Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,599 --> 00:00:06,560 hi my name is david 2 00:00:03,678 --> 00:00:07,199 welcome to my course keep hacking and 3 00:00:06,559 --> 00:00:10,960 making 4 00:00:07,200 --> 00:00:14,240 money at hacker one hacker one 5 00:00:10,960 --> 00:00:15,519 is your big opportunity whether you are 6 00:00:14,240 --> 00:00:18,480 a backhunter 7 00:00:15,519 --> 00:00:20,079 tickle hacker or penetration tester this 8 00:00:18,480 --> 00:00:22,399 is a place for you 9 00:00:20,079 --> 00:00:23,919 because you can go there and you can 10 00:00:22,399 --> 00:00:27,118 hang legally 11 00:00:23,920 --> 00:00:30,560 and at the same time you can make money 12 00:00:27,118 --> 00:00:34,079 which is just beautiful you can get 13 00:00:30,559 --> 00:00:36,640 different rewards for your hacking 14 00:00:34,079 --> 00:00:37,280 for example you can get one hundred 15 00:00:36,640 --> 00:00:39,840 dollars 16 00:00:37,280 --> 00:00:40,480 one thousand dollars or even ten 17 00:00:39,840 --> 00:00:44,160 thousand 18 00:00:40,479 --> 00:00:47,119 dollars per bug is just awesome 19 00:00:44,159 --> 00:00:47,679 what you need is an internet connection 20 00:00:47,119 --> 00:00:51,119 and 21 00:00:47,679 --> 00:00:54,799 knowledge you can hack many different 22 00:00:51,119 --> 00:00:58,000 companies that are clients of hacker one 23 00:00:54,799 --> 00:01:01,280 for example twitter yahoo uber 24 00:00:58,000 --> 00:01:04,478 coinbase and a lot more can you see that 25 00:01:01,280 --> 00:01:05,280 the biggest companies in the world are 26 00:01:04,478 --> 00:01:07,920 clients of 27 00:01:05,280 --> 00:01:10,239 hakuwan and now you can go there and you 28 00:01:07,920 --> 00:01:12,640 can hack them legally and make money 29 00:01:10,239 --> 00:01:13,839 it's like like a dream but it really 30 00:01:12,640 --> 00:01:16,239 works 31 00:01:13,840 --> 00:01:19,359 i will tell you even more even the 32 00:01:16,239 --> 00:01:22,560 united states department of defense 33 00:01:19,359 --> 00:01:25,519 is a client of hakuran so now 34 00:01:22,560 --> 00:01:26,240 even the government organizations are 35 00:01:25,519 --> 00:01:28,319 out there 36 00:01:26,239 --> 00:01:29,679 for you and you can hack them and you 37 00:01:28,319 --> 00:01:32,399 can do it legally 38 00:01:29,680 --> 00:01:33,600 it's just beautiful i am really excited 39 00:01:32,400 --> 00:01:35,680 about it 40 00:01:33,599 --> 00:01:37,839 now the question is what you can hack at 41 00:01:35,680 --> 00:01:38,799 hackerone well you can hack all the 42 00:01:37,840 --> 00:01:41,200 things 43 00:01:38,799 --> 00:01:42,640 you can hack web apps you can hack 44 00:01:41,200 --> 00:01:44,840 mobile apps 45 00:01:42,640 --> 00:01:46,640 desktop apps even network 46 00:01:44,840 --> 00:01:49,600 infrastructures 47 00:01:46,640 --> 00:01:50,960 it's amazing it depends on the program 48 00:01:49,599 --> 00:01:54,559 of course 49 00:01:50,959 --> 00:01:57,438 but you see a lot of different options 50 00:01:54,560 --> 00:01:58,320 in this course i will focus on the web 51 00:01:57,438 --> 00:02:01,039 apps because 52 00:01:58,319 --> 00:02:01,758 this is the most popular target at 53 00:02:01,040 --> 00:02:05,520 hackerone 54 00:02:01,759 --> 00:02:08,080 right virtually every single company 55 00:02:05,519 --> 00:02:09,038 has web application and web service that 56 00:02:08,080 --> 00:02:10,800 is in scope 57 00:02:09,038 --> 00:02:12,559 of their program so that you can go 58 00:02:10,800 --> 00:02:15,040 there you can hack 59 00:02:12,560 --> 00:02:16,318 and make money at the same time right 60 00:02:15,039 --> 00:02:18,639 that's what i'm gonna 61 00:02:16,318 --> 00:02:20,318 focus on web apps because they are the 62 00:02:18,639 --> 00:02:22,719 most popular target 63 00:02:20,318 --> 00:02:24,560 at hackerone but don't worry if you 64 00:02:22,719 --> 00:02:27,280 specialize in mobile apps 65 00:02:24,560 --> 00:02:28,719 desktop apps or for example network 66 00:02:27,280 --> 00:02:30,400 infrastructure hacking 67 00:02:28,719 --> 00:02:32,318 you can still find a lot of 68 00:02:30,400 --> 00:02:35,039 opportunities out there 69 00:02:32,318 --> 00:02:35,518 now the question is well you can say 70 00:02:35,039 --> 00:02:37,840 david 71 00:02:35,519 --> 00:02:39,120 it sounds really cool but how shall i 72 00:02:37,840 --> 00:02:41,840 start 73 00:02:39,120 --> 00:02:44,159 i already prepared a course start 74 00:02:41,840 --> 00:02:45,360 hacking and making money today at 75 00:02:44,159 --> 00:02:48,479 hackerone 76 00:02:45,360 --> 00:02:50,080 this is one of my previous courses and 77 00:02:48,479 --> 00:02:52,959 in this course 78 00:02:50,080 --> 00:02:53,440 i gave an introduction into the hacker 79 00:02:52,959 --> 00:02:56,800 one 80 00:02:53,439 --> 00:03:00,079 and i presented the list of five 81 00:02:56,800 --> 00:03:01,760 bugs that i recommend you to start with 82 00:03:00,080 --> 00:03:03,519 i just wanted to give you a kind of a 83 00:03:01,759 --> 00:03:06,560 starter the bugs that 84 00:03:03,519 --> 00:03:08,560 really work i am one of the top hackers 85 00:03:06,560 --> 00:03:11,840 at hackerone and i'm really fortunate 86 00:03:08,560 --> 00:03:14,479 to be on this list and i just wanted 87 00:03:11,840 --> 00:03:15,360 to share with you what works what kind 88 00:03:14,479 --> 00:03:18,399 of bugs 89 00:03:15,360 --> 00:03:19,200 i submitted for years as a starter and 90 00:03:18,400 --> 00:03:22,239 how i got 91 00:03:19,199 --> 00:03:22,719 different rewards now we have to realize 92 00:03:22,239 --> 00:03:25,439 that 93 00:03:22,719 --> 00:03:25,919 well we've got a lot more than five 94 00:03:25,439 --> 00:03:29,199 bucks 95 00:03:25,919 --> 00:03:32,158 right for a start that's why 96 00:03:29,199 --> 00:03:34,560 we need something extra we need more 97 00:03:32,158 --> 00:03:36,560 bugs because we want to double 98 00:03:34,560 --> 00:03:38,000 our rewards we want to double our 99 00:03:36,560 --> 00:03:42,080 payments right 100 00:03:38,000 --> 00:03:45,120 so now it's time for a follow-up course 101 00:03:42,080 --> 00:03:46,239 and this is exactly what this course is 102 00:03:45,120 --> 00:03:48,239 all about 103 00:03:46,239 --> 00:03:50,000 i'm going to give you more knowledge i'm 104 00:03:48,239 --> 00:03:53,039 going to give you more bugs 105 00:03:50,000 --> 00:03:53,598 because i want you to progress i want 106 00:03:53,039 --> 00:03:57,120 you to 107 00:03:53,598 --> 00:03:57,759 hack and make money so what i'm going to 108 00:03:57,120 --> 00:04:01,360 present 109 00:03:57,759 --> 00:04:04,399 is the next five bugs yeah 110 00:04:01,360 --> 00:04:07,840 more bugs for you so that you can be 111 00:04:04,400 --> 00:04:09,680 more and more successful and this course 112 00:04:07,840 --> 00:04:12,400 is gonna be technical 113 00:04:09,680 --> 00:04:13,438 and so i will dive into demos i love 114 00:04:12,400 --> 00:04:15,840 demos 115 00:04:13,438 --> 00:04:17,439 because in the demos you can see how 116 00:04:15,840 --> 00:04:19,439 things really work 117 00:04:17,439 --> 00:04:21,918 because i want you to reproduce all 118 00:04:19,439 --> 00:04:25,040 these bugs in your own pen testing 119 00:04:21,918 --> 00:04:27,198 in your own hacking right if you don't 120 00:04:25,040 --> 00:04:30,240 see this kind of hands-on stuff 121 00:04:27,199 --> 00:04:32,000 you cannot reproduce the steps so i will 122 00:04:30,240 --> 00:04:34,160 dive into the demos 123 00:04:32,000 --> 00:04:35,839 of course there will be some kind of 124 00:04:34,160 --> 00:04:36,479 overview at the beginning but then we 125 00:04:35,839 --> 00:04:39,279 will 126 00:04:36,478 --> 00:04:40,079 jump directly to the demos because i 127 00:04:39,279 --> 00:04:41,679 want you 128 00:04:40,079 --> 00:04:44,639 at the very end of this course to be 129 00:04:41,680 --> 00:04:47,840 able to find more and more bugs 130 00:04:44,639 --> 00:04:51,040 in your own hacking so let me now jump 131 00:04:47,839 --> 00:04:54,399 to the next five bugs 132 00:04:51,040 --> 00:04:55,680 the first one is related to login 133 00:04:54,399 --> 00:04:58,079 functionality 134 00:04:55,680 --> 00:04:59,759 i'm gonna show you how you can 135 00:04:58,079 --> 00:05:02,639 impersonate a user 136 00:04:59,759 --> 00:05:03,840 when there is a kind of problem in login 137 00:05:02,639 --> 00:05:06,000 functionality 138 00:05:03,839 --> 00:05:08,000 it's gonna be related to broken session 139 00:05:06,000 --> 00:05:08,560 management and i see this kind of 140 00:05:08,000 --> 00:05:10,560 problem 141 00:05:08,560 --> 00:05:11,680 quite often that's why i'm gonna present 142 00:05:10,560 --> 00:05:13,439 it to you because 143 00:05:11,680 --> 00:05:14,959 quite often you can get paid for this 144 00:05:13,439 --> 00:05:18,000 kind of problem 145 00:05:14,959 --> 00:05:21,279 next i'm gonna dive to something 146 00:05:18,000 --> 00:05:22,800 very different i'm gonna dive into the 147 00:05:21,279 --> 00:05:25,918 metadata 148 00:05:22,800 --> 00:05:28,478 black hunters very rarely look 149 00:05:25,918 --> 00:05:30,079 into the metadata but this is an 150 00:05:28,478 --> 00:05:32,478 opportunity for you 151 00:05:30,079 --> 00:05:33,279 you can find a lot of sensitive 152 00:05:32,478 --> 00:05:35,439 information 153 00:05:33,279 --> 00:05:36,719 in metadata metadata is something that 154 00:05:35,439 --> 00:05:38,879 you don't see 155 00:05:36,720 --> 00:05:40,479 but it is out there and it can contain 156 00:05:38,879 --> 00:05:42,159 some sensitive information right 157 00:05:40,478 --> 00:05:43,918 this is how it works i'm gonna show you 158 00:05:42,160 --> 00:05:44,880 step by step how you can extract this 159 00:05:43,918 --> 00:05:47,038 metadata 160 00:05:44,879 --> 00:05:49,360 and learn if there is any kind of 161 00:05:47,038 --> 00:05:52,879 information disclosure 162 00:05:49,360 --> 00:05:54,160 after that i will discuss this closure 163 00:05:52,879 --> 00:05:57,439 of credentials 164 00:05:54,160 --> 00:05:59,840 and i'm gonna show you how you can find 165 00:05:57,439 --> 00:06:00,959 the disclosure of credentials in a web 166 00:05:59,839 --> 00:06:03,519 application 167 00:06:00,959 --> 00:06:04,478 so you will be playing with https 168 00:06:03,519 --> 00:06:06,478 enforcement 169 00:06:04,478 --> 00:06:08,560 and you will see how it works if there 170 00:06:06,478 --> 00:06:09,839 is any kind of problem in the web app or 171 00:06:08,560 --> 00:06:12,879 not 172 00:06:09,839 --> 00:06:16,079 after that i will discuss 173 00:06:12,879 --> 00:06:18,240 insecure password change password change 174 00:06:16,079 --> 00:06:19,439 obviously is very sensitive 175 00:06:18,240 --> 00:06:21,918 functionality 176 00:06:19,439 --> 00:06:23,360 and we want everything to be implemented 177 00:06:21,918 --> 00:06:25,918 securely out there 178 00:06:23,360 --> 00:06:26,720 but in reality there are different 179 00:06:25,918 --> 00:06:29,120 problems 180 00:06:26,720 --> 00:06:30,160 and i'm gonna show you one interesting 181 00:06:29,120 --> 00:06:33,199 problem that i 182 00:06:30,160 --> 00:06:35,759 find quite often in different web apps 183 00:06:33,199 --> 00:06:37,280 so it will be the bug number four in 184 00:06:35,759 --> 00:06:40,560 this course 185 00:06:37,279 --> 00:06:41,038 and finally i will discuss a dictionary 186 00:06:40,560 --> 00:06:43,120 attack 187 00:06:41,038 --> 00:06:45,680 so i'll tell you what it is actually and 188 00:06:43,120 --> 00:06:48,639 how to find whether this attack 189 00:06:45,680 --> 00:06:49,360 is possible so that you will be really 190 00:06:48,639 --> 00:06:52,478 able to 191 00:06:49,360 --> 00:06:55,680 check this out on your own so 192 00:06:52,478 --> 00:06:58,879 basically this is it the next 193 00:06:55,680 --> 00:07:01,360 five bugs that really work for me 194 00:06:58,879 --> 00:07:02,639 that i have been submitting for years to 195 00:07:01,360 --> 00:07:05,598 different companies 196 00:07:02,639 --> 00:07:06,160 and i got paid for this box and i want 197 00:07:05,598 --> 00:07:08,639 you 198 00:07:06,160 --> 00:07:09,439 to be more and more successful as a 199 00:07:08,639 --> 00:07:11,840 hacker 200 00:07:09,439 --> 00:07:12,959 hacker one is a really great opportunity 201 00:07:11,839 --> 00:07:15,439 right now 202 00:07:12,959 --> 00:07:16,000 for us backhunters ethical hackers 203 00:07:15,439 --> 00:07:18,639 penetration 204 00:07:16,000 --> 00:07:20,720 testers so i hope you will make the most 205 00:07:18,639 --> 00:07:23,280 of this course you will enjoy the course 206 00:07:20,720 --> 00:07:23,919 and at the very end you will make more 207 00:07:23,279 --> 00:07:26,959 money 208 00:07:23,918 --> 00:07:30,240 so this is it for an introduction 209 00:07:26,959 --> 00:07:32,719 so now let's jump to the next video 210 00:07:30,240 --> 00:07:33,918 and the next video actually is gonna be 211 00:07:32,720 --> 00:07:38,240 the first bug 212 00:07:33,918 --> 00:07:38,240 from this list 14069