Bug Bounty bootcamp // Get paid to hack websites like Uber, PayPal, TikTok and more
Skills:
Network Security80%
How to get experience with no experience? Have a look at bug bounty programs. Vickie Li demos Insecure Direct Object References (IDOR) and tells us how to get into bug bounty. We also discuss why her book Bug Bounty Bootcamp is a fantastic book to buy if you want to get into bug bounty. Get real world experience today.
// MENU //
00:00 - In plain text!
00:24 - Introducing//Vickie Li
00:58 - Part 1//The Interview
01:01 - Origin//Bug Bounty Bootcamp
03:37 - What are Bug Bounty Programmes?
05:26 - Part Time Bug Hunting?
05:44 - Easy Way to Get Experience
07:45 - Which Bug Bounty Programmes for Beginners?
10:51 - Beginners//Don't Compete with Pros
13:15 - Duplicates as Valid Experience
14:23 - What You Need to Start
14:59 - Linux//Do You Need It?
15:55 - Automate!//Which Programming Language?
18:03 - Beginner Friendly Vulnerabilities
21:17 - Part 2//Exploiting IDOR Vulnerability Demo
21:24 - What is IDOR?
22:51 - PortSwigger IDOR Lab
24:05 - Live Chat IDOR
24:48 - View transcript
25:12 - Burp Suite Intercept
26:05 - What to Look For//IDs Aren't Always Obvious
26:56 - Burp Suite//Looking Through Headers
27:56 - Burp Suite//Repeater
28:30 - Testing View Transcript Again
29:18 - GET Request//Identifying Exploitable Endpoint
30:26 - Modifying GET Request
31:35 - Finding the right headers to modify
33:47 - Why the first attempt didn't work
34:09 - IRL//What You Would Do
34:23 - Password in Live Chat Transcript
35:40 - How to Prevent IDORs
36:01 - IDORs//Worth Pursuing?
39:57 - Bug Bounties//How to Start
41:21 - Learn More!//Vickie's Blog
41:38 - Follow Vickie's Twitter!
41:52 - Thank You & Closing
// Books //
Bug Bounty Bootcamp: https://amzn.to/3K2YDeJ
The Web Application Hacker's Handbook: https://amzn.to/3IZ2RTr
Hacking API’s by Corey J Ball: https://amzn.to/3JOJG0E
Alice and Bob learn application security by Tanya Janca: https://amzn.to/3oMyMij
Automate the boring stuff with Python: https://amzn.to/3N2QuYu
// Videos mentioned //
Nahamsec: https://youtu.be/9vaEwycet90
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from David Bombal · David Bombal · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
RYU SDN Controller Part 4: Graphical User Interface (GUI): Practical GNS3 SDN and OpenFlow
David Bombal
HPE Network Protector SDN Application Part 1 - Introduction
David Bombal
HPE Network Protector SDN Application Part 2 : DNS Interception using OpenFlow
David Bombal
HPE Network Protector SDN Application Part 3 - Lab Setup using Physical Switches
David Bombal
HPE Network Protector SDN Application Part 4 - Demo of malicious websites blocked
David Bombal
HPE Network Protector SDN Application Part 5 - Demo OpenFlow table interception flows
David Bombal
HPE Network Protector SDN Application Part 6 - Demo of Physical Switch configuration
David Bombal
HPE Network Protector SDN Application Part 7 - Demo Service Insertion Tunnel / GRE Tunnel
David Bombal
HPE Network Protector SDN Application Part 8 - Demo SDN OpenFlow Reporting
David Bombal
HPE Network Protector SDN Application Part 9 - Demo switches interception of DNS traffic
David Bombal
GNS3 Talks: GNS3 version 1.5.X Appliance Tips
David Bombal
CCNA 200-125 Exam: AAA demo: TACACS+ with GNS3
David Bombal
GNS3 2.0.0 beta 2 install
David Bombal
CCNA #012: Learn SNMP with GNS3, Wireshark and Solarwinds NPM - CCNA 200-125 exam
David Bombal
CCNA #013: Spanning Tree CCNA Exam Questions: Know the answer? CCNA 200-125 exam
David Bombal
GNS3 2.0.0 beta : GNS3 VM integration with GNS3 GUI
David Bombal
CCNA #018: Routing exam questions: Who wins? OSPF, EIGRP or RIP? Sure? CCNA 200-125 exam
David Bombal
CCNA #019: Spanning Tree CCNA Exam Questions: Root Bridge, Root Port and more: CCNA 200-125 exam
David Bombal
GNS3 Download, installation and configuration - GNS3 1.5.3 and Windows 10
David Bombal
CCNA #023 EIGRP Neighbor Troubleshooting (DUAL Issues) for the CCNA 200-125 Exam
David Bombal
GNS3 2.0 Architecture and schema Part 1: What is the GNS3 Controller?
David Bombal
GNS3 2.0 Architecture and schema Part 2: Emulators and virtualization
David Bombal
CCNA #028 VTP Troubleshooting for the CCNA 200-125 Exam
David Bombal
CCNA #029 VTP & DTP Troubleshooting for the CCNA 200-125 Exam
David Bombal
CCNA #030 VTP Troubleshooting for the CCNA 200-125 Exam
David Bombal
GNS3 : How to download Cisco IOS images and VIRL images. Which is the best? How do you get them?
David Bombal
GNS3 ASA setup: Import and configure Cisco ASAv with GNS3
David Bombal
GNS3 switching setup and options: Cisco and other switching options in GNS3
David Bombal
GNS3 switching setup and options Part 2: GNS3 unmanaged built-in switch
David Bombal
GNS3 switching setup and options Part 3: Router on a sick with GNS3 unmanaged built-in switch
David Bombal
GNS3 switching setup and options Part 4: Etherswitch Router for Cisco Dynamips Part 1
David Bombal
GNS3 switching setup and options Part 5: Etherswitch Router for Cisco Dynamips Part 2
David Bombal
GNS3 switching setup and options Part 6: Etherswitch, Wireshark, 802.1Q, InterVLAN routing
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 1: GNS3 Switching Part 7
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 2: GNS3 Switching Part 8
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 3: GNS3 Switching Part 9
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 4: GNS3 Switching Part 10
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 5: GNS3 Switching Part 11
David Bombal
GNS3 Nexus (NX-OSv) switch setup and configuration Part 1: GNS3 switching options Part 12
David Bombal
GNS3 Nexus (NX-OSv) switch setup and configuration Part 2: GNS3 switching options Part 13
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 6: GNS3 Switching Part 14
David Bombal
GNS3 Talks: Docker, Open vSwitch, SDN and OpenFlow Part 7: GNS3 Switching Part 15
David Bombal
GNS3 Cisco CSR 1000v setup and configuration Part 1: GNS3 NFV
David Bombal
GNS3 Cisco CSR 1000v setup and configuration Part 2: GNS3 NFV
David Bombal
GNS3 Talks: Use the NAT node to connect GNS3 to the Internet easily!
David Bombal
GNS3 Talks: GNS3 2.0 RC1 is now available
David Bombal
GNS3 Talks: GNS3 2.0 Portable Projects - easily export and import GNS3 projects
David Bombal
GNS3 Talks: Multiple clients sharing projects in real time, plus console session shadowing!
David Bombal
CCNA #035 NAT Troubleshooting Scenario 1 - Can you find the issue? CCNA Exam 200-125 troubleshooting
David Bombal
CCNA #036 NAT Troubleshooting Scenario 2 - Can you find the issue? CCNA Exam 200-125 troubleshooting
David Bombal
GNS3 Talks: ESXi, GNS3 VM and KVM support Part 1: leverage servers and the cloud
David Bombal
CCNA #037 OSPF Troubleshooting - can you find the issue? CCNA Exam 200-125 troubleshooting
David Bombal
GNS3 Talks: ESXi, GNS3 VM and KVM support Part 2: leverage servers and the cloud
David Bombal
CCNA #038 NAT Troubleshooting Scenario 3 - Can you find the issue? CCNA Exam 200-125 troubleshooting
David Bombal
CCNA #039 - OSPF DR, BR and DROTHER Election - do you know the answers?
David Bombal
CCNA #040 NAT Troubleshooting Scenario 4 - Can you find the issue? CCNA Exam 200-125 troubleshooting
David Bombal
GNS3 Talks: Arista vEOS GNS3 import and configuration Part 1
David Bombal
CCNA #041 - OSPF DR, BR and DROTHER Election - do you know the answers?
David Bombal
GNS3 Talks: Arista vEOS GNS3 import and configuration Part 2
David Bombal
GNS3 Talks: ipterm: Linux, Docker, Python, SDN and more! Part 1
David Bombal
More on: Network Security
View skill →
Related AI Lessons
⚡
⚡
⚡
⚡
CYBERRAKSHAK TECHNOLOGIES PVT. LTD.
Medium · Cybersecurity
Why SIEM Alerts Fail: The Gap Between Detection Logic and Real SOC Triage
Medium · Cybersecurity
5 Critical Signs Your Perth Business Network Has a Hidden Malware Infection
Medium · Cybersecurity
Weekly Threat Intelligence Report 11 May 2026
Medium · Cybersecurity
Chapters (36)
In plain text!
0:24
Introducing//Vickie Li
0:58
Part 1//The Interview
1:01
Origin//Bug Bounty Bootcamp
3:37
What are Bug Bounty Programmes?
5:26
Part Time Bug Hunting?
5:44
Easy Way to Get Experience
7:45
Which Bug Bounty Programmes for Beginners?
10:51
Beginners//Don't Compete with Pros
13:15
Duplicates as Valid Experience
14:23
What You Need to Start
14:59
Linux//Do You Need It?
15:55
Automate!//Which Programming Language?
18:03
Beginner Friendly Vulnerabilities
21:17
Part 2//Exploiting IDOR Vulnerability Demo
21:24
What is IDOR?
22:51
PortSwigger IDOR Lab
24:05
Live Chat IDOR
24:48
View transcript
25:12
Burp Suite Intercept
26:05
What to Look For//IDs Aren't Always Obvious
26:56
Burp Suite//Looking Through Headers
27:56
Burp Suite//Repeater
28:30
Testing View Transcript Again
29:18
GET Request//Identifying Exploitable Endpoint
30:26
Modifying GET Request
31:35
Finding the right headers to modify
33:47
Why the first attempt didn't work
34:09
IRL//What You Would Do
34:23
Password in Live Chat Transcript
35:40
How to Prevent IDORs
36:01
IDORs//Worth Pursuing?
39:57
Bug Bounties//How to Start
41:21
Learn More!//Vickie's Blog
41:38
Follow Vickie's Twitter!
41:52
Thank You & Closing
🎓
Tutor Explanation
DeepCamp AI