23:46
Turning unexploitable XSS into an account takeover with Matan Berson
01:31:16
Going full-time bug bounty, privilege escalation bugs and more with Douglas Day
01:08:52
Finding criticals in mobile apps - Joel Margolis (0xteknogeek) from @criticalthinkingpodcast
01:16:32
The secret to finding many Criticals - Alex Chapman
07:30
$25k GitHub account takeover & justCTF 2023 CSRF+XSS writeup
10:16
$203,000 bounties for 4 bugs in Azure Health Bot - 2x RCE, path traversal, memory leak
24:20
Request smuggling - do more than running tools! HTTP Request smuggling bug bounty case study
15:29
CSRF - how to find it in 2024? CSRF bug bounty case study
38:08
How I got into cybersecurity and bug bounty?
21:08
How to hack WordPress?
01:12:18
Find more clients and improve in pentesting - Cristi Vlad
25:12
Where are all the RCEs? RCE case study
01:21:32
Everything about full-time bug bounty - Justin “rhynorater” Gardner from @criticalthinkingpodcast
14:08
Bug bounty: year 2 - 0days, a $20k bounty and… laziness - bounty vlog #5
19:36
What types of DoS bugs will get you a bounty? Case study of 138 DoS bug bounty reports
01:27:14
AI and hacking - opportunities and threats - Joseph “rez0” Thacker
09:53
My $20,000 S3 bug that leaked everyone’s attachments - S3 bucket misconfig of pre-signed URLs
23:55
IDOR - how to predict an identifier? Bug bounty case study
01:30:29
From reporting self-XSSes to improving browser security mechanisms - Michał Bentkowski
20:49
How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports
01:10:22
The key to succeed in bug bounty - @NahamSec
01:07:50
Road to Most Valuable Hacker and working while travelling the world - Yassine Aboukir
30:23
How to do account takeover? Case study of 146 bug bounty reports
55:16
Security source code review expert - Shubham Shah
16:31
How to turn a write-based path traversal into a critical? - Bug bounty case study
01:06:41
Inside the Mind of the TOP1 Facebook Bug Bounty Hunter - Youssef Sammouda - BBRD podcast #5
13:20
CodeQL query to detect RCE via ZipSlip - $5,500 bounty from GitHub Security Lab
15:41
ZIION - Set up your web3 testing env with a few clicks
06:17
Client-side path traversal vulnerability class explained - $6,580 GitLab bug bounty
01:01
How to start bug bounty today?
45:48
Bug bounty automation and scaling 0days - Michael Ness - BBRD podcast #4
06:10
$3,133.70 XSS in golang's net/html library - My first Google bug bounty
22:01
$1mln - Generating ETH from thin air - Aurora rainbow bridge withdrawal logic bug
01:08:37
From zero to 6-digit bug bounty earnings in 1 year - Johan Carlsson - BBRD podcast #3
10:38
$1 mln bounty in Aurora blockchain for no input sanitisation bug
28:40
Which XSS payloads get the biggest bounties? - Case study of 174 reports
17:02
How much money I made in my 1st year of bug bounty? Bounty vlog #4
12:55
How to get greater bounties for MEDIUM and LOW risk reports? Account takeover - Stripe
19:58
What functionalities are vulnerable to SSRFs? Case study of 124 bug bounty reports
06:43
$29,000 GitLab - Arbitrary File Read using symlinks
13:45
The hardest CTF task I’ve ever done!
12:51
Client-side desync vulnerabilities - a breakthrough in request smuggling techniques
07:36
An overlooked parameter leads to a critical SSRF in Dropbox bug bounty program
09:31
2022-style OAuth account takeover on Facebook - $45,000 bug bounty
09:13
MetaMask - stealing ETH by exploiting clickjacking - $120,000 bug bounty
17:45
100 hours of reviewing the source code - Bounty vlog #3 - Elastic
10:05
This is my coolest bug bounty report (SSRF ➡ Phishing)
09:09
How I found the $1,500 SSRF in Stripe bug bounty program
09:43
The world's largest bug bounty - $3.4 mln for a bug in Polygon blockchain
06:35
100 hours of bug bounty - I made twice more than as a pentester - Bounty vlog #2
09:23
$100k Hacking any website in Safari with uXSS - a 0-day chain
05:40
admin:admin password allowed stealing Teslas around the world
14:39
100 hours of bug bounty on a public Hackerone program. Bounty vlog #1 - Stripe
09:22
Injecting code into any Homebrew Cask by attacking GitHub Actions script
14:28
Log4j RCE vulnerability explained with bypass for the initial fix (CVE-2021-44228, CVE-2021-45046)
08:04
$28k IDOR that broke Apple Shortcuts - Apple bug bounty
09:48
$16k Stealing secrets.yaml from GitLab using stored XSS - Hackerone bug bounty
07:31
I quit my IT job for YouTube and bounty - bounty vlog #0
14:12
AmazingCryptoWAF - @LiveOverflow's CTF challenge walkthrough - ALLES! CTF
10:14
$2,500 Leaking parts of private Hackerone reports - timeless cross-site leaks
X
About
My name is Grzegorz Niedziela. I'm a hacker who documents his journey by creating and curating the best content for you in the form of videos and the newsletter. On this channel, you can find videos with detailed explanations of interesting bug bounty reports. If possible, bug bounty poc is also presented on the video.
You can approach me if you want to promote your brand across thousands of cybersecurity professionals.
Tags