BugHunting
My Bug Hunting Journey: From Zero to Hero
// "Every expert was once a beginner. Every hacker once submitted an 'informative' bug."aHey there, fellow bughunters! 🐞 It's time to dive into the bug-hunting journey of someone who's been in your shoes—me! So grab a cup of coffee, sit back, and let's embark on this thrilling adventure, full of highs, lows, and a sprinkle of humor.
Chapter 1: The Humble Beginnings
Let’s rewind to July 2023. Picture this: I’m an eager newbie who just created an account on HackerOne, ready to uncover the mysteries of bug hunting. Fast forward to July 2024, and there I am, clueless yet full of ambition on my first official hunt. I mean, how hard could it be, right? Spoiler alert: it can be pretty challenging!
Chapter 2: The Naive Submissions
Ah, the good old days when I thought I was a wizard for finding "informative" bugs! Armed with Burp Suite and a dash of overconfidence, I started submitting bugs. Repeatedly getting "NA" and "informative" as responses, I watched my reputation points plummet like a rock—hello, -15 and counting. But did I give up? Heck, no! Dropping out of college meant bug hunting had to work for me. Cue the epic motivational montage!
Chapter 3: The First Real Catch
Then came the glorious day I found my first real bug—a blind SQL injection on the Department of Defense platform! 🎉 Okay, maybe I was just lucky, using SQLmap with some automation for that one, but who cares? A win is a win!
Chapter 4: The Agonizing Drought
But as we know, bug hunting isn't all rainbows and butterflies. Months dragged on, with only sparse bugs on the Vulnerability Disclosure Programs (VDPs). Cue the dramatic music as I realized I needed financial wins, not just glory. My dreams of rolling in bounties seemed dim… until September!
Chapter 5: The Game-Changer
September 4, 2024, is a date forever etched in my memory. My first paid bounty from a Bug Bounty Program (BBP)! Finding a Broken Access Control vulnerability that allowed me to see all users' info via the /users endpoint! 🕺💃 I’ll spill the deets in another blog, I promise!
Chapter 6: The Sweet Reward
With every submission, my skills got sharper, and to my surprise, my bank account followed. My second bounty soon followed, and I hit a cool $2K in just five months. Not bad for a beginner, huh?
Chapter 7: The Road to Mastery
Yet, nothing is ever perfect, and before long, I hit a dry spell. No bugs, no bounties. Nada. That's when it hit me—I needed to up my game. So back to the basics I went, diving into PortSwigger labs and mastering web vulnerabilities and API hacking.
I even enrolled in the free courses at APIsec University. Yes, the certification costs, but who doesn’t love some free knowledge? 🧠
Conclusion: Keep On Learning!
And here we are today, still learning and evolving in the bug-hunting journey. Remember, it's not about where you start; it's about where you're headed. So keep hacking, keep laughing, and don’t be afraid to fumble along the way.
Happy hunting, my friends! Let’s catch those pesky bugs! 🕷️
Last updated