Expectations, New challenge unlocked, and homelab
• public
Table of contents
Finally back on the Wednesday post! It's been a while since I didn't write on this day. But now I can take more time.
Expectation about bounties
In life in general, when you achieve some goals, you want them to be your reality after. For instance, in running, when you run your first 10 km, you know that after you don't want to run it slower than your previous one.
And it's the same in almost every field, you have your ego that hit you about that and it's hard to come back. It's also the same in our game.
When you start, you don't find any bugs, then you start finding some dup or low bugs and so one. I just remembered when I first found my first rewardful bug which was a low-low bug and I got paid like 100$ which was insane to me at that time. Now, 2 years later, I don't even look at those bugs, and my expectations are higher. I don't know if it's good or not, but I think it can be helpful in a way to push myself more. But I don't want to forget that one year back I was making like 1000$ maximum per month and now it's 10x more.
Humans are never fully happy and it reminds me of some philosophy courses I had previously. When I achieve a goal, I'm happy for like a day and then it's time to come back to reality. That's why enjoying the journey is better in my opinion than enjoying the achievement of goals.
And I still don't need to push too much pressure on me as it can lead to bad stuff too.
I discussed with some friends about moving out from Yeswehack to Hackerone as the bounties are higher, but it's hard as I have my habits there. I know the triagers, I know the process and more importantly, I know that I will find bugs there. It can sound pretentious to say that but when you get used to finding bugs somewhere you know that you can still find them.
But looking at a new big platform it can be hard to make the switch. I'm doing it slowly and I found some bugs there, but I need to push myself more in that direction.
I also had the case recently when I came back again and again on the same program on yeswehack, trying to pop that crit. I know that they pay less than what I expect but I love that program, it's huge and there are so many functionalities. Also, the triage team is exceptional ( I know you are reading it ) especially as they really try to find the right impact of the bugs and pay well according to their bounty table. For this program, I'm not looking for the money but more on the challenge of finding a nice critical chain, something interesting and I will.
Looking at new challenges
I also wanted to find a new challenge. I will quote a nice tweet recently as I totally agree with this methodology I use myself :
I've been having a lot of success lately picking my impact first, and then hacking towards it like a pirate hunting for treasure! 🏴☠️🗺️💸
— D Day (@ArchAngelDDay) February 10, 2025
I wrote about it here:https://t.co/6HpvTQnObl
To push myself into something new and get confident at a bigger program, I want to launch to challenge of finding a vuln on each GAFAM.
I know that now it's more FAANG and so one, but you get the point. I want to dig deep into some huge companies, understand them, and see which one is the most interesting to hunt in the long run. Because I still don't have a big program I used to come back and hunt on it.
It will be hard, and to set it harder, I want to find at least one High or Crit bug on them, and on a main app and not on a lost subdomain that no one use. I want to find impactful bugs there and see how they handle them. And I will keep you posted on my findings as usual.
If you want to try it with me, feel free to contact me to collaborate on some bugs. It's more of a challenge to push myself to look at bigger programs and don't be afraid of them. And also it's totally cool to say that you pwn a huge tech firm.
Building a home lab
Now that I'm not homeless anymore, and that I have a great fiber, I want to have a nice setup.
And for that, I plan to build a great home lab. With a NAS for my data, a server to handle some stuff like automation in bug bounty, and to store some personal stuff.
I started to create some automation but more for a connected house with a lot of Philips hue and stuff like that.
Now, I want to buy a server, like a computer that can handle a lot of stuff, I'm still looking into it if you have any ideas. I wanted to take a simple synology but most of them have only 2 or 4 GB of RAM, but it can be interesting to have one to search bugs into it as it's pretty huge.
I will see in the next weeks what I will do, and if you have a great home lab setup, I'm very interested in learning how you build it.
