate this bug.
thank you m8! big 'preciation!
image/pdf exploit rat tool one video plz sir
Hey David I was thinking that you create a video in which you broadcast a open Wi-Fi and then hack clients it will be awesome
Amazing Video David… Your guests are the best! Being a Vickie Li follower, I was extremely excited to view this. Thank you once again.. This channel just gets better after every post!!
We thank you very much for these videos David, you really inspires us to keeping on learning and see the side of real world of what we are learning.
Open soft soft and press F1 and you’ll never be a noob again
Okay, okay yes, I get tNice tutorials and I get that-
Can you introduce resources for developers who want to become better web dev? My main focus is Javascript and python and Stanford have a good course about Security in Javascript and Node…looking for similar source to avoid writing insecure code or have checklist. I know 100% security is not possible however I look to learn to avoid 80% mistakes that could be avoided by putting resealable amount of time. (100-200 hours of studying).
nice video
Thanks for the video!!
Hey David, I have a question, If I want to get started with ethical hacking(probably not as a career) I think I will need to start with absolute basics of cyber security first but all the basic cyber security courses I saw on youtube mainly, were quiet old according to me and I am not also sure how to start with cyber secuirty as a hobby if I want to, so can you tell me a course or just a general road map or just how should I start with cyber security if I want to or what should I do. Thankyou.
Please a video on how is impossible to root some android devices and how nobody cares, example, I'm trying to root a zte device for a year and 1 month and I wroten much times to zte and they even if on the mail say "dear valued zte costumer" if you talk about root they use their eula as excuse, if you ask bootloader unlock code they tell you to wait and don't answer after and block your email. I tried also contacting unisoc with no response. Sad thing is that none is making new exploits for such old kernels (4.4.147). I'm really sad. And the unlock code would be a right, then they get hacked by lapsus, I wonder why…
🙂
Great interview and awesome advice 👏
So basic book most of attacks don't work IRL. Beginners rather take a glimpse on owasp testing guide and source code review and portswigger for rescue