1

00:00:00,840 --> 00:00:01,600

Hello, everyone.



2

00:00:02,310 --> 00:00:10,140

So in this video, we are going to see a bug bounty platform, which is very famous, and this particular



3

00:00:10,140 --> 00:00:14,180

platform host a lot of programs from Europe.



4

00:00:14,790 --> 00:00:17,160

So the platform is integrity.



5

00:00:17,820 --> 00:00:23,190

They just have to go to this particular you are that is logging on integrity dot com.



6

00:00:24,090 --> 00:00:31,980

And you can just sign up your account if you don't have the registration process is pretty simple.



7

00:00:31,980 --> 00:00:38,010

You just need to give the user name that you would like to have under this particular dashboard, that



8

00:00:38,010 --> 00:00:43,350

email address, your phone number, any strong password with a good entropy.



9

00:00:44,130 --> 00:00:45,570

And you should agree this.



10

00:00:46,170 --> 00:00:53,760

After you hit on create account, you will get a verification email onto your email inbox.



11

00:00:54,390 --> 00:00:59,690

After you have verified your email, then you just need to login.



12

00:01:00,540 --> 00:01:05,580

So I'm just going to login because I already have created an account on integrity.



13

00:01:08,080 --> 00:01:16,690

So once you hit on a in or logon, this is how the dashboard will look like you can see over here.



14

00:01:17,080 --> 00:01:19,060

Welcome back, Robert Schieffer.



15

00:01:19,120 --> 00:01:22,260

This is a user name that have kept for my account.



16

00:01:23,290 --> 00:01:32,800

The first view that you can see is the program's preview, wherein you can see the programs which are



17

00:01:32,800 --> 00:01:35,790

being attached onto the integrated platform.



18

00:01:35,800 --> 00:01:42,440

As you can see, this particular program which is set to vote in this particular program.



19

00:01:42,460 --> 00:01:44,200

You can see it is a public program.



20

00:01:44,920 --> 00:01:51,880

And you can see on the right hand side there are three checkbox, the first checkboxes I.D. check required,



21

00:01:51,880 --> 00:02:00,280

which means you need to verify your I.D. Remember, this I.T. verification is not your email verification.



22

00:02:00,640 --> 00:02:07,510

This I.T. verification is a you need to upload your identity card onto this particular platform that



23

00:02:07,510 --> 00:02:10,060

we are just going to see in just a couple of minutes.



24

00:02:10,450 --> 00:02:14,760

From the settings, you can upload your verification ID card.



25

00:02:15,190 --> 00:02:21,850

And based on that, once your I.D. verified and then you can start hunting on those programs which have



26

00:02:21,850 --> 00:02:29,530

this I.D. check required or it has been checked for now for this particular case and to this particular



27

00:02:29,530 --> 00:02:32,980

platform, it does not require any check.



28

00:02:33,910 --> 00:02:37,050

That's why we can start hunting directly onto this program.



29

00:02:38,320 --> 00:02:43,690

Suspended means I have noticed integrity.



30

00:02:43,750 --> 00:02:50,710

Whenever any particular security researcher phones and venerability into any program, they are suspended



31

00:02:50,710 --> 00:02:53,440

for some time, at least for two days.



32

00:02:53,800 --> 00:03:03,040

And once they track that particular bug and once they are into the process of triaging it, then they



33

00:03:03,070 --> 00:03:04,000

open it again.



34

00:03:04,000 --> 00:03:10,600

For other researchers to submit whatever bugs that I have submitted on integrity, I have seen this.



35

00:03:10,930 --> 00:03:12,220

They accept the bug.



36

00:03:12,670 --> 00:03:16,300

They suspend the program while the program is suspended.



37

00:03:16,310 --> 00:03:18,970

You cannot send new reports.



38

00:03:18,970 --> 00:03:20,180

You have to remember that, OK.



39

00:03:21,040 --> 00:03:21,480

All right.



40

00:03:21,790 --> 00:03:28,060

So as you can see over here for this particular program, which is DPG media, any check is not required.



41

00:03:28,510 --> 00:03:32,960

You get reputation points and it also produced your report.



42

00:03:32,980 --> 00:03:36,520

So let me just show you, how does it look like if I click on open program?



43

00:03:37,210 --> 00:03:41,500

So let me just click on Open program.



44

00:03:43,680 --> 00:03:46,530

And you can see what here it looks something like this.



45

00:03:47,490 --> 00:03:56,250

This is the description and these other bounties that they pay for various severity of the particular



46

00:03:56,250 --> 00:03:59,130

bug that you have found out as against for the law.



47

00:03:59,160 --> 00:04:00,200

They are not being anything.



48

00:04:00,210 --> 00:04:02,190

It is a zero euros for medium.



49

00:04:02,190 --> 00:04:03,720

It is 250 high.



50

00:04:03,780 --> 00:04:05,250

700 critical.



51

00:04:06,270 --> 00:04:08,190

Eleven hundred exceptional.



52

00:04:08,190 --> 00:04:09,330

2000 euros.



53

00:04:09,970 --> 00:04:10,500

All right.



54

00:04:10,860 --> 00:04:16,890

After you have seen this bounty, this section, if you move down over here, you can see the domain



55

00:04:16,890 --> 00:04:18,700

section, which is very, very important.



56

00:04:19,470 --> 00:04:24,150

Over here, you can see the particular yards which are into the scope.



57

00:04:24,890 --> 00:04:31,560

Remember those particular you ordered it which are in the scope, should only be tested in case you



58

00:04:31,560 --> 00:04:40,320

are testing any other are which are not in school, may result or end up in are not applicable type



59

00:04:40,320 --> 00:04:41,260

of submission.



60

00:04:41,790 --> 00:04:49,920

So remember, whatever, whatever is in school only report on those particular programs.



61

00:04:50,220 --> 00:04:50,670

All right.



62

00:04:51,000 --> 00:04:52,180

So now you get a..



63

00:04:52,260 --> 00:04:58,500

These are the particular domains are subdomains which are valid to report.



64

00:04:59,320 --> 00:05:06,240

If I just scroll down that you can see in scope, this is OK, out of scope and out of school, you



65

00:05:06,240 --> 00:05:10,260

can read whatever books are considered to be out of scope.



66

00:05:10,260 --> 00:05:14,820

So do not try to report these types of one relative.



67

00:05:15,330 --> 00:05:23,430

For example, let's say see a screen action or hyperlink in nature or takeover's or sition issues.



68

00:05:23,760 --> 00:05:28,680

But intuition does not get logout or frustration does not get expired.



69

00:05:28,680 --> 00:05:33,330

These types of issues are considered to be out of school for this particular program.



70

00:05:34,080 --> 00:05:34,650

All right.



71

00:05:35,160 --> 00:05:39,180

If you see on the right hand side, hold on tight.



72

00:05:39,210 --> 00:05:45,960

This program is currently suspended, which means some researcher has recently submitted a report which



73

00:05:45,960 --> 00:05:52,800

you can see or hear last contributor's, which have been contributing and reporting the vulnerabilities.



74

00:05:53,130 --> 00:05:59,510

For now, you cannot report a new unknowability until this program is reactivated or resumed again.



75

00:06:00,180 --> 00:06:01,270

This is the leader board.



76

00:06:01,410 --> 00:06:08,310

All the security researchers who find a valid vulnerability can be seen over here on the right hand



77

00:06:08,310 --> 00:06:08,700

side.



78

00:06:09,840 --> 00:06:10,320

All right.



79

00:06:10,770 --> 00:06:12,540

Let's go back to the dashboard.



80

00:06:13,230 --> 00:06:14,970

And now we understand this.



81

00:06:15,990 --> 00:06:21,630

If I click on programs, then you will be able to browse programs according to your need.



82

00:06:22,740 --> 00:06:25,530

Or here you can see I have got invite as well.



83

00:06:26,100 --> 00:06:35,090

So invite is an amazing feature in which you get those particular programs, which are only there for



84

00:06:35,100 --> 00:06:36,210

few researchers.



85

00:06:36,270 --> 00:06:38,680

So these are not public programs.



86

00:06:38,700 --> 00:06:39,200

All right.



87

00:06:39,510 --> 00:06:44,730

So these two programs, if I accept them right, then I can start hunting on these programs.



88

00:06:44,730 --> 00:06:50,750

But these programs are only invite only as you can see or hear this particular program exist out.



89

00:06:50,760 --> 00:06:56,870

There is a public program, which means this is available for everyone to hunt down and find vulnerabilities.



90

00:06:57,360 --> 00:07:04,860

But this program is invite only because I've accepted the invite and it's coming under all programs.



91

00:07:05,190 --> 00:07:08,070

Again, see, this program is invite only.



92

00:07:08,850 --> 00:07:16,710

So those programs which are considered as invite only, are a good source to hunt one's abilities on



93

00:07:16,710 --> 00:07:21,450

because there are only few security researchers who could get these invite.



94

00:07:22,050 --> 00:07:30,570

So the scope is high that you may end up finding a valid one lability because less number of hackers



95

00:07:30,570 --> 00:07:30,960

are less.



96

00:07:30,960 --> 00:07:35,040

Number of security researchers are going to hunt on these particular programs.



97

00:07:36,100 --> 00:07:36,690

All right.



98

00:07:38,190 --> 00:07:42,660

If I can show more, then you will be able to see all the invite that you have got.



99

00:07:42,660 --> 00:07:45,270

As you can see, I have got all of these in right.



100

00:07:45,270 --> 00:07:48,840

But I haven't accepted any till now.



101

00:07:49,380 --> 00:07:54,420

If I go in activity, you will be able to see the activity that has been happening.



102

00:07:54,900 --> 00:07:57,240

So you can see these programs are suspended.



103

00:07:57,240 --> 00:07:58,890

The program this program is open.



104

00:07:59,610 --> 00:08:01,180

This program is suspended.



105

00:08:01,180 --> 00:08:02,700

Then again, it got open.



106

00:08:02,700 --> 00:08:09,180

And so if I go and be out in the field, you'll be able to see whatever be out you are getting.



107

00:08:09,600 --> 00:08:13,020

So you can see I have got to be out on five.



108

00:08:13,020 --> 00:08:14,370

Twenty seven, twenty twenty.



109

00:08:15,180 --> 00:08:18,180

That was a 150 euros.



110

00:08:18,720 --> 00:08:24,450

This particular vulnerability was no limit on what little phone number to call.



111

00:08:25,620 --> 00:08:27,030

All right, let's come back.



112

00:08:27,930 --> 00:08:34,590

And in my submission to you will be able to see the submissions that you have been on to this particular



113

00:08:34,590 --> 00:08:35,190

program.



114

00:08:35,190 --> 00:08:42,000

So as you can see, these are the submissions that I have performed on this particular program, if



115

00:08:42,000 --> 00:08:42,600

I will click over.



116

00:08:42,710 --> 00:08:50,120

Here onto my profile and I will click on my activities, then you will be able to see whatever activities



117

00:08:50,120 --> 00:08:55,910

I have done and I have a report, you will be able to see your ranking over here, the country that



118

00:08:55,910 --> 00:09:03,350

you are renting from your reputation point, your LinkedIn profile, your streak streak is basically



119

00:09:03,350 --> 00:09:05,800

what types of bugs you are reporting.



120

00:09:06,290 --> 00:09:12,680

So if you report highly critical vulnerabilities, it will be critical, high, medium, low.



121

00:09:12,680 --> 00:09:19,130

And your Twitter handle, as you can see, submission stats, 80 percent relevant abilities to accept



122

00:09:19,190 --> 00:09:21,500

it face a top contributions.



123

00:09:21,500 --> 00:09:28,220

As you can see over here, I'm the top contributor in these particular three programs, which means



124

00:09:28,220 --> 00:09:30,110

I'm into that Hall of Fame.



125

00:09:33,430 --> 00:09:41,200

Yes, so now if I click on edit settings, then it is going to take me to my settings tab, as you can



126

00:09:41,200 --> 00:09:42,500

see over here.



127

00:09:43,180 --> 00:09:47,250

Your identity has successfully been checked and verified.



128

00:09:47,740 --> 00:09:56,080

So you also have to verify your ID then only you are able to hand in to specific programs which are



129

00:09:56,080 --> 00:09:57,550

required in check.



130

00:09:58,570 --> 00:10:04,930

Now, if I scroll down, you can see your preferred payment method so you can add your PayPal or anything



131

00:10:04,930 --> 00:10:06,940

that you like or into there.



132

00:10:07,420 --> 00:10:11,020

On the right hand side is my financial information.



133

00:10:11,020 --> 00:10:13,420

Your Tea Party should say whatever you want.



134

00:10:14,110 --> 00:10:16,900

You can go in profile and you can change your profile settings.



135

00:10:16,900 --> 00:10:19,350

You can go in password and change your password.



136

00:10:19,810 --> 00:10:26,080

You can go into Effy and you can enable your Two-Factor authentication so that you will be able to login



137

00:10:26,080 --> 00:10:31,360

with authenticator app or with your mobile phone or TV.



138

00:10:32,260 --> 00:10:33,630

So this is it for this video.



139

00:10:33,820 --> 00:10:40,780

I hope you guys understood how you can sign up on this particular platform and you can start commenting



140

00:10:40,780 --> 00:10:41,660

on programs.



141

00:10:42,010 --> 00:10:42,550

Thank you.