1/n Initially starting everyone does mistakes, we grow up learning from others . So don't give up keep learning and stay persistent
2/n Stay humble with triagers, but there are times when ur report is valid but might be mistaken due to unseen reasons . it happened to me many times but have to be persistent in report and explain why i think it is valid or no dup
3/n most important thing i learnt is either be fast or do your own research and find ur own way. Whenever a program is fresh , spend more time on it and be fast. Top its leaderboard , once u do so be persistent and keep hunting. dont let others catch u🙃
3/n i did absolutely 0 recon in this two years , all approach was manual but recon will enhance ur knowledge , u'll find new assets to hack on, unseen or undiscovered assets by others
5/n I never looked for lfi, ssrf,rce,etc. My bugs included security misconfigurations, authentication bypass, business logic error and i still hit many criticals . So if u never look u will never find. So i focused on what i love but it'll change soon i am pretty sure
6/n i got many n/a because i saw some report disclosed on h1 hacktivity and it was. rewarded, same was case in other programs i hunted. reported but got n/a or have to self close. so it depends on team if they consider it valid or not
7/n Whenever i feel bored, i did some labs, read writeups/articles/blogs, watched videos!
8/n The first year went to learning , i bought new laptop and upgraded myself. Then i had clear goal of what to do. One thing is all want quick success but great things take time , 2-4 years or more . it depends person by person, consistency and seriousness towards it
9/n don't copy what others do, use ur own methodology if u want to avoid dupes, stick to 2-5 programs and understand their core to find more bugs easily.
10/n we all have own preferences, i personally like webapps with role functionality meanwhile someone might love to test commerce websites so u can just pick some and get started
11/n there is no need to rush, success isn't quick. It takes time , focus on ur mental health too. I dont believe there is a thing like burnout, its just u are pushing urself too much. Remember that timing matters too and ofc luck do matters somehow
12/n to avoid getting bored, u can just do other things like read/write related to same field or just do opposite of it whatever u prefer or gives u mental piece
13/ the more u learn, the more is there to learn. Cybersecurity is evolving field. Everyday there is new thing to learn. So to keep urself updated subscribe to podcasts, newsletters, etc
14/ i still get informatives and n/a sometimes no wonder xD. Spend ur time in learning more and hunt occasionaly in between or according to ur time management
15/n lets say i hit around 10k$ bounty in first year . The good thing was persistency and continuous learninng, exposure to many functionalities etc made me hit same amount in a week. So u can see the progress. the more u learn the more u earn! knowledge is key here
16/ there isnt any perfect path. U do mistakes, u understand the concepts, u apply and keep going thats how it works. so mistakes leads to progress.
17/n I am still learning and there is much more to learn and consume. For now i am hunting in between and often and focusing on learning other things. the reason is soon u will be bored of how little u know or the same told things u know. so keep learning and exploring new hobby
18/n lastly
- stay persistent, be humble and have clear vision
- learn more, hunt often, have fun enjoy the process
- focus on ur mental and physical health too
- if u are feeling low just do whatever u love, don't push urself much
i recently started doing writeups and getting into andriod pentesting. and i have started #Learn250 to keep myself updated daily . u can find repo link at: github.com/AkashHamal0x01…
dont forget to set goals ;)
so the plan is spend ur most of time learning , hunting for 1-5 hrs is enough in a day but u can extend if u want
I just wanted to share my experience,what real stats are😂
. U can see there are many dups, many na and many informative. It isn't easy. if u see money and go in directly then it's more hard. Have some basics first and u can get ur hands dirty
Note that even if u hit many bounties at some point of ur life maybe continuously and high value. It's doesn't matter ,at some point u'll be bored of doing same stuff that's when u will try to learn new thing or make new hobbies
• • •
Missing some Tweet in this thread? You can try to
force a refresh
I have seen many reports regarding MFA bypass and many repos has got techniques to bypass MFA but here is one of my personal method or never seen before technique to bypass MFA, make sure to add it to your checklist ;)..... follow 👇