Doge The Bounty Hunter

an0malous    31st Jul 2019   

Hunting for Bugs

I decided to take on a new role since it doesn't seem that there are too many people that want to pay me to build them a website. I'm not able to find anyone who wants me to help them with their network or workstations either. I'm not really sure what I'm doing wrong, but it seems like I'm just stuck here doing not much of anything.

I tried submitting my resume to land that job as a developer that I've always wanted, but all I saw was a ton of rejection emails for about a couple of weeks. So if I can't get paid to make things, I guess I'll see if I can get paid to break things, right?

Well, I submitted my first report thinking that I was doing a good thing, but it didn't turn out as expected. Blame it on my ignorance, or what have you, but it wasn't as bad as it seems. Yes, I'm the guy that submitted a false positive for his first report, but it felt good to get that first one out of the way. As much as I wanted it to be a valid bug, it was also great to get the anxiety of rejection out of the way. I jumped the gun, and rather than actually digging deeper to build up a concrete PoC, I just blindly submitted it thinking that it was going to be OK. Lesson learned.

Back to the Drawing Board

Ok, so now we go back to square one to start reinforcing everything we learned. But this time we move forward knowing that it isn't good enough to just blindy submit reports without any concrete evidence or PoC. Now what? Well, what have we learned about learning? Let's revisit some of the things we went over when studying for the Linux+ exam and carry those over to where we are at.

Here is what we can do:

  1. Submit blog articles on methodologies, attacks, and techniques.
  2. Demonstrate learned skills on various available resources.
  3. Learn and review available tools.
  4. Read vulnerability reports and disclosures.
  5. Join a community and participate in discussion.

At the moment, that list seems to be and OK place to start. I think if I'm going to be writing blogs, I might actually split them up between my personal blog here, and the AFS Labs blog for the more technical stuff. The main reasoning behind that is that I don't want to post pictures on my personal blog.

I'm sure there will be someone or multiple someones reading this that are going to tell themselves, "well yeah, that's common sense." Well, it doesn't seem that there are too many great guides to start with as a beginner. Most assume that you already know how to think like a hacker and tell you to just start hacking away at vulnerable web applications. I guess the point to understand there is that nobody can teach you how to think, that is up to you to start thinking critically and outside the box. Is there any way to help inspire someone to get into that mindset?

/out

I'm actually surprised this blog turned out to be this long... I didn't anticipate having so much on my mind to share. Anyway, that's it for now. Peace.



Tweet This!

Categories






Archive

Soon...


Social Media

       


Donate

     
HTB Badge