Learning vs Working, Be locked in and DomLogger

I was sick last week, probably our best friend, the Covid, that came back, so it was tough and I didn't work a lot, but I still thought about some stuff and I tried to dig deep some subjects as well.

The duality of working and learning

It's always something, especially in our field. A lot of new posts and techniques every day. A lot of CVE as well, new attacks and stuff. So it's quite easy to spend all of his time in learning and reading new stuff.

And it's absolutely great to have a lot of free resources. We have CTF to train, a lot of different platforms like RootMe, HackTheBox, PentesterLabs and the excellent Portswigger Academy, and it's mostly for Web Hacking. When it comes for other fields, we do have a lot of different resources as well. We now also have a very nice and technical podcast Critical Thinking, which is the best to get all the news every week.

On the other side, we have to work and find bugs. If you're also into Bug Bounty and it's your job, you need to make enough to live and keep some money for hard months ( where I'm actually pretty bad at ).

From my perspective, it's something very important to continue learn new stuff, and not only working and looking for bugs. And that's the same for people who only do CTFs and are afraid of looking at a real target.

I don't know what is the best ratio. I think something like 30% learning 70% working is great for a full-time hunter. And I'm less than that in learning.

I think that this is a problem as I directly started working as a full-time hunter, without a huge technical background, that I learned on the road. Which is great as well, but I still have a lot to learn to become an expert.

And I can see it when working with some friends who knows a lot due to CTFs they did previously, and this data is a gold mine, it gives you a lot of different perspectives. When attacking a target, you have way more possibilities.

In my opinion, to be successful in Bug Hunting, you first need to be good at being locked in, as we will talk later, but also being skilled enough to find bugs no one has found previously ( or being faster ). And it's amazing to use a new technique you just learn on real targets that works.

So, in the next month, I need to sharpen my skills and expand my knowledge as the locked in part is done for me.

Being locked in

One of the important part of Bug Hunting so the capacity of finding bugs. And a lot of people are just not confident about that. And it's absolutely normal and hard at the beggining. And I know a lot of people that are amazing technically, but don't find any bugs on real targets because of that.

And I think that the biggest part of Bug Hunting is the ability to be confident enough about finding bugs. Because there are bugs, everywhere, and even some obvious one.

I made a living on doing +1 -1 on IDs on requests to get IDORs and it worked, even on big targets. And yesterday I looked into a Rump from my friend pwnii that showed us that it's possible to find very critical impact on some targets with not very technical bugs, but smart bugs.

And here is the difference. She found them by being locked in on the target and spending a lot of time on how to exploit it. Not only a few hours or a few weeks, but a year. And at the end, she founds a lot of very juicy bugs.

That's the same for me. Sometimes, I found a bug directly within a few hours, and sometimes, I need a few weeks or months to find a lot of better bugs.

By just being forced to always come back at your target, you will know the target by heart, all the apis, all endpoints. You will have plenty of notes about some gadgets, and someday you will exploit them.

I know that I'm less technical than a lot of my friends, but I also know that it's not the most important part and that I can work on that. But to be locked in on looking at the same app every day without finding anything, you have to trust the process and be patient about the field and not only look at it for the money or anything else.

Actually, I'm at 80% of my yearly goal, so I'm quite confident that I will reach it; just need to continue working until the end of the year.

DomLogger ++

It's the extension and plugin made by my friend Mizu, and I think that it's very underrated.

I used it for almost a year without understanding really how it works and the possibilities of it. Just because I'm a lazy guy and I didn't learn how the devtools can be powerful.

As I tried the beta version of something that I can't really tell, I learned to use it, and it's very useful when it's well configured.

And it's crazy that almost all of his config files are in the repo, and how you can build yours quite easily based on them. He is too kind; he definitely needs to monetize it, and it can help get a lot of bounties by using it.

So if you want to give it another try, go check it