- Видео 204
- Просмотров 1 706 403
Bug Bounty Reports Explained
Польша
Добавлен 14 апр 2020
My name is Grzegorz Niedziela. I'm a hacker who documents his journey by creating and curating the best content for you in the form of videos and the newsletter. On this channel, you can find videos with detailed explanations of interesting bug bounty reports. If possible, bug bounty poc is also presented on the video.
You can approach me if you want to promote your brand across thousands of cybersecurity professionals.
You can approach me if you want to promote your brand across thousands of cybersecurity professionals.
Finding criticals in mobile apps - Joel Margolis (0xteknogeek) from @criticalthinkingpodcast
📧 Subscribe to BBRE Premium: bbre.dev/premium
✉️ Sign up for the mailing list: bbre.dev/nl
📣 Follow me on Twitter: bbre.dev/tw
📣 Follow Joel on Twitter: x.com/0xteknogeek
In this interview, we're talking with Joel about bug bounty hunting on mobile apps, about being a program manager, about Live Hacking Events and more.
BBRD podcast is also available on most popular podcast platforms:
open.spotify.com/show/6tLoJ5foOoZPPELwrHPBO4
music.ruclips.net/p/PLvxs_epf2X91Dn3pWeRxPQSV6SWvWqDE3
podcasts.apple.com/us/podcast/bug-bounty-reports-discussed/id1583400215?uo=4
Links mentioned during the interview:
www.timeshifter.com
codeshare.frida.re/@teknogeek/android-universal-ssl-unpin/
gitlab.com/newbit/rootAVD
g...
✉️ Sign up for the mailing list: bbre.dev/nl
📣 Follow me on Twitter: bbre.dev/tw
📣 Follow Joel on Twitter: x.com/0xteknogeek
In this interview, we're talking with Joel about bug bounty hunting on mobile apps, about being a program manager, about Live Hacking Events and more.
BBRD podcast is also available on most popular podcast platforms:
open.spotify.com/show/6tLoJ5foOoZPPELwrHPBO4
music.ruclips.net/p/PLvxs_epf2X91Dn3pWeRxPQSV6SWvWqDE3
podcasts.apple.com/us/podcast/bug-bounty-reports-discussed/id1583400215?uo=4
Links mentioned during the interview:
www.timeshifter.com
codeshare.frida.re/@teknogeek/android-universal-ssl-unpin/
gitlab.com/newbit/rootAVD
g...
Просмотров: 4 079
Видео
The secret to finding many Criticals - Alex Chapman
Просмотров 7 тыс.Месяц назад
📧 Subscribe to BBRE Premium: bbre.dev/premium ✉️ Sign up for the mailing list: bbre.dev/nl 📣 Follow me on Twitter: bbre.dev/tw 📣 Follow Alex on Twitter: x.com/ajxchapman In this episode I'm interviewing Alex Chapman - a full-time bug bounty hunter known for finding many high-impact bugs and very little medium and low-impact ones. BBRD podcast is also available on most popular podcast platforms:...
$25k GitHub account takeover & justCTF 2023 CSRF+XSS writeup
Просмотров 4,3 тыс.Месяц назад
💻 Challenge yourself in 2024 justCTF online teaser: 2024.justctf.team Sponsored by: HexRays - get 20% off for IDA pro training sessions with exclusive code BBRE20: bbre.dev/hexrays Trail of Bits: cutt.ly/veucZatb OtterSec: cutt.ly/leucL7cz SECFORCE: cutt.ly/5eoKRyNL 📧 Subscribe to BBRE Premium: bbre.dev/premium ✉️ Sign up for the mailing list: bbre.dev/nl 📣 Follow me on Twitter: bbre.dev/tw Thi...
$203,000 bounties for 4 bugs in Azure Health Bot - 2x RCE, path traversal, memory leak
Просмотров 4,9 тыс.2 месяца назад
$203,000 bounties for 4 bugs in Azure Health Bot - 2x RCE, path traversal, memory leak
Request smuggling - do more than running tools! HTTP Request smuggling bug bounty case study
Просмотров 7 тыс.3 месяца назад
Request smuggling - do more than running tools! HTTP Request smuggling bug bounty case study
CSRF - how to find it in 2024? CSRF bug bounty case study
Просмотров 7 тыс.4 месяца назад
CSRF - how to find it in 2024? CSRF bug bounty case study
How I got into cybersecurity and bug bounty?
Просмотров 7 тыс.5 месяцев назад
How I got into cybersecurity and bug bounty?
Find more clients and improve in pentesting - Cristi Vlad
Просмотров 3,1 тыс.6 месяцев назад
Find more clients and improve in pentesting - Cristi Vlad
Where are all the RCEs? RCE case study
Просмотров 7 тыс.8 месяцев назад
Where are all the RCEs? RCE case study
Everything about full-time bug bounty - Justin “rhynorater” Gardner from @criticalthinkingpodcast
Просмотров 11 тыс.8 месяцев назад
Everything about full-time bug bounty - Justin “rhynorater” Gardner from @criticalthinkingpodcast
Bug bounty: year 2 - 0days, a $20k bounty and… laziness - bounty vlog #5
Просмотров 23 тыс.8 месяцев назад
Bug bounty: year 2 - 0days, a $20k bounty and… laziness - bounty vlog #5
What types of DoS bugs will get you a bounty? Case study of 138 DoS bug bounty reports
Просмотров 4 тыс.8 месяцев назад
What types of DoS bugs will get you a bounty? Case study of 138 DoS bug bounty reports
AI and hacking - opportunities and threats - Joseph “rez0” Thacker
Просмотров 3,9 тыс.9 месяцев назад
AI and hacking - opportunities and threats - Joseph “rez0” Thacker
My $20,000 S3 bug that leaked everyone’s attachments - S3 bucket misconfig of pre-signed URLs
Просмотров 23 тыс.10 месяцев назад
My $20,000 S3 bug that leaked everyone’s attachments - S3 bucket misconfig of pre-signed URLs
IDOR - how to predict an identifier? Bug bounty case study
Просмотров 14 тыс.10 месяцев назад
IDOR - how to predict an identifier? Bug bounty case study
From reporting self-XSSes to improving browser security mechanisms - Michał Bentkowski
Просмотров 3 тыс.10 месяцев назад
From reporting self-XSSes to improving browser security mechanisms - Michał Bentkowski
How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports
Просмотров 7 тыс.11 месяцев назад
How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports
The key to succeed in bug bounty - @NahamSec
Просмотров 13 тыс.Год назад
The key to succeed in bug bounty - @NahamSec
Road to Most Valuable Hacker and working while travelling the world - Yassine Aboukir
Просмотров 9 тыс.Год назад
Road to Most Valuable Hacker and working while travelling the world - Yassine Aboukir
How to do account takeover? Case study of 146 bug bounty reports
Просмотров 10 тыс.Год назад
How to do account takeover? Case study of 146 bug bounty reports
Security source code review expert - Shubham Shah
Просмотров 10 тыс.Год назад
Security source code review expert - Shubham Shah
How to turn a write-based path traversal into a critical? - Bug bounty case study
Просмотров 5 тыс.Год назад
How to turn a write-based path traversal into a critical? - Bug bounty case study
Inside the Mind of the TOP1 Facebook Bug Bounty Hunter - Youssef Sammouda - BBRD podcast #5
Просмотров 16 тыс.Год назад
Inside the Mind of the TOP1 Facebook Bug Bounty Hunter - Youssef Sammouda - BBRD podcast #5
CodeQL query to detect RCE via ZipSlip - $5,500 bounty from GitHub Security Lab
Просмотров 7 тыс.Год назад
CodeQL query to detect RCE via ZipSlip - $5,500 bounty from GitHub Security Lab
ZIION - Set up your web3 testing env with a few clicks
Просмотров 2,3 тыс.Год назад
ZIION - Set up your web3 testing env with a few clicks
Client-side path traversal vulnerability class explained - $6,580 GitLab bug bounty
Просмотров 8 тыс.Год назад
Client-side path traversal vulnerability class explained - $6,580 GitLab bug bounty
Bug bounty automation and scaling 0days - Michael Ness - BBRD podcast #4
Просмотров 7 тыс.Год назад
Bug bounty automation and scaling 0days - Michael Ness - BBRD podcast #4
$3,133.70 XSS in golang's net/html library - My first Google bug bounty
Просмотров 10 тыс.Год назад
$3,133.70 XSS in golang's net/html library - My first Google bug bounty
Bro the whole podcast was lit but you forgot to ask how to start Android bug hunting man. Could you do something and give the info at least here ? Please man. I would really appreciate that.
Clear explanation 👌
joel is such an inspiration
Great interview!!
is this working?
Of course it's fixed, otherwise wouldn't be on yt
Anyone got the link of frida code of this guy's ssl unpinning?
Yeah I have, it's in the description ;)
Thanks for the motivation! Time to get back to work and get things done I always wanted 🙏🏻
iOS is such a pain and trying to find good resources to learn iOS is a pain. I am still trying to find good iOS stuff.
Great content, cheers mate !!
I want to learn basic science behind every bug like xss what really does the bug do backend so any resources
pls
Portswigger academy, or if you really wanna learn then make your own website and try to hack it
@@mkveerendra backend in the sense of how browser engine handles stuff or how XSS works in general
@@patrickjason4384 like from beginning to ending after i entered the payload what happened internally everything like how browser handles it and deep sir
@@patrickjason4384 and not only css any hacking tricks how this they really work at backend. Pls any resources
I think u the first who talk about android apps in ytb , thanks for effort
Thank you for listening to this episode! If you enjoyed it, please leave a like to help the YT algorithm spread it around🔥
That moneybar is sick🙊
:)
Impact and PoC / Exploit is more important
Please make a full video about this. How to decrypt this kind of payload and intercept it in Burp. Do we need to write a custom Burp for this?
6:43 is this image from Morocco ?
It's Santorini, Greece ;)
What a beautiful man! So much positive vibes, I feel so better seeing him talk!
Thank you so much man
Informative one 🤝
Earlier sir. 😄 Thanks for sharing!
I'm very new to cybersecurity its my dedicated 40th day although I tried to be a part of the community many times but never succesful previously to keep up. This time its different and I already completed my first 100 hours of study. So, now i can't go back and going to maintain my consistency. Although TRY HACK ME has huge impact in making me study but content creator like you and NAHAMSEC are a huge plus when I don't feel like studying, I watch these podcast and they are really helpful and insightful. So Thank you for creating content.
Hey great video. I dont get how it was possible to acheive two csrf with the user clicking one link? Every time I try this only one request goes threw and the page changes
This was worth more than 5k
I am learning bug hunting since 4 months and Got P4 bug for the first time and it was a Duplicate one 🥲
Don't let it control your life,and uill be fine.
@@KiDR_IANI exactly, sometimes it has to do with ego as well and self confidence
"Reported 99 bugs, 98 where dupes". Me.... :"(
Me with a list of every hackerone bug bounty running all of it through httpx, the application picks me i dnt chose it
Dang this story is definitely motivation for me getting into this field! I understand you with the cafe thing 😂
Great video as usual.
I think this is something often overlooked bug hunting and hacking can take a lot of time and be draining and ruin your mental health glad everyone in the community is starting to acknowledge this 🎉
Finally, someone who's honest and humble, I reached out to you on twitter when I got my first bug and even though it wasn't a high payout I was still happy to even get one and give me more motivation.
Great interview! Thank you! 👍
Amazing content bro, keep it up
Great video. Congrats mate🎉🎉🎉
28k would change my life
where can i get these reports?
in this days machine learning is good or bad
what is the vulnerability he is talking about??
1-day unpublished browser exploits.
Kudos for the great interview!
🦾
thanks for this videos!!!
Please bring cachemoney
the only thing I have in common with Alex is that i also submit 1 report in a new program and wait to see how its treated 🤣
The GOAT, the legend! __Ajxchapman__
Love your content. Keep it up!
awesome video dude.
Some people build their pension funds with money, Alex does with cross site scripting.
Woa woh woh
Alex Chapman is a legend! Thanks for getting him on, and keep grinding!
Thanks🥰