This is crazy!!! I am really glad that you all are enjoying this video

Thank you all again for the love and support 💪

Two more bounties of this month!

Got invitation from a private program! They are really paying HUGGGEEEE bounty!!

Finally, I have finished shooting the last video of this month!
This video is very special, as it will really help beginners during their hacking journey

Releasing it in this week😉

Video scheduled! I am sure this new video will help you all (specially beginners) in the field of bug bounty!!

Release Date: 29th Sept 2024 (Sunday 11:30am IST)

#Discussion 4: What's the most underrated tool that you would recommend to bug bounty hunters?

HI everyone, New video is out! Check out how we can turn an informative report into traiged with these 3 effective ways!
https://www.youtube.com/watch?v=UEz_DKfmmCc

While i have shared a lot of my bug bounty success story with you all, let me share story of my failures!

You know, When i was starting bug bounty hunting, I was unable to report a valid vulnerability for 6 month straight! Every report that i submitted got marked as informative, not applicable and duplicate! At that time, i was very demotivated, stressed and depressed. I was thinking, "Maybe bug bounty is not my thing" but suddenly, I started questioning myself:
1. Didn't i wanted to learn cyber security because it is my passion?
2. Am i only focusing on reporting vulnerabilities instead of improving my skills?

By asking these questions, I understand one thing: I need to switch my focus on learning, improving and hacking instead of getting demotivated because i was not getting any rewards! And eventually, I was able to get that first vulnerability and now i can easily say that i am the better version of myself than before!

In this same month, BePractical reached about 1k subscribers!!
I remember how I used to create videos in my hostel... The audio quality were very poor at that time since there were always students who kept fighting outside my room since my room was near canteen😂... But still you people supported me... Thanks a bunchhh!!!!!!!! ❤️

Keep hacking

Hi everyone! We are excited to let you know that bepractical.tech website is back online! Unfortunately, We needed to remove the labs since there were some really critical vulnerabilities identified by us and few of our subscribers. However, we will be launching labs very soon. Stay tuned

Started working on a new video! Coming soon

Hi everyone! I have a great news to share with you all. After a lot of struggle, I am very excited to tell you all that i'll be doing live session with all you on the topic of Server Side Request Forgery! The webinar will be around 2 hrs long and will cover everything about ssrf from basics to advanced. The best part? IT WILL BE FREE FOR EVERYONE! We are going to do it in the month of November! See you all soon

Hi everyone! Excited to tell you all that i have finished creating a new video and it will be releasing tomorrow 11am IST! This video will help beginners to understand one of the very common misconfiguration in web application in depth. At the end of this video, you will be able to understand everything about that misconfiguration and then also learn how to fix it! Hope you all will like it.

Thanks again for all your support
Keep learning & Keep hacking 💪🏻

Hi everyone, The new video is out!
Check it here: https://www.youtube.com/watch?v=y0BnRuCdX-0

Hi everyone, On this special occasion of getting over 1M views on YouTube and 20K+ subscribers, I'll be conducting a webinar on Securzy on server side request forgery absolutely free!



If you are interested, then make sure to register yourself using the link: https://lab.securzy.io/c/securzy-events/bug-bounty-all-about-ssrf



Keep learning & Keep hacking!

Note: The recordings on this webinar could be paid so it will be best if you all can watch live!

Hi everyone, Please make sure to register using your actual email address for the event otherwise you'll get removed.

Thank you!!!

Have you ever struggled with rate limits during content discovery? Here's how to break through without slowing down.






I just released a video where I walk you through a step-by-step guide on bypassing rate limits using IP rotation through Tor. Whether you're diving into bug bounties, ethical hacking, or just honing your content discovery skills, knowing how to handle rate limits can make a huge difference. In the video, I explain how to use Tor to rotate IPs efficiently so you can keep your exploration seamless and uninterrupted.

If you're looking for actionable techniques that actually work, this video is for you. Check it out and take your content discovery skills to the next level.

Video Link: https://www.youtube.com/watch?v=lbpFBYTpyPg

Let me know your thoughts or if this approach has been helpful to you.

In one of my recent pentest, I was able to hack their zimbra webserver which is used to handle their emails. Once logged in, I was able to read all their private emails, get organization details and lot of other sensitive data!



Here's how i did that:

1. Their main application was created on angular. So by reading the source code, I identified some internal api endpoints.

2. Upon sending the request to these api endpoints, I was able to grab the credentials for webserver.

3. Enumerated all subdomains to find their mailing server and tested the creds

4. Got access to the portal!!!! (Sample picture attached for reference)



Tip: Always keep a close look at the source code, You might find something juicy there😉

See you all tomorrow!