1 00:00:00,880 --> 00:00:08,650 All right, we came towards the end of the course, and now is the time to discuss, well, how can 2 00:00:08,650 --> 00:00:11,890 we earn money with the skills that we learned? 3 00:00:12,850 --> 00:00:18,550 Is it something that we can monetize or is it just additional knowledge that we gained? 4 00:00:19,360 --> 00:00:27,220 Well, let me tell you, you can monetize bug bounty and you can monetize it really well, depending 5 00:00:27,220 --> 00:00:29,100 on how good you get. 6 00:00:29,950 --> 00:00:37,540 But before we talk about where and how to do it, let's figure out what the next steps are before we 7 00:00:37,540 --> 00:00:41,070 get to earning money with the skills that we learned. 8 00:00:41,710 --> 00:00:44,250 Well, picture it like this. 9 00:00:45,100 --> 00:00:47,530 This arrow is your path. 10 00:00:47,740 --> 00:00:55,720 At the beginning of this arrow is you a bug bounty hunter that just finished this course and at the 11 00:00:55,720 --> 00:00:59,140 end is you earning money from bug bounty. 12 00:00:59,890 --> 00:01:04,060 The only thing that's in between is practice. 13 00:01:05,000 --> 00:01:09,370 There is a lot of practice waiting for you to really master this skill. 14 00:01:09,800 --> 00:01:17,090 The only way to get comfortable with bug bounty is to perform all the attacks recovered numerous times 15 00:01:17,090 --> 00:01:18,580 on different applications. 16 00:01:19,220 --> 00:01:25,150 You might also discover some new vulnerabilities in the meantime that are also useful to know. 17 00:01:25,820 --> 00:01:33,200 You can learn more about bug bounty through various different websites, courses, books and bug bounty 18 00:01:33,200 --> 00:01:33,760 programs. 19 00:01:34,370 --> 00:01:38,900 Once you do that, you're ready to hand down your first bug. 20 00:01:39,650 --> 00:01:45,410 OK, let's say you are ready and you practiced and feel comfortable doing bug hunting. 21 00:01:45,710 --> 00:01:46,820 Well, what now? 22 00:01:47,720 --> 00:01:51,440 Where can I submit my bugs and earn real money? 23 00:01:52,450 --> 00:01:52,910 OK. 24 00:01:53,440 --> 00:01:57,430 Have you noticed how I mentioned something called Bug Bounty Program? 25 00:01:58,060 --> 00:01:59,790 Well, there is your answer. 26 00:02:00,310 --> 00:02:08,050 There are numerous online platforms that host different bug bounty programs that pay real money. 27 00:02:09,009 --> 00:02:10,479 How exactly does it work? 28 00:02:10,690 --> 00:02:17,950 Well, it's based on different companies applying on the platform for bug bounty programs regarding 29 00:02:17,950 --> 00:02:20,890 their website, their application or software. 30 00:02:21,460 --> 00:02:28,030 On the other side, there are hackers that also applied for that same bug bounty program, and their 31 00:02:28,030 --> 00:02:31,350 goal is to find the bug on that company's product. 32 00:02:32,050 --> 00:02:37,970 First thing they do is accept terms and conditions and rules for that bug bounty program. 33 00:02:38,470 --> 00:02:44,110 After that, if they fulfilled the requirements, they're allowed to explore for vulnerabilities on 34 00:02:44,110 --> 00:02:44,740 that Web site. 35 00:02:44,740 --> 00:02:52,570 For example, if they find a vulnerability, they are then rewarded with a payment, which can be different 36 00:02:52,570 --> 00:02:54,820 depending on the vulnerability severity. 37 00:02:55,390 --> 00:03:02,080 Once the counter gets paid, the company then patches the vulnerability and it is no longer vulnerable 38 00:03:02,080 --> 00:03:02,900 to that attack. 39 00:03:03,280 --> 00:03:04,660 It's simple as that. 40 00:03:05,290 --> 00:03:09,290 But listen, there are some important stuff here to mention. 41 00:03:09,970 --> 00:03:17,200 Remember when I said that hacker accepts terms and conditions and rules before he enters bug bounty 42 00:03:17,200 --> 00:03:17,570 program? 43 00:03:18,370 --> 00:03:23,770 Well, these terms and conditions are not something you want to skip, like you keep them on every other 44 00:03:23,770 --> 00:03:25,380 website here. 45 00:03:25,420 --> 00:03:26,940 They are really important. 46 00:03:27,220 --> 00:03:34,000 For example, in the bug bounty program rules, it could say that certain types of attacks are not allowed 47 00:03:34,300 --> 00:03:37,270 or that certain domains are not for targeting. 48 00:03:37,750 --> 00:03:43,750 It could, for example, have a rule that those attacks are not allowed, which is a common bug bounty 49 00:03:43,750 --> 00:03:44,360 program rule. 50 00:03:45,070 --> 00:03:50,980 If you don't bother reading those rules and you do what you're not supposed to do, like running a business 51 00:03:50,980 --> 00:03:58,810 attack, for example, well, then you can get in trouble for doing something that you're not allowed 52 00:03:58,810 --> 00:03:59,120 to do. 53 00:03:59,920 --> 00:04:05,650 Nonetheless, I'm sure all of you will follow the rules and there will be no problems with that. 54 00:04:06,310 --> 00:04:12,910 Now that we covered how earning money with bug bounty works, let's mention a few platforms that are 55 00:04:12,910 --> 00:04:15,130 hosting bug bounty programs. 56 00:04:15,670 --> 00:04:23,140 We have hacker one back crowd integrity, Sinak, and there are others, of course, but these are one 57 00:04:23,140 --> 00:04:24,390 of the most famous ones. 58 00:04:24,940 --> 00:04:29,680 Let's go on one of these to see how the Web page looks like. 59 00:04:31,340 --> 00:04:33,980 OK, I've chosen to show you the crowd. 60 00:04:34,130 --> 00:04:41,120 It's one of the biggest platforms for bug bounty programs, and you can find it at the link of big crowd 61 00:04:41,120 --> 00:04:45,410 dot com, or you can simply just type a crowd in your search bar. 62 00:04:46,980 --> 00:04:53,970 Once you do that, let's navigate to their Web page and see what they have to offer and how all of this 63 00:04:53,970 --> 00:04:54,730 stuff works. 64 00:04:55,560 --> 00:05:00,840 So the first page that it opens will be this one where you will have this how it works. 65 00:05:00,850 --> 00:05:06,530 But you can click on that and you can read more about bug bounty programs and all of that. 66 00:05:06,540 --> 00:05:09,470 Of course, we are not going to go through all of this. 67 00:05:09,660 --> 00:05:16,680 You have an explanation how it all works, but that is something I leave up to you to read. 68 00:05:17,280 --> 00:05:24,570 Another useful thing that you have and that you will notice in the upper right corner is this researcher 69 00:05:24,570 --> 00:05:27,210 portal and customer Porter. 70 00:05:27,930 --> 00:05:28,680 What is that? 71 00:05:28,950 --> 00:05:32,640 Well, you can create account for two different situations. 72 00:05:32,920 --> 00:05:40,560 Either you're a security researcher or a bug bounty hunter or you're a customer or a company that wants 73 00:05:40,710 --> 00:05:42,820 their product to be tested for bugs. 74 00:05:43,500 --> 00:05:49,230 That's how you would register accordingly as a bug bounty hunter who would go to researcher. 75 00:05:49,710 --> 00:05:54,300 And we can also click right here on researchers to read more about that. 76 00:05:55,350 --> 00:06:01,140 If we scroll a little bit down, let's see if there is anything interesting here to say. 77 00:06:02,140 --> 00:06:07,960 So we have a few different programs, bug bounty penetration testing, vulnerability disclosure, attack, 78 00:06:07,970 --> 00:06:15,100 surface management, you can also learn even more and upgrade your skills with different programs. 79 00:06:15,430 --> 00:06:18,920 But that is also something that I will leave up to you. 80 00:06:19,240 --> 00:06:24,240 Now, let's get to the important stuff, and that is these programs. 81 00:06:24,260 --> 00:06:31,930 If you click on programs, it will open this page with all the different bug bounty programs that this 82 00:06:31,930 --> 00:06:33,370 platform offers. 83 00:06:33,760 --> 00:06:38,160 And you will notice there are some really big companies out here. 84 00:06:38,170 --> 00:06:39,460 We have Kashyap. 85 00:06:39,460 --> 00:06:40,840 We have up work. 86 00:06:41,440 --> 00:06:48,760 We have let's go all the way down into Georgia and you get some of the information about certain bug 87 00:06:48,760 --> 00:06:55,270 bounty programs right here, for example, how much they pay, it says downhere managed by Foulkrod. 88 00:06:55,270 --> 00:06:57,840 So let's take a closer look at one of these programs. 89 00:06:58,300 --> 00:07:00,070 Let's go with APOC now. 90 00:07:00,070 --> 00:07:02,710 Opfer is the big platform. 91 00:07:02,710 --> 00:07:03,970 It's a freelance platform. 92 00:07:03,970 --> 00:07:11,130 And let's see, what do they have to offer us and how exactly does their bug bounty program look like? 93 00:07:11,950 --> 00:07:19,060 Remember, there are few important stuff that we must take a look at before actually applying for any 94 00:07:19,060 --> 00:07:23,410 bug bounty program, and that is their terms and conditions and roots. 95 00:07:24,340 --> 00:07:31,330 So up here, we will get that they're paying up to five thousand dollars for an ability and it can also 96 00:07:31,330 --> 00:07:34,930 go up to ten thousand dollars of maximum reward. 97 00:07:35,830 --> 00:07:41,410 Now, you will see later that the actual amount that you get paid is based on the severity of the vulnerability 98 00:07:41,410 --> 00:07:42,040 that you found. 99 00:07:43,260 --> 00:07:45,160 Let's go all the way down. 100 00:07:45,210 --> 00:07:51,690 We have special bonuses and rewards you would actually want to read through all of this if you were 101 00:07:51,690 --> 00:07:53,790 to apply for this program. 102 00:07:54,180 --> 00:07:58,620 On the right side, we have how much vulnerabilities are reported. 103 00:07:58,680 --> 00:08:00,810 So four hundred and seventy. 104 00:08:01,350 --> 00:08:06,670 And the average payout was six hundred and forty eight dollars. 105 00:08:07,470 --> 00:08:11,720 Now, if we go even more down, here is the important stuff. 106 00:08:12,240 --> 00:08:14,310 Scope and rewards. 107 00:08:15,300 --> 00:08:21,840 Here you will have the description of what exactly are you going to, let's say, perform a penetration 108 00:08:21,840 --> 00:08:28,080 test on or try to discover bugs, they will tell you which application it is, which domain it is, 109 00:08:28,080 --> 00:08:29,280 what you're allowed to do. 110 00:08:29,280 --> 00:08:34,289 And up here, we also get how much they're willing to pay per vulnerability. 111 00:08:34,590 --> 00:08:42,450 And you will notice these signs right here, green for orange, three red P2 and. 112 00:08:43,620 --> 00:08:44,940 Or is this orange? 113 00:08:45,150 --> 00:08:50,550 I'm not sure this could be yellow P three, orange two and red P one. 114 00:08:51,310 --> 00:08:57,850 Now, we'll discuss that in just a second, but let's scroll a little bit more down and here is also 115 00:08:57,850 --> 00:09:00,630 important stuff out of scope targets. 116 00:09:01,090 --> 00:09:07,060 These are the targets that you are not allowed to perform penetration tests on or discover box. 117 00:09:08,180 --> 00:09:14,510 If you do so, you can get in trouble and you can get removed from the program and not rewarded at all, 118 00:09:14,660 --> 00:09:16,430 and that is the easy way out. 119 00:09:16,640 --> 00:09:22,610 You can also get sued, but hopefully you will read through all of this information before applying 120 00:09:22,610 --> 00:09:23,960 for any bug bounty program. 121 00:09:25,100 --> 00:09:29,440 Down here, we have ratings and rewards and we also have requirements. 122 00:09:29,600 --> 00:09:32,200 This is also important to read before applying. 123 00:09:32,630 --> 00:09:36,290 They want the user to participate in the apropo bounty. 124 00:09:36,290 --> 00:09:41,990 Please configure your scanner to include bug crowd in the user agents. 125 00:09:41,990 --> 00:09:48,540 Trink failure to do so may result in your IP being temporarily blocked from participation in the program. 126 00:09:49,540 --> 00:09:57,550 Access your account, you can self register for an account in the API using your background ninja dot 127 00:09:57,550 --> 00:10:02,380 com, email address, testing, using any other account is out of scope. 128 00:10:02,560 --> 00:10:05,200 So this is also some important stuff. 129 00:10:06,030 --> 00:10:14,670 Down here, we have target information, access and credentials exclusions and to really understand 130 00:10:14,670 --> 00:10:15,550 these vulnerabilities. 131 00:10:15,570 --> 00:10:18,720 You can scroll all the way down and down here. 132 00:10:18,720 --> 00:10:20,340 You will have program rules. 133 00:10:20,880 --> 00:10:26,730 This program does not offer financial or point based or four for five informational findings, which 134 00:10:26,730 --> 00:10:30,860 is probably information gathering vulnerability or information disclosure. 135 00:10:31,230 --> 00:10:39,370 And here you will have the list of different vulnerabilities and also how they are rated by severity. 136 00:10:39,850 --> 00:10:46,320 So here you can take a look at what different vulnerabilities belong to P one technical security or 137 00:10:46,320 --> 00:10:47,780 the highest severity. 138 00:10:48,420 --> 00:10:57,120 So we have a injection Xixi remote command, execution command, ejection, disclosure of secrets and 139 00:10:57,120 --> 00:10:57,720 many more. 140 00:10:58,650 --> 00:11:04,710 You can read through all of these different vulnerabilities to understand what level each vulnerability 141 00:11:04,860 --> 00:11:05,250 is. 142 00:11:06,300 --> 00:11:07,660 OK, awesome. 143 00:11:08,310 --> 00:11:12,270 And that is pretty much all you need to know to start with background. 144 00:11:13,080 --> 00:11:20,400 Nonetheless, we are at the end of the course, there is a lot of practice still awaiting you to really 145 00:11:20,400 --> 00:11:23,130 master this field, which I'm sure you will. 146 00:11:23,610 --> 00:11:25,550 Everything else is on you. 147 00:11:26,130 --> 00:11:32,050 If you have any additional questions, feel free to ask and we will be more than happy to answer. 148 00:11:32,640 --> 00:11:35,130 Thank you for watching and happy hacking.