1
00:00:00,600 --> 00:00:01,420
Hello, everyone.

2
00:00:01,950 --> 00:00:09,300
So in this video, we are going to see how we can start hunting on open book bounty platform.

3
00:00:10,170 --> 00:00:14,460
So this is this video is basically about the road map on this platform.

4
00:00:15,420 --> 00:00:16,570
So let's start.

5
00:00:17,070 --> 00:00:18,690
So you just have to open this.

6
00:00:18,690 --> 00:00:26,100
You are all that is open, but quantitate Orji into your browser and after opening this website will

7
00:00:26,100 --> 00:00:27,360
look somewhat like this.

8
00:00:33,850 --> 00:00:36,330
And yeah, so it looks like this.

9
00:00:36,750 --> 00:00:38,970
I will just go on to report a vulnerability.

10
00:00:39,510 --> 00:00:42,900
You just have to remember, guys, to handle on this platform.

11
00:00:43,170 --> 00:00:48,530
You should have a valid Twitter account and you need to log in using Twitter only.

12
00:00:49,230 --> 00:00:53,940
So, yeah, I have a Twitter account, so I'm just going to sign in with my Twitter account over here.

13
00:00:56,220 --> 00:00:58,230
So I will click on Authorize.

14
00:01:03,730 --> 00:01:09,310
Yes, so now I'm currently logged into the application, I will just click on the venerability again

15
00:01:09,850 --> 00:01:14,160
and you can see coordinated and responsible vulnerability disclosure.

16
00:01:15,160 --> 00:01:15,580
Perfect.

17
00:01:15,640 --> 00:01:24,080
I will just quickly click on I agree with the above mentioned ethics guidelines and in the vulnerability

18
00:01:24,160 --> 00:01:28,070
detail section, I'm going to choose the vulnerability that I have found out.

19
00:01:28,480 --> 00:01:29,830
So let's say exercice.

20
00:01:30,460 --> 00:01:34,080
So yeah, you can choose exercice yourself anything.

21
00:01:34,420 --> 00:01:41,110
So I'm going to choose exercise and in the exercise you all you have to give which website and which

22
00:01:41,110 --> 00:01:42,920
end point you found the exercise.

23
00:01:42,940 --> 00:01:51,240
So let's say hdb example dot com slash parameter equals to exercise.

24
00:01:51,250 --> 00:01:54,600
Let's say this is an addiction point in the post data.

25
00:01:54,910 --> 00:02:01,300
You can just give the data from Boxwood the post request which leads to this exercise.

26
00:02:04,300 --> 00:02:07,270
OK, so perfect cookies.

27
00:02:07,270 --> 00:02:13,570
If it is an authenticated one, you can give your session cookies and in the application you just produce

28
00:02:13,570 --> 00:02:14,370
custom code.

29
00:02:14,380 --> 00:02:21,010
The test and in comments section you have to write the steps to reproduce so you can just type step

30
00:02:21,010 --> 00:02:21,400
one.

31
00:02:22,270 --> 00:02:22,870
Go to this.

32
00:02:22,870 --> 00:02:31,240
You all step to hit, enter into your browser and you'll be able to see and exercise pilot execute,

33
00:02:31,390 --> 00:02:34,450
which confirms that there is a Xerces vulnerability.

34
00:02:35,680 --> 00:02:41,860
You have to click on all of this, basically check box everything and you have to click on submit.

35
00:02:43,960 --> 00:02:50,460
So after you click on Submit, your vulnerability report will be submitted to open bug bounty.

36
00:02:52,750 --> 00:02:54,130
So as you can see, thank you.

37
00:02:54,130 --> 00:02:56,800
Public vulnerability submission will be verified soon.

38
00:02:57,160 --> 00:02:59,290
So my report has been submitted.

39
00:02:59,320 --> 00:03:08,230
Obviously, this is a blank report which I submitted to demonstrate you guys and you can see it has

40
00:03:08,230 --> 00:03:12,130
been assigned that is one one four six seven nine five eighty two.

41
00:03:12,130 --> 00:03:15,190
This report, submission date data spending.

42
00:03:15,460 --> 00:03:27,160
And yeah, basically this report is will be verified and it will go in if it is a valid vulnerability

43
00:03:27,160 --> 00:03:30,520
is going to go into this on on hold section over here.

44
00:03:32,050 --> 00:03:36,550
If it is not a valid report, it is going to go in rejected submissions.

45
00:03:42,170 --> 00:03:47,210
These are some blog posts which you can read people keep writing about vulnerabilities that they find.

46
00:03:50,000 --> 00:03:55,340
And the researcher account settings, you can see you can keep your profile settings, you can write

47
00:03:55,400 --> 00:03:59,630
an intro, how to contact you, your contact certifications, if any.

48
00:04:00,140 --> 00:04:02,390
And Hall of Fame, if you have done any.

49
00:04:02,510 --> 00:04:04,280
And you can just save this profile.

50
00:04:07,460 --> 00:04:09,050
So a very simple.

51
00:04:12,010 --> 00:04:16,910
Functionality over this open book, Open Bermondsey platform.

52
00:04:16,930 --> 00:04:20,950
It is very simple and very convenient to report vulnerabilities.

53
00:04:21,730 --> 00:04:28,660
Now, one most important thing to remember is in open book, Bundgaard is not like programs or anything

54
00:04:29,140 --> 00:04:34,470
like we saw on Hagaman on Backout in open book Bondie.

55
00:04:34,480 --> 00:04:41,290
This is basically by open source community, which means you can try to report any vulnerability that

56
00:04:41,290 --> 00:04:43,080
you find onto the Internet.

57
00:04:43,420 --> 00:04:51,130
So any vulnerability into any application of any country, you can report that valid bug over here.

58
00:04:52,360 --> 00:05:00,400
OK, so there is a lot of big scope of you reporting valid vulnerabilities on all platform because there

59
00:05:00,400 --> 00:05:08,020
are millions and millions of website and you can just test them, make them they are testing playground.

60
00:05:09,310 --> 00:05:16,270
But remember, do not do any types of intrusive testing or any misuse of the data if you have found

61
00:05:16,270 --> 00:05:22,360
a valid vulnerability on any website, just tried to report it over year after reporting that vulnerability

62
00:05:22,360 --> 00:05:30,550
or whether you're open about Bondie research team will try to connect with that program or that company

63
00:05:30,550 --> 00:05:32,140
and they will try to fix it.

64
00:05:32,920 --> 00:05:38,950
After fixing, those people will get in touch with you and they are going to reward you with some swag

65
00:05:39,280 --> 00:05:42,370
or Hall of fame or maybe rewards.

66
00:05:43,780 --> 00:05:44,940
It depends on the company.

67
00:05:46,300 --> 00:05:51,660
If I go to my dashboard, as you can see, whatever I have done over the years.

68
00:05:52,630 --> 00:05:55,720
So this is the first thing I'll go into recommendation.

69
00:05:55,720 --> 00:06:01,260
If anyone gives you a recommendation and it comes over your badges if you own any badge.

70
00:06:01,270 --> 00:06:09,220
So as you can see, the first badges for 10 plus website, second badge is for 50 plus 500 plus websites.

71
00:06:09,220 --> 00:06:14,220
If you report valid vulnerabilities, last is 1000 plus.

72
00:06:14,560 --> 00:06:17,740
Similarly, there are a lot of bad badges which can unlock.

73
00:06:17,740 --> 00:06:23,820
I haven't logged one blog or a batch which I which I wrote a year ago.

74
00:06:25,690 --> 00:06:28,240
OK, so you can earn your badges, statistics.

75
00:06:28,240 --> 00:06:33,930
You can see whenever you are hunting blog you can write and you can read blogs.

76
00:06:35,260 --> 00:06:35,830
Perfect.

77
00:06:36,460 --> 00:06:38,110
So I hope you guys understood this.

78
00:06:38,620 --> 00:06:43,840
Let's go in the Hall of Fame, top security researcher and see the top security researchers list.

79
00:06:44,320 --> 00:06:52,900
You can see is this research at risk, which is Kalvin has helped in batching one seven four one six

80
00:06:53,800 --> 00:06:54,510
programs.

81
00:06:54,520 --> 00:06:56,620
So he has submitted those many reports.

82
00:06:57,280 --> 00:07:05,560
Let's go to the profile and you can see the literature reputation is this much fixed, these many websites

83
00:07:06,070 --> 00:07:08,350
in the certificate you can see open.

84
00:07:08,350 --> 00:07:17,290
But Banty has given an outstanding researcher certificate to this user because the user has submitted

85
00:07:17,290 --> 00:07:21,550
a lot of reports and help to fix a lot of vulnerabilities.

86
00:07:22,630 --> 00:07:28,240
You guys can also get the certificate by reporting valid vulnerabilities for around fifty two hundred.

87
00:07:28,840 --> 00:07:31,060
And you will also get a certification.

88
00:07:34,420 --> 00:07:44,200
Perfect, you can see what are the reported vulnerabilities where the fuse is also, so, yeah, this

89
00:07:44,200 --> 00:07:44,640
is it.

90
00:07:45,190 --> 00:07:52,600
I hope you guys understood how we can create an account on this website and we can start our bug bounty

91
00:07:52,600 --> 00:07:54,640
hunting journey onto this platform.

92
00:07:55,330 --> 00:07:56,380
I hope this helps.

93
00:07:56,680 --> 00:07:57,460
Thank you, guys.

94
00:07:58,060 --> 00:07:58,900
Thank you so much.