BugHunting
Hey there, fellow bughunters! đ Itâs time to dive into the bug-hunting journey of someone whoâs been in your shoesâme! So grab a cup of coffee, sit back, and letâs embark on this thrilling adventure, full of highs, lows, and a sprinkle of humor.
Chapter 1: The Humble Beginnings
Letâs rewind to July 2023. Picture this: Iâm an eager newbie who just created an account on HackerOne, ready to uncover the mysteries of bug hunting. Fast forward to July 2024, and there I am, clueless yet full of ambition on my first official hunt. I mean, how hard could it be, right? Spoiler alert: it can be pretty challenging!
Chapter 2: The Naive Submissions
Ah, the good old days when I thought I was a wizard for finding âinformativeâ bugs! Armed with Burp Suite and a dash of overconfidence, I started submitting bugs. Repeatedly getting âNAâ and âinformativeâ as responses, I watched my reputation points plummet like a rockâhello, -15 and counting. But did I give up? Heck, no! Dropping out of college meant bug hunting had to work for me. Cue the epic motivational montage!
Chapter 3: The First Real Catch
Then came the glorious day I found my first real bugâa blind SQL injection on the Department of Defense platform! đ Okay, maybe I was just lucky, using SQLmap with some automation for that one, but who cares? A win is a win!
Chapter 4: The Agonizing Drought
But as we know, bug hunting isnât all rainbows and butterflies. Months dragged on, with only sparse bugs on the Vulnerability Disclosure Programs (VDPs). Cue the dramatic music as I realized I needed financial wins, not just glory. My dreams of rolling in bounties seemed dim⊠until September!
Chapter 5: The Game-Changer
September 4, 2024, is a date forever etched in my memory. My first paid bounty from a Bug Bounty Program (BBP)! Finding a Broken Access Control vulnerability that allowed me to see all usersâ info via the endpoint! đșđ Iâll spill the deets in another blog, I promise!
Chapter 6: The Sweet Reward
With every submission, my skills got sharper, and to my surprise, my bank account followed. My second bounty soon followed, and I hit a cool $2K in just five months. Not bad for a beginner, huh?
Chapter 7: The Road to Mastery
Yet, nothing is ever perfect, and before long, I hit a dry spell. No bugs, no bounties. Nada. Thatâs when it hit meâI needed to up my game. So back to the basics I went, diving into PortSwigger labs and mastering web vulnerabilities and API hacking.
I even enrolled in the free courses at APIsec University. Yes, the certification costs, but who doesnât love some free knowledge? đ§
Conclusion: Keep On Learning!
And here we are today, still learning and evolving in the bug-hunting journey. Remember, itâs not about where you start; itâs about where youâre headed. So keep hacking, keep laughing, and donât be afraid to fumble along the way.
Happy hunting, my friends! Letâs catch those pesky bugs! đ·ïž