Bug Bounty Changed My Life!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

I am on a mission to help you better your life and better yourself through hiking and I honestly think that bug bounties are just a great place to do that so regardless of what your outcome is or what your goals are whether you want to become a pen tester join a red team or just simply become a bug Bounty Hunter this video is for you and if you're wondering how bug bounties can do any of this for you will allow me to explain well I started doing bug Bounties in 2013 I was about 23 years old 24 years old and was still in college I was just about to graduate and honestly I was just tired of roaming the hallways and going to these courses that I didn't care about I honestly didn't want to write any code in Java because that's exactly what my school did everything was around Java learning how to code in Java creating games on mobile phones and honestly nothing that really piqued my interest in if I'm being honest a lot of the info stick content or cyber security content that my school offered wouldn't really up up to date or anything that really was not something I could learn on my own or haven't done so already when I was going to college and deep down as a kid I always enjoyed breaking things and I've also dabbled in hacking a little bit I used to hack my friends in school just for fun and play pranks on them and I really wanted to get back into doing that and eventually I learned about companies like Yahoo Facebook and Google that were doing bug bounties before any of these platforms like barcrowd hacker one synag Integrity were a thing so when I heard about these opportunities that you can make money by hacking organizations I really wanted to get involved and I started to create my Twitter account so if you go look at it you will see sometimes either early 2014 or late 2013 is when I joined Twitter and you can see that I was really into reading write-ups from people like Mark Litchfield looking at zigo who played a peuge role in my back body hunting in the earlier days and also looking at the detectify blogs that were written by Franz Rosen and a couple of his friends when they were just doing bug bounties for fun for research and to make some money and create a product of some sort so you can see that at this time there was a few bug bounty hunters around already doing the things that I wanted to do and they really give me the inspiration and motivation to want to get into bug bounty hunting I mentioned zigo when I told him that his Yahoo RC actually was a big inspiration for me to want to hack on Yahoo's bug Bounty program and being able to find the same exact vulnerability as him which was a remote command execution on Yahoo was the thing that got me motivated and gave me the drive to want to get into bug bounty hunting and hacking just reading these write-ups reading from zigoo Reading from detectify Mark Litchfield it really gave me the motivation to want to hack anything and everything that I could obviously in the ethical way and legal way but it didn't matter what it was whether it was a bug Bounty program like Yahoo's program or with some random one disclosure program some company that just spun up on hacker one that gave me the opportunity to be able to just hack and just sharpen up my skills but the thing that really helped me with these bug bonding programs and these disclosure programs was that it allowed me to have a resume prior to doing bug bounties my resume didn't have a whole lot on it all I had done up to this point was being College go out and really not any professional or cyber security background but doing bug bounties really allowed me to create a resume by putting all this vulnerabilities that I found and quoting these companies and saying hey I found a process scripting in this following programs or these following companies and placing them all onto my resume which eventually scored me my first job as an opsec engineer at Hulu and honestly if it wasn't for bug boundaries and one disclosure programs a I would have never had the connection to Hulu and B I would have never had this job because I wouldn't have a resume that showed off my skills and so on and to be honest throughout the process I was able to make some money I made some money that paid for my school I made somebody that helped me go through vacation and pay for some of my debt buy my first score and honestly first car was a beautiful thing because in about March of 2014 I received a 9 000 Bounty it was three three thousand dollar bounties for SQL injections on Yahoo if you look them up they're probably published by now on the hacker one activity from 9 10 years ago but that 9 000 is what really got the gears moving in my head because I had this cash at hand and I had the opportunity to go and purchase this car but then I was like what else can I do with this money and this is all before the job any of that is my first year so it really got the gears moving in my head and going what else can I do if I take this opportunity seriously and I go and chase this dream of wanting to do hiking and hacking organizations for Fun and Profit whatever you want to call it and I tell you all of this because I want you to understand that 10 years ago I wasn't this motivated I wasn't this organized or driven to want to do better for myself but bug Bounty is really allowed me to make these changes and before you drop me a comment and say hey I know there are more hackers now but it's not as easy as more competition also think about that there are more programs and way more resources on web hacking and Bug bounty hunting than ever than even 10 years ago when I was getting started so when I was doing bug bounty hunting and I was just getting started 10 years ago a lot of the stuff that I was hacking on was dvwa metal exploitable and there wasn't really a hack the box or pen tester lab try hack me all these different platforms to go and learn on or even a Haku 101 platform that got you invited to this program so everything was just Word of Mouth asking other hackers how they did their work and just learning things on your own and I'm not trying to say it was easy obviously not to make some adjustments for example if they give up going out and partying with my friends I couldn't play Call of Duty 5 or 6 times a week and it was just time for me to invest in myself by learning something that a could potentially earn me a job but also pay me and put me through college and make me want to just do better for myself so my first vulnerability took me about three months I started in late October I want to save 2013 and and early 2014 is when I got my first Bounty and I honestly think three to six months is a right and good spot to set as a goal to say hey I want to find my first valuable vulnerability in this time frame so what I need you to do for the next three to six months is that I really need you to log in and set a schedule and build that muscle to want to hack and I talk about the building muscle and the habit of hacking in a bit but I really need you to lock in and start investing in yourself and making some changes and making adjustments and giving things up that are not doing you any good and instead investing in yourself with a goal of either scoring your first Bounty getting a few vulnerabilities in for a resume or even scoring your first job so if you're in and you've made it this far into the video do me a favor drop me a comment and say I'm logged in I'm in and I'm going to walk you through what we should do next in case you want to follow my advice earlier I talked about video games and honestly I think hacking is kind of similar to video games and if you think about it when you first start a video game or if you've never played a video game on a PC or a console player and you switch over you need to adjust to some changes well the first thing you need to do is you need to get better at understanding how the game works understanding what are the different strategies for example what are the different Corners people can be preparing Call of Duty uh what are the different key bindings and all of that and hacking isn't any different you have to start practicing understanding how these vulnerabilities work and honestly at some point you have to stop learning to hack and finally start hacking to learn more and more to build a methodology to find vulnerabilities and understand how to approach a real world application so I say all of that to tell you just like anything else in life including video games if you want to get better at something you have to practice you have to put in the time you have to keep on going back to the game whether it's hacking or actual video game and make the time and effort to be able to get better so if you want to do this you want to take my advice here's what I need you to do I need you to sit down and make a list of all the things that you do daily obviously you have your eight hours of sleep you need if you're going to school and you're going to work there's about six to eight hours if you're working from home I'm sure you have more free time than most others do I'm not saying that your job isn't as important but I'm just saying that you are at home you don't have to commute you're not getting stuck in traffic you can do things at your table or at your desk whether it's healthy or not but you just have more time and you didn't make a list of everything you do every day so a big one for me was video game I realized that I was playing video games from six to nine every day I scale that down to once or twice a week maybe on their weekends just as a break because I have more time on their weekends and then cutting out on how much I was going out how much I was drinking how much I was partying with my friends and going out to dinner and that kind of stuff so those are the things that it's nice to have and I'm not saying you should give up your social life but when you're doing them on a daily basis if you're playing video games three times a week seven days a week that's 20 hours 21 hours but you could be investing in yourself and doing bug bounties and chasing your dreams so we need to do this first and understand what are some things that you can make room for and I'm not saying that you could do this like four five six hours a day I'm just trying to tell you you need to build a muscle that hacking becomes a second nature where when you see things and it makes your interest you want to poke at them or that you know between these hours when you're free it's the time that you're going to invest in yourself whether it's just learning things or hacking on a bug Bounty program or joining a community of people that can hack with you and help get there and the next thing I need you to do is to join a community whether you want to join my Discord I'll link that down below in the description or join any bug Hunters Discord there's a bunch of them out there just join a Discord and within those communities what I need you to do is reach out to someone that seems interesting to you or has similar goals to you and just message them and say hey I notice you're doing something similar to me I want to also find my first book maybe we can become accountability buddies or just hack together and learn from each other and honestly having someone to hack with really helps you learn from each other but also understand how they approach things and then it also makes it less boring and lonely because that's also the reality of it that being behind a computer alone is could get very lonely and honestly having someone to do it with it's a lot more fun and last but not least this is the most important one decide what kind of program you want to hack on honestly if you go to a bug Bounty program well you're gonna make some money but there is more competition there versus if you go to your own disclosure program there's less competition so you can hack on any of these programs right here and honestly if you do that it's going to be easy to find your first vulnerability and finding your first vulnerability is going to allow you to get into the invite algorithm for either bug crowd or hacker one where they will invite you to private programs and it just helps you go into that invite algo more and more and allows you to get exclusive private programs to hack on that could open up the door for you to make some more money and to be real with you it only takes one program whether it's a VDP or a paid program to help you get into the algorithm and if you find a program that pays you it's going to build momentum it's going to push you to the next level of your hunting that's all I have for this video I think this is a great place for us to stop drop me a comment let me know are you in are you going to do this with us and if you are what their score you're going to join what program are you going to hack on and maybe in the comments you can find somewhere to collaborate with and team up and hack with each other alright that's it if you haven't already hit that subscribe button and make sure you turn on the notification Bell this way you get notified every Monday when I drop a new video and draw drop me a comment who knows you may find somebody to collaborate with down in the comments let me know are you going to start hacking or is this something that you want to hear more about and what kind of other content you want me to make in the future alright that's it I'll see you all in the next video peace foreign

Info

Channel: NahamSec

Views: 24,156

Rating: undefined out of 5

Keywords:

Id: Rvz8cIilxfI

Channel Id: undefined

Length: 11min 52sec (712 seconds)

Published: Mon May 15 2023