1
00:00:00,150 --> 00:00:07,620
So with bug bounty hunting, this is essentially where you are able to find vulnerabilities in software

2
00:00:07,770 --> 00:00:14,210
websites and web applications and be able to get paid by companies for your services.

3
00:00:14,220 --> 00:00:20,160
So you're pretty much the one that's, you know, coming in and saying, hey, I found these books here.

4
00:00:20,160 --> 00:00:21,500
I found these bugs over there.

5
00:00:21,660 --> 00:00:23,640
I found these loopholes here.

6
00:00:24,000 --> 00:00:25,320
You guys need to patch these up.

7
00:00:25,320 --> 00:00:30,810
And once you're able to find those bugs, companies will actually pay you to uncover those.

8
00:00:30,840 --> 00:00:33,660
And so you're pretty much just breaking into software, right?

9
00:00:33,990 --> 00:00:35,370
It's really that simple.

10
00:00:35,550 --> 00:00:41,940
And then you're writing a report as to what you found, how you found it, and then given recommendations

11
00:00:41,940 --> 00:00:44,310
as far as what they can do to patch that up.

12
00:00:44,340 --> 00:00:50,460
And like I mentioned, some hackers are able to make several thousands, if not a six figure income

13
00:00:50,460 --> 00:00:54,180
or more just by doing bug bounty hunting.

14
00:00:54,180 --> 00:00:54,480
Right.

15
00:00:54,720 --> 00:00:59,820
A lot of these folks who actually do this full time, maybe because they don't want to be client facing,

16
00:00:59,820 --> 00:01:04,070
they don't want to work for clients either on the freelancing or consulting side.

17
00:01:04,350 --> 00:01:11,370
And so they'll just stay behind the scenes, behind the computer and essentially get paid to find bugs

18
00:01:11,470 --> 00:01:13,050
within various organizations.

19
00:01:13,050 --> 00:01:18,780
And a resource here where you can practice finding bugs is O.W. Aspey dog.

20
00:01:18,930 --> 00:01:22,740
And you can also take a look at the Google book, Hunter University as well.

21
00:01:23,220 --> 00:01:26,340
And three resources here for you to get started.

22
00:01:26,340 --> 00:01:34,440
Actually, getting paid with bug bounty hunting is hacker one and then bug crowd dotcom and integrity

23
00:01:34,440 --> 00:01:35,110
dotcom.

24
00:01:35,130 --> 00:01:39,840
So these are going to be the top three recommended websites for bug bounty hunting.

25
00:01:39,990 --> 00:01:41,610
There's actually a ton more.

26
00:01:41,790 --> 00:01:45,990
But as far as for the most recommended, these are going to be the top three.

27
00:01:46,200 --> 00:01:51,750
And then we're going to go to my computer and I'm going to show you a quick walkthrough overview of

28
00:01:51,780 --> 00:01:52,230
the story.

29
00:01:52,230 --> 00:01:53,920
Let's head on over to my computer now.

30
00:01:53,940 --> 00:01:58,020
OK, so let's take a look at the top three recommended bounty websites.

31
00:01:58,230 --> 00:02:00,060
The number one here is hacker one.

32
00:02:00,090 --> 00:02:01,260
This is the number one here.

33
00:02:01,500 --> 00:02:07,170
And you can look up here and look at the different products that they have, how you can get paid from

34
00:02:07,170 --> 00:02:08,220
various services.

35
00:02:08,550 --> 00:02:15,750
And your role really here is to, like I mentioned, to get paid for finding vulnerabilities within

36
00:02:15,870 --> 00:02:18,120
a company's networks, essentially right.

37
00:02:18,360 --> 00:02:21,200
In their applications, whatever that may be here.

38
00:02:21,210 --> 00:02:29,520
So you have like a pin test here and then you can do bug bounty hunting here and then also provide various

39
00:02:29,520 --> 00:02:30,060
services.

40
00:02:30,110 --> 00:02:35,490
So definitely recommend you check this out here and then let's go to the next one.

41
00:02:36,060 --> 00:02:37,830
Then we have the bug crowd.

42
00:02:37,980 --> 00:02:42,960
And this is essentially the same thing where you're finding vulnerabilities in systems.

43
00:02:43,770 --> 00:02:45,780
You can actually request a demo here.

44
00:02:46,230 --> 00:02:47,640
You can look at how it works.

45
00:02:48,270 --> 00:02:49,560
They have a good chat here.

46
00:02:49,950 --> 00:02:57,180
And so, again, this is something for if you're wanting to get paid for just finding these different

47
00:02:57,180 --> 00:03:03,510
bugs within organizations and then getting paid for it, if you don't want to do any of the actual client

48
00:03:03,510 --> 00:03:04,320
facing work.

49
00:03:04,890 --> 00:03:10,160
And then we have the integrity dot com here and this one is in Europe, OK?

50
00:03:10,410 --> 00:03:13,110
And so as you can see, there's pretty much the same thing here.

51
00:03:13,110 --> 00:03:14,400
You can request a demo.

52
00:03:14,570 --> 00:03:17,820
You can look at some of the other individuals that have used this as well.

53
00:03:17,820 --> 00:03:25,140
So even if you, you know, maybe don't decide to do this, I would definitely sign up and to all three

54
00:03:25,140 --> 00:03:30,810
of these and maybe do some exploring and find out what it all entails and if it's something that you

55
00:03:30,810 --> 00:03:34,950
actually want to do, even just for practice.

56
00:03:34,950 --> 00:03:35,250
Right.

57
00:03:35,520 --> 00:03:41,280
So as you can see here, you're a researcher or you're a company regardless of, you know, what your

58
00:03:41,430 --> 00:03:42,780
ultimate intention is.

59
00:03:43,080 --> 00:03:50,370
You want to get an idea as far as how the bug bounty hunting works when you get into the cybersecurity

60
00:03:50,370 --> 00:03:54,720
space, unless you're just focusing in on a particular area.

61
00:03:54,720 --> 00:04:01,020
So maybe you're focused on just compliance, you most likely wouldn't be doing very much bug bounty

62
00:04:01,020 --> 00:04:01,320
hunting.

63
00:04:01,320 --> 00:04:07,380
So I'd like to look at it from the perspective of getting a, you know, broad kind of experience.

64
00:04:07,380 --> 00:04:07,710
Right.

65
00:04:07,950 --> 00:04:14,400
And kind of dipping your toes into different areas within the cybersecurity field and then going into

66
00:04:14,400 --> 00:04:18,820
which ones as far as the fields that resonate and connect more with you.

67
00:04:18,840 --> 00:04:21,240
OK, so that's going to be here for this one.

68
00:04:21,240 --> 00:04:22,410
And we'll see you on the next one.