Happy New Year, Pentest and Batch Cooking

Happy New Year everyone. It's now time to rock 2025 and achieve our goals.

It's starting pretty well for me. I was paid for some December reports, and I got the opportunity to have a pentest for January.

Pentest

I got contacted twice last month to conduct some pentests so this month I have two pentests, a web app, and a mobile app.

It's very nice for me as it allows me to increase my skills in doing pentest and not only bug bounty. And it's also very helpful to get cash flow.

I started the first one this week and It's very different from bug bounty, there are bugs everywhere. So it's very funny as you can try to find very powerful bugs there and manage to train on some vulnerability types.

My goal for this week is to find a way to RCE on this target. I'm pretty confident that it will be possible.

It has also been a long time since I didn't have a proper schedule during the day. I was getting used to going to the gym in the middle of the day or going for a run in the morning. But as I'm working with someone else it's different.

The (dis)advantage of the confidence

By working with someone else, I discovered that most of my findings were through my experience and I already knew exactly where to look for on the app and where to find bugs.

When he asked me how I found some bugs, it was hard for me to explain as there was no logical path to find them, or a checklist that I could use. It's mainly due to my brain knows where to go and where not to check.

But it's also a big issue sometimes. Simply because with that, there are a lot of places or types of vulnerabilities that I'm not looking for, so I'm missing a lot of stuff with that.

And it's exactly the same in Bug Bounty. We all have our skills and preferences, and with that, we don't check other places.

That's why I'm happy to be pretty boring and be able to come back again and again on the same scopes and navigate to the app again and again, with a fresh mind, to get new ideas. And it works pretty well. I found recently another bug on a public program that was there for a loooong time and I have already seen this request a lot of times. But this time, I was interested in all parts of it so I found the issue.

Bug Bounty is pretty boring at the end. You spend 80/90% of your time looking for requests, navigating to a website, trying to understand stuff that you didn't dev, and looking for an issue in it. But the last 10% is also amazing when you find something cool to report and exploit.

Batch Cooking

For the last few weeks, I have been pretty bored cooking. I like to cook but for other people. When it's for me, I just want to eat something cool and don't take a lot of time into it.

I wanted to use some services that can deliver you a good and healthy meal for the week, but I saw the quantity of each meal, and as I run a lot, I needed more than that.

So I finally decided to do batch cooking myself and each Sunday to cook for the rest of the week. It took me one hour this time, so it's pretty worth it and I bought enough Tupperware for the week. Here is the result :