Walking the path: october 2021

This post is the first of its series, which I intend to update on a monthly basis. As I've been working / studying in offsec and bug bounty hunting on my own for a good part of the year, I want to keep myself accountable by making my goals public and reflecting on my progress.

Who knows, some others might benefit from this, especially if you're studying in a similar field! Sharing breakthroughs and struggles alike can't hurt either way.

Current goals

In september, my main goal was to find my first bug on hackerone from a program I picked a while ago. I did find vulnerabilities (and harmful ones at that) but sadly, those I found were either out-of-scope or obvious duplicates (like an s3 bucket already filled with... test files from other bug hunters).

This experience proved to be enlightening nonetheless: I've mainly been a CTF person, practicing on TryHackMe and similar platforms and it certainly feels good to know that the skills I acquired do translate in a real scenario. It might be dupes or simply out-of-scope, but those are still real vulnerabilities. I just have to keep looking, and keep learning along the way.

All in all, I am currently juggling with the following goals:

Those are the most important items on my checklist, but I have secondary goals I'd like to tackle too. I won't put too much pressure on myself, but it'd still be nice if I could get around those at some point:

One (anxiety-inducing) fact that I keep reminding myself of is my limited time: in 4 months from now, I won't have the financial means to keep working full-time on my micro-company. This essentially means that I'll have to find some other source of income and do bug bounty hunting on my free time, unless I get good enough to earn some basic revenue out of it.

I'm fully aware that this is unlikely to happen so fast, yet I have nothing to lose. Worst case scenario, I will learn a lot and be able to make use of that knowledge in my free time.

Anyway, that's the plan for this month. Gonna put my back into it, see you soon!

~ Want to leave a comment about this post? You can send me a message on CuriousCat without an account, or reply on Twitter if you like!