NahamSec Courses

Career and Community Building with Bug Bounties

Panel discussion on leveraging bug bounties for career growth, knowledge expansion, and community building in infosec. Experts share insights on how bug bounties have impacted their professional journeys.

• YouTube
• 1 hour 8 minutes
• On-Demand
• Conference Talk

Putting Your Mind to It - Bug Bounties for 12 Months

Insights into successful bug bounty hunting strategies and experiences over a 12-month period, focusing on mindset, persistence, and effective techniques for finding vulnerabilities.

• YouTube
• 36 minutes
• On-Demand
• Conference Talk

Hacking IIS

Explore advanced IIS hacking techniques, including HTTPAPI 2.0 assets, VHost hopping, local file disclosure, and complex XXE vectors. Learn to leverage tools like DNSpy for effective web application security testing.

• YouTube
• 22 minutes
• On-Demand
• Conference Talk

Learn to Hack - Choose a Target - Get a Bounty

Practical guide to overcoming initial challenges in bug bounty hunting, covering automation, reconnaissance, common vulnerabilities, and essential hacking skills for beginners.

• YouTube
• 23 minutes
• On-Demand
• Conference Talk

Just Give Me a Trial, Please

Overcoming obstacles in hacking enterprise software for bug bounty programs: experiences and advice on tackling third-party vendor products and obtaining trial access.

• YouTube
• 27 minutes
• On-Demand
• Conference Talk

Using Chromedp to Hunt for Prototype Pollution

Learn to use Chromedp in Go for detecting prototype pollution at scale, enhancing your ability to identify and address this client-side security vulnerability efficiently.

• YouTube
• 38 minutes
• On-Demand
• Conference Talk

Live Recon and Google Dorking on the Department of Defense Vulnerability Disclosure Program

Explore live reconnaissance and Google dorking techniques on the Department of Defense's Vulnerability Disclosure Program, featuring insights from @thedawgyg.

• YouTube
• 1 hour 9 minutes
• On-Demand
• Free Video

Live Recon on Snapchat - Demonstration of Amass, FFUF, and SecurityTrails

Explore live reconnaissance techniques on Snapchat using tools like amass, FFUF, and SecurityTrails in this hands-on demonstration with @ITSecurityGuard.

• YouTube
• 1 hour 42 minutes
• On-Demand
• Free Video

Bug Bounty Seminar with Verizon Media's Paranoids

Explore bug bounty hunting with Verizon Media's Paranoids team. Learn strategies, techniques, and insights to enhance your cybersecurity skills and potentially earn rewards.

• YouTube
• 2 hours 3 minutes
• On-Demand
• Free Video

Getting Into Bug Bounty - Recon, Automation, and Triage

Explore bug bounty hunting with insights on reconnaissance, automation, and triage from @ITSecurityguard. Learn key strategies for success in this cybersecurity field.

• YouTube
• 1 hour 15 minutes
• On-Demand
• Free Video

Bug Bounties, Pulse Secure Research, and Hacking the US Department of Defense - Interview with Alyssa Herrera

Insightful discussion on bug bounties, cybersecurity research, and ethical hacking experiences, featuring expert insights from Alyssa Herrera on various high-profile targets.

• YouTube
• 56 minutes
• On-Demand
• Free Video

Learning JavaScript for Hacking - Interview with Filedescriptor

Explore JavaScript for hacking, reconless techniques, and Twitter vulnerabilities with expert insights on enhancing cybersecurity skills and ethical hacking practices.

• YouTube
• 1 hour 10 minutes
• On-Demand
• Free Video

A Heaven for Hackers - Breaking Web Security Virtual Appliance

Explore web security vulnerabilities and hacking techniques through hands-on demonstrations, focusing on methodology, enumeration, and exploitation of common weaknesses in web applications.

• YouTube
• 25 minutes
• On-Demand
• Conference Talk

Security Training at the Harbor - Running CTFs with Docker

Learn to run Capture The Flag (CTF) competitions using Docker, enhancing cybersecurity skills through hands-on challenges and containerized environments.

• YouTube
• 27 minutes
• On-Demand
• Free Video

Practical Attacks Using HTTP Request Smuggling

Explore practical HTTP request smuggling attacks, including CL.TE/TE.CL desync techniques, testing methods, and real-world examples. Learn to exploit vulnerabilities for session stealing and response queue poisoning.

• YouTube
• 45 minutes
• On-Demand
• Conference Talk