Public programs, working on vacation, and setup
• public
Table of contents
This week was a back-in-work, and I thought about how I am able to still continue working during the summer. I also came back to a public program I wanted to go to for a long time and it was pretty nice.
Working during vacation
It always was a struggle for me to manage my time and to work without procrastinating. I always want to do something else, to go watch some YouTube videos and never start working on something.
And it can be a huge problem in my case as I work for myself. So if I'm not working, no cash for me. The problem isn't that I don't want to work or that I don't like what I'm doing. But watching YouTube videos about a new video game or anything else is always better for my mind to choose.
But after the years, I found some ways to trick my brain into going back to work. I tried almost every technique I found. Pomodoro, removing all social networks, some type of music, etc.. And to find for you, you also need to try everything if you struggle too.
The best thing for me to trick my brain is to set up a time manager. It's simple, it's just to know how much I work during the day and on what. You can use Toggl, an app for that. I tried with and without and the difference for me is huge. Not knowing how much time I worked this week just allowed me to procrastinate, as no one can judge me or fire me.
It's quite paradoxal as I choose to be my own boss to be free of my time and finally, I need something to manage myself. But it's ok as I love the work I'm doing and it's more to have a frame on my work.
I also tried Pomodoro techniques, and it's quite good for some tasks, but when doing bug bounty hunting, going on a break after 20 minutes when you are on something is hard.
So in the end, I only need some LoFi music in the background and my timer and I can barely work every time everywhere. And also a coffee now. I didn't like it before but now I need it and I love it.
Hunting on public programs
I already talked about that, and everyone will tell you that in big public programs, there are still bugs.
I decided to go on a big program because some of my friends found juicy stuff on it and I wanted to give it a try too. It took me a week to understand the target well.
During this week, I found nothing and it was perfectly normal. A week later, by knowing the target, I was able to understand the logic behind everything.
With that in mind, I was able to find some juicy stuff too. And with the help of another friend, we found a very nice critical chain! We are still waiting for the final decision and the payout, I'm gonna tell you more next week probably.
So just a reminder to not only focus on private programs.
Setup
As I told you last week, I received my yubikeys and I was able to make a good security setup. It can be overkill but It was fun configuring everything.
I also wanted to build a home lab so I bought a Mini PC with a N100 processor, to create a media server for my family and also to store some stuff when I want to try a new tool.
It's a great way to avoid paying a VPS each month. But for more tasks, I will need a better server, so I will wait to have a proper flat to buy one.
That was a short newsletter this week but not that much stuff to share. The routine is quite the same!
Ideas / Notes / Resources
- Aethlios just updated his tool reset tolkien with nice new features for Sandwich Attacks
New version V1.3.0 of "Reset Tolkien" is out! ๐
โ Aethlios (@AethliosIK) August 14, 2024
๐ Optimized detection of hashed timestamps via multithreading.
๐ Progress bar for hashed timestamp detection.
๐ Custom MAC for UUID sandwich attack (suggested by @Aituglo).
View the full changelog here: https://t.co/AbVWq6TnNT
- With Defcon and Blackhat, a lot of very nice articles and research came out
Martin Doyhenard
Gareth Heyes
James Kettle
