The Truth About Bug Bounties
Summary
TLDRCe script de vidéo aborde la réalité des primes de bug, révélant que, malgré la saturation du domaine, il existe encore des opportunités pour ceux qui souhaitent s'y engager. L'auteur, ayant dix ans d'expérience, insiste sur l'importance de la passion, de la persévérance et du développement continu pour réussir dans ce domaine. Il partage son expérience personnelle, soulignant que les succès ne viennent pas sans défis et que la patience et la créativité sont essentielles pour les chasseurs de bugs qui cherchent à s'établir.
Takeaways
- 😀 Le secteur des primes de bug est saturé mais offre toujours des opportunités pour ceux qui souhaitent s'impliquer.
- 🔒 Il est important d'avoir une approche cohérente et de consacrer beaucoup de temps pour devenir bon dans le domaine des primes de bug.
- 💰 Les primes de bug ne sont pas une réussite rapide et nécessitent un investissement de temps et d'efforts.
- 🚀 Les hackers tels que Tess ou Nagle, bien que nouveaux dans le domaine, montrent que le succès peut être atteint même en débutant tardivement.
- 📈 Les carrières des hackers peuvent être comparables à d'autres industries où le succès prend du temps et nécessite une persistance.
- 🎓 Les débutants dans les primes de bug doivent comprendre l'impact des vulnérabilités qu'ils trouvent pour éviter les duplications ou les rapports informatifs.
- 🔎 Trouver des vulnérabilités n'est pas facile, même pour les hackers expérimentés, et peut impliquer des discussions prolongées avec les entreprises.
- 🤔 Les hackers doivent être passionnés par leur travail, car cela rend la résolution des problèmes et des conflits plus supportable et agréable.
- 🌟 Le succès dans les primes de bug est souvent le résultat d'une passion et d'une persévérance soutenues, plutôt que d'une simple opportunité.
- 🚧 Les hauts et les bas sont une partie intégrante de la carrière des primes de bug, et il est important de s'y attendre et de s'y adapter.
- 👀 Les hackers doivent être uniques et trouver leur propre style d'approche pour être efficaces et éviter de se perdre dans les méthodes d'autrui.
Q & A
Quelle est la réalité actuelle du secteur des primes de bug, selon le script ?
-Le secteur des primes de bug est de plus en plus saturé, mais il existe toujours des opportunités pour ceux qui souhaitent s'impliquer, que ce soit pour une carrière ou pour gagner de l'argent.
Combien de temps le narrateur a-t-il passé dans le domaine des primes de bug ?
-Le narrateur a passé 10 ans dans le domaine des primes de bug, tant en tant que travailleur sur les plateformes que comme chasseur de primes de bug.
Quels sont les coûts associés à la participation aux primes de bug ?
-Les coûts associés comprennent le temps investi, la consistance dans l'apprentissage et le développement de la méthodologie de chasse aux vulnérabilités.
Pourquoi le narrateur pense-t-il que les personnes qui entrent dans les primes de bug veulent souvent faire un travail de base ?
-Le narrateur pense que beaucoup de personnes croient qu'en faisant un minimum d'effort, elles peuvent devenir des hackers talentueux ou gagner beaucoup d'argent, influencées par les partages de bounties sur les réseaux sociaux.
Quel exemple de chasseurs de bug émergents est mentionné dans le script ?
-L'exemple de Tess et Nagle est mentionné, qui ont commencé à chasser des bugs en 2019 et sont devenus des hackers à la pointe du domaine.
Comment le narrateur compare-t-il les primes de bug à d'autres industries telles que la gaming et la streaming ?
-Il compare les primes de bug à la gaming et la streaming en disant que comme pendant la pandémie où tout le monde voulait devenir streamer ou joueur, beaucoup de personnes veulent maintenant faire des primes de bug, mais cela nécessite également un investissement de temps important.
Quel conseil donne le narrateur pour ceux qui cherchent à se lancer dans les primes de bug ?
-Le narrateur conseille de ne pas copier tout ce que les autres font, mais plutôt d'intégrer les idées et méthodes qui fonctionnent pour soi, tout en restant unique et passionné par le domaine.
Quelle est la différence entre le haut et le bas de la carrière du narrateur dans les primes de bug ?
-Le narrateur explique qu'il y a des périodes de hauts et de bas, où il peut trouver beaucoup de vulnérabilités et gagner beaucoup d'argent, mais aussi des périodes où il en trouve très peu ou aucune, ce qui peut être découragé.
Pourquoi le narrateur a-t-il décidé de partager la vérité derrière les primes de bug ?
-Il souhaite montrer que les primes de bug ne sont pas aussi faciles qu'elles peuvent sembler sur les réseaux sociaux et qu'il y a des défis et des obstacles à surmonter.
Quel est le message final du narrateur sur l'importance de la passion dans les primes de bug ?
-Le narrateur insiste sur le fait que la passion est essentielle pour persister et réussir dans les primes de bug, car cela rend les défis et les obstacles plus supportables et le travail plus gratifiant.
Outlines
😀 La réalité des primes de bug
Le script commence par une discussion sur la saturation du marché des primes de bug, malgré cela, il y a toujours des opportunités pour ceux qui souhaitent s'impliquer. L'auteur souligne que la réussite ne sera pas immédiate et nécessitera une grande quantité de temps et de cohérence, tant dans l'apprentissage que dans la pratique de l'hacking. Il mentionne également les exemples de Tess et Nagle, qui sont devenus des hackers à la pointe après plusieurs années d'efforts. L'auteur invite également les spectateurs à partager s'ils aimeraient entendre son histoire personnelle et pourquoi il a commencé sa chaîne YouTube.
😟 Les défis de la chasse aux bugs
Dans ce paragraphe, l'auteur aborde les défis rencontrés lors de la chasse aux bugs, notamment la répétition des découvertes et les échanges avec les entreprises. Il explique que les vulnérabilités doivent avoir un impact réel pour être prises en compte, et que les rapports de duplicatas ou d'informations peuvent décourager certains. L'auteur partage également ses propres expériences, y compris les périodes difficiles où il a eu du mal à trouver des vulnérabilités, mais insiste sur l'importance de la passion pour l'hacking plutôt que simplement pour l'argent. Il encourage à ne pas se décourager face aux défis et à poursuivre l'objectif si la passion est réelle.
😌 La passion derrière les primes de bug
Le dernier paragraphe met l'accent sur l'importance de la passion dans le domaine des primes de bug. L'auteur exprime son opinion que les primes de bug valent le coup, surtout en considérant le nombre croissant d'entreprises qui ouvrent des programmes de primes de bug. Il donne un conseil de sagesse aux nouveaux venus, les encourageant à être uniques et à ne pas simplement copier les méthodes des autres. Il souligne que les hackers les plus créatifs et les plus passionnés sont ceux qui apportent la plus grande valeur, et que l'argent devrait être considéré comme un avantage secondaire plutôt que comme le principal objectif.
Mindmap
Keywords
💡Bug bounties
💡Chasseur de bugs
💡Saturation du marché
💡Consistance
💡Réussite rapide
💡Développement de méthodologie
💡Répétition (dupes)
💡Impact
💡Passion
💡Communication
💡Réalité des bug bounties
Highlights
Le marché des primes de bug est très saturé, mais il y a toujours des opportunités pour ceux qui souhaitent s'impliquer.
Les primes de bug exigent une grande quantité de temps et de persévérance pour devenir bon.
Il est faux de croire que les primes de bug sont une réussite rapide; cela nécessite une grande consistance et apprentissage.
Les hackers tels que Tess ou Nagle sont des exemples de nouvelles générations de hackers qui ont commencé tard dans leur carrière.
Les deux premières années dans les primes de bug sont souvent consacrées à la recherche de vulnérabilités et à l'apprentissage.
Nagle est devenu un hacker millionnaire après avoir atteint le pic de sa carrière en 2021.
Les industries du jeu et de la diffusion en continu sont comparables aux primes de bug en termes d'engagement et de succès.
Il est important de ne pas se fixer uniquement sur devenir le prochain hacker millionnaire, mais de définir ses propres objectifs.
Les hackers doivent comprendre l'impact des vulnérabilités qu'ils trouvent pour être pris au sérieux par les entreprises.
Les nouveaux hackers doivent s'attendre à trouver des vulnérabilités déjà signalées (dupes) ou à ne pas être compris par les entreprises.
Le processus de triage et de validation des vulnérabilités peut être décourageant, même pour les hackers expérimentés.
Il est crucial de communiquer efficacement avec les entreprises pour éviter les problèmes de triage et de validation.
Les hackers doivent accepter les phases de faible productivité et comprendre que cela fait partie du processus.
La passion pour le piratage et la sécurité est essentielle pour réussir dans les primes de bug.
Les hackers doivent être créatifs et uniques dans leur approche pour se démarquer et trouver des vulnérabilités intéressantes.
Il est important de ne pas se baser uniquement sur les méthodes d'autres hackers mais de développer sa propre méthodologie.
Les hackers les plus créatifs sont souvent aussi les plus passionnés par le piratage et la découverte de vulnérabilités.
Les primes de bug sont une opportunité pour ceux qui aiment le piratage, même si l'argent est un avantage secondaire.
Transcripts
I think it is finally time for us to sit
down and talk about the reality and the
truth behind bug bounties as we speak
today these bug Bounty platforms claim
to have over millions of users and
honestly with someone that's been in bug
bounties for the last 10 years both as
someone that worked on the platforms and
also worked as a bug Bounty Hunter I can
see the space becoming very very
saturated but honestly I still think
with how saturated it is there is still
opportunities and a chance for everybody
that wants to get involved and make some
sort of a career or make some money from
just doing bug bounties these
opportunities come with a bit of a cost
and a lot of your time investment
because it is going to take a lot of
consistency in order for you to become
good and this consistency could be with
your learning could be with your hacking
and just developing the methodology that
you have as a bug Bounty Hunter and what
I'm trying to say here is that this is
not going to be an overnight success and
I feel like a lot of people that come
into bug bounties they want to do it for
a quick buck and they think by doing the
most basic amount of work or just
getting comfortable and putting in the
minimum effort they are going to become
a top hacker or make a ton of money
because some of these hackers on Twitter
or on social media maybe including
myself have shared their Buck Bounty
amounts and I've set up some expectation
that it is that simple and that easy to
make some money from bug bounties okay
but before we jump into the video do me
a favor would it help if I actually
create a video about kind of my origin
story of how I got here and why I
started this YouTube channel if it does
drop me a comment at just this story or
tell us more and I'll make that in a
couple of weeks and post it on this
YouTube channel now let's talk about an
example of some of these upand cominging
hackers maybe someone like Tess or nagly
are a prime example because not only I
consider them the newer generation of
the hackers not because they are younger
or because of an age thing but because
they started way late later in my career
and if you look at both of their Pages
they have started in 2019 so it's about
5 years ago when they first started in
bu bounties and if you take that apart
and kind of understand it it looks like
the first couple of years it's just
spend looking for vulnerabilities
understanding your skills learning more
and more and that comes with any other
industry that you go to your first few
years or at least your first two years
are going to be spend in that case and
then if you look at it later around 2021
for Nagle or 2022 is when he got to the
peak of his career and now he's
considered a million-dollar hacker and
one of the people that's been dominating
hacker ones leaderboard consistently and
if you want to compare this to other
Industries gaming and streaming are a
good way to actually compare these two
because in the peak of the pandemic
everybody wanted to become a gamer and a
streamer and don't get me wrong a lot of
them made it but Buck bounties is no
different to that people have to put in
the time they are streaming 8 9 10 hours
a day and they continued it after the
pandemic and some of them have become
some of the bigger streamers out there
and if you want to even compare them to
some of the biggest streamers you can
think about people like Dr disrespect or
shroud there they took him years and
even though you may have heard of these
people in the last couple of years they
have been streaming for multiple years
with zero viewers until they have gone
to the place that they are today that
doesn't mean that everybody wants to
become shroud or like disrespect or even
with bug bounties doesn't mean that they
want to become the next nagly or test
you may not have the same goals maybe
your goals aren't to become the next
million dooll hacker and you may want to
just do this throughout College because
you want to make some extra money build
your career or build your experience so
you can put it on a resume and get a job
you can do both of those but honestly
not everybody's goal should be to become
that and it's not for me to discourage
or to say Hey you shouldn't do this that
shouldn't be your goal but honestly I
just want to give you the reality of it
that not everyone is going to make it to
that level but again there is
opportunities for everybody it just
takes a lot of consistency now let's
talk about the truth of actually doing
the bug hunting and not just the
monetary aspects of bug bounties
honestly if you're new and you're
looking for low hanging fruit and noow
easy bugs to find well guess what you
are going to do nothing but dupes or
informatives again the first and most
important thing that I teach all of my
students during our courses or trainings
or one-on-one sessions is that if you
can't answer the question of so what so
what can I do with this vulnerability to
affect a customer's infrastructure you
probably shouldn't reported because you
have something in theory but bug boun is
in reality is based on impact if you
find something that has impact there's
still a high chance of you getting a
duplicate especially with public
programs or private programs that have
been there for a while because let's be
honest some of these programs take
forever to patch something and you're
going to get discouraged based on
getting these duplicates or invalid
submissions even to this day for
somebody as me that's been doing bug
bounties for years I still deal with
getting duplicates or even sometimes
informatives because the client or the
customer or the company that I'm hacking
on doesn't look at the vulnerability
that I have found the same way as I do
so in my head even though something
looks like a vulnerability to them it
doesn't look like it is something that
could affect them or it's a
functionality and a lot of times it
could be that I'm wrong or even in the
small chances they are wrong the entire
argument isn't worth it and I just
rather choose to move on than keep on
going back and forth why am I making
this video why is somebody that's been
making content fulltime on bug bounties
coming on here on camera and talking
about the truth behind bug bounties and
how it isn't as easy as it makes it seem
on my channel on Twitter based on other
hackers activities well there are a
couple of things one is that I don't
want the Highlight Reel or the fact that
I'm getting all these large bounties
paid to me or my account to make you
think it is easy honestly nothing in
Life or anything you do as a career is
going to to come easy with an overnight
success I had a chat with someone that
I'm going to keep him anonymous but he
kind of mentioned to me that hey with
your videos you don't show the Dark Side
of bug bounties which I don't agree that
it's dark but I see the point of the
darkness of bug bounties that people
don't get paid and people aren't getting
paid on time maybe or even bugs aren't
getting validated to the hacker
expectation and my channel and some of
my activity kind of deceives people of
that well honestly I'm not here to say
bug bounties are easy for everybody if
you see me having a good time and not
really complaining or saying anything
negative about bug bounties on my
Channel or on my social media it's
because I am sharing my personal
experience that got me to this point I'm
just showing you the highlights of my
career to not only inspire you but also
teach you some of the things that I
learned by hacking into this company so
maybe you can also leverage them and use
them to your benefit to find a
vulnerability as well so that doesn't
necessarily mean that I'm not having the
same experience as you it just means
that in the last 10 years I've finally
figured out what my hacking style is
what is it that it makes me unique but
also how do I communicate better with
these companies in order to avoid some
of these issues and that doesn't mean
that I don't deal with these issues I'm
still going in and out of these inboxes
whether it's for a Trier that I have to
go back and forth to explain my
vulnerability for them to understand in
triage it or to go back and forth for
days or even weeks sometimes to make
sure that the company understands the
impact of my vulnerability in order for
me to get paid for me it's an investment
it's a part of the job for a lot of the
people that are doing these bug Bounty
things for a hobby for just for fun to
make extra money it's just a hassle and
it's not worth the time but to me to get
my vulnerability bumped from 3,000 to
maybe 5 or $66,000 it is worth the back
and forth and it's just a part of the
job that I've accepted because I enjoy
what I'm doing with bug bounties and it
just makes it more fun or at least it
makes up for it when I have to go
through these patterns as far as finding
vulnerabilities and hacking regularly
I'm not someone that consid themselves
full-time if you look at my videos I
said that I'm a part-time bug Bounty
Hunter but most of my income comes from
bug bounties even though I do it
part-time and to actually accept that I
go through these phases where I don't
find vulnerabilities and honestly this
month alone April and March combined
I've had a really really rough time with
finding vulnerabilities but it doesn't
necessarily mean that I'm going to quit
I've just came to understand that in the
last 10 years of doing this these times
happen you have these really really high
highs where you make a lot of money or
you get you're very successful you're
hitting your goals you're getting these
bounties and finding vulnerabilities but
I know that that comes with a cost of
having some lower lows where I don't
find any vulnerabilities and I'm just
kind of sitting here going maybe it is
time for a new career I don't make
videos from those because it isn't as
entertaining or fun for people to watch
and I want to show and encourage people
to to do better instead of coming on
here complaining about my life or
complaining about bug bounties and just
giving you a negative experience based
on that so if you're seeing the success
of this Channel and you're kind of
seeing my experience remember that I'm
sharing my experience with you and it's
just to encourage you to also do this if
you have a passion for it and last but
not least the biggest thing that I want
to talk about is the passion side of bug
bounties and hacking when I started
getting into bug bounties again I want
to make this video for you if you want
to see hear my whole story drop me a
comment story but my reason that I got
into bug bounties wasn't fully to get
you know just paid from it is the
passion that I had for hacking and it's
not here to say that hey you can't make
a career out of this by just being
consistent and putting in extra hours
and working you can but if you're not
passionate about what you do and you
don't like what you do let's be honest
these little things that are duplicates
or the arguments quote unquote or the
back and forth with program and Chargers
aren't going to be as fun because you're
just having a job versus something that
you're passionate about and you have fun
with if you're watching this and still
asking the question of whether or not
bug bounties are worth it I personally
think yes and even though the number of
hackers are increasing every day I think
the number of companies that are opened
up to work with hackers are also
increasing and you can see every day
there are new programs and companies
that are launching a bug Bounty program
and last but not least a Word of Wisdom
if you want to get into bug bounties you
don't have to copy everything that
everybody else is doing watch their
content tend read their blog post
Implement those knowledgeable ideas and
the things that they're doing into your
methodology but don't get lost into
someone else's methodology be unique
learn what works with you learn what
vulnerabilities are interesting to you
look at how everybody else is
approaching it but the most creative
hackers that I have met are not only
creative and unique in their hacking
Styles and how they approach a Target
and how they look for V and abilities
but they are also the most passionate
hackers not only about security and
hacking but they just enjoy The Knack of
breaking into companies and finding
vulnerabilities and they do it with a
passion with money being the secondary
part of it and it's just a perk of doing
bug bounties and hacking into these
companies all right I really hope this
video kind of clears the air and gives
you an idea about bug bounties and kind
of brings the reality of bug bounties
into my channel hopefully I get to have
more of these candid and raw
conversations with you in the near
future if you haven't already do me a
favor hit that subscribe button like
this video and come hang out with us on
Discord peace
Ver Más Videos Relacionados
Les clés d'un Airbnb légal et rentable à Paris ou Marseille - Adlene, ex-employé chez Airbnb
COMMENT TRAVAILLER PLUS EFFICACEMENT avec la règle 80/20 *astuces productivité*
Comment gagner plus d’argent que 99% des français
Sales Training for Contractors: How to Succeed In Sales as a Builder or Contractor
“Je veux faire de l’argent mais je ne sais pas quel business lancer”
Épisode 1 : C'est quoi le marketing ?
5.0 / 5 (0 votes)