Enjoying being full-time, automation

Hey ! This week was also full of stuff. It's always hard when you have a lot of different projects to manage, but it's also super fun, and it's something I wanted to tell you more about.

To be able to manage all my stuff, I decided to build a strong automation to help me in my day-to-day work on bug bounty. Not especially to fully compete on being the first one, but more to know where to put my focus.

I'm currently in a hard-working lifestyle, to build strong stuff for the future. I was totally different a few months ago, working only in the morning, but now that I have so much good stuff to create, it's ok to work more. And I'm waiting for September when I will come back to Japan and South Korea, so I need to finish most of my automation before that.

Some thought of being full-time

It's been now 10 months that I've been full-time, soon a year, and lately, I thought a lot about it. I always wanted to be my own boss and to work for me, in any field, simply for liberty.

But do I really feel free now? Totally. Let's be honest. In the beginning, it was hard, I was not very good, looking for low bugs, and not making a lot of money. Not to say that now I'm good, but I'm better and I know that I can find stuff.

I was reticent to do multiple stuff and I wanted to focus only on one project, being the best in bug bounty. Finally, I ended up doing other projects on the side, and it was the best decision. First to have multiple sources of income in the future, and then to disconnect sometime from bug bounty and think about something else.

Now, 10 months later, I'm more than happy. I can work on the project I want, when I want, and where I want. I can travel quite everywhere, and do my stuff. It's very challenging but I love that. I prefer having to only count on myself and my work instead of being paid maybe more but working for someone else.

Regarding money, my first goal for this year was to make an engineer salary ( around 50k a year in France ), just to prove to myself that I can earn the same as all my friends. For the moment, we are in the middle of the year and I made around 30k in bounties so it fits my goal.

But more about that is that I enjoy so much working on that. Looking at all my best friends who work a lot, being an engineer, they are not that happy, they are tired, etc.. So, for sure, I'm making for the moment less than them, because I don't have any perks like half-paid transport, food, or a lot of other good perks you can have being in a company. However, having to challenge myself to do better and create my own sources of revenue is better for me. It's not for everyone as this can be stressful.

So what's next? I'm going to continue for sure. Continue to improve all my projects. First the bug bounty part, I'm making a lot of automation to work less in the future and help me find bugs more quickly. Then, on other side projects like Hackyx ( where I need to come back soon to continue ), and also on ReWorker which is time-consuming too, trying to build a nice SAAS. And finally, on the life itself, doing sport, traveling, etc.

Full Automation

A few months ago, I was against automation and wanted to be fully manual. Finally, as I was good at dev, it was a mistake, as I can continue being a manual hacker, but automating some useless part of bug bounty.

Here are some points I already automated in my workflows. Each time I receive a new program, or if there is a new update on a scope, the scope is scanned, looking for URLs, or subdomains regarding the scope. Then, it goes through my homemade scanner to check for some stuff I like to hunt on, and if there is something I get an alert on my phone, so I can easily check.

Then I can directly open it on my caido to verify the issue, and if it's a vulnerability, I can generate a full report. It's very useful as it can generate the boring part like remediation or stuff that it's always the same. It can search for the best link on the OWASP website. The aim is not to fully write a report but to help me have a good text to start. Then I can add screenshots, videos, and the poc, and write the impact concerning this specific app.

With all of that, I can focus on other projects and be altered if a new scope comes, or if something is detected by my scanner. It's very useful as I don't need to rush myself each time I get a new private program. Of course, it's better when looking manually, but when I am on vacation, it's better to have something in the background that can check for me.

For all of that, I mainly use n8n and secator, and custom plugins and workflows for caido. I'm not going to totally disclose it as it's how I can earn money, but I will probably explain more about the whole design when it is done. I plan to make a Rump about that at the next conference I will go to, so stay tuned if you are interested in it !

In the next week, I will be quite off doing hacking, I will mainly work at ReWorker, and I'm going to shoot a lot of videos in coffee shops and cowrking in Paris to help us in the social networks of the project, and we will see how it will go then.

So, have a nice end of the week!