Your next read Public programs, Recon and ReWorker

Back on Track, Pentest and Sport

Aituglo public
4 min read
Back on Track, Pentest and Sport
Photo by Capstone Events / Unsplash

Table of contents

This week was back on the bug bounty stuff. There was an event organized by @Blaklis and Hackerone on a public program that I will talk about later.

The last weeks were more focused on dev and now I wanted to be back at hacking. It's nice that I can do whatever I want and put my focus on one project at a time and I can pause anything too.

I fully agree with this tweet from @monke :

This helps us a lot not being stuck on something and overthinking a lot. But for that, you need some cash flow. I'm now good enough to take some time only developing cool stuff like Hackyx or more personal projects. I'm currently learning Japanese, I will be there for a few months and maybe more so I think that it can be worth it learning it.

French Event with Hackerone

Thanks again to @Blaklis for organizing with Hackerone and Grab a Live Event for a few days for French people. That was very nice and with @Wlayzz, we found some very nice bugs.

I will not talk a lot about that now cause it's not fully finished and the team is still triaging everything but by the end of the week, We will get more information.

That was the first time me doing an event on a big public program on hackerone. It was hard at first because it's a company from southeast Asia so to create accounts, you need an Indonesian phone number for example. And it's the same for a lot of apps where you need a KYC from there.

So the first days were more about getting access to the apps. But the advantage with that is not a lot of people will push to get access. As it's quite hard, only a bunch of people will dedicate time to setup everything so then you will not be a lot hunting.

By taking time on a target like this, when you get used to it, you don't want to move to another target, so I think I will continue hunting them.

Looking for a pentest

It's been quite a long time since I've thought about doing some web pentest in freelance. Simply to have more incomes and stable ones. Taking a pentest a month can be very nice.

The problem I have is to actually find them. I'm not a commercial and I'm pretty bad at selling myself. I know that some people have a commercial that looks for a pentest for them. So I will probably look for that in the future.

I also know that in Intigriti there are some pentests that you can perform and you are paid for the whole pentest and for the bugs you found on the target. I will probably that a look and hunt on Intigriti more to get them.

Sport

Since last November, I started doing sport regularly and it changed a lot of things. I started running with the goal of running a marathon. I did it this year, and I fell in love with doing sports.

Before that, I wasn't very sporty and I didn't care about that. But doing it regularly changed something in me: discipline. I have always been a big procrastinator in my life for everything. Even with stuff I like. And it was painful as I wasn't able to motivate me doing stuff.

It was the same for work. I wasn't able to work for a long time and I was always distracted with something else. But when I started running, I got a program, and as I was a full beginner, I wanted to master it and never miss any runs. Even if it was raining, or snowing or even if I was sick, I did my runs.

And it also changed the way I manage my other stuff. When I work now, I don't look if I'm motivated to do it or not, I'm doing it. And it's the same for everything.

Before that, I wasn't able to work for all the day, I was always frustrated not doing what I wanted. But I'm so glad that now I can do what I want and work all day because of discipline. I know that this looks like a guru trying to convince someone to do sport. But as it changed me so much, maybe it can also help someone who tries to stick with focus.

Also, It helps a lot doing something else than only hunting and helps change your mind. I found nice bugs by doing a run and coming back with a fresh mind.

Ideas / Notes / Resources

  • Apple did its annual WWDC and finally announced Apple Intelligence, I'm very looking for that as my ecosystem is Apple, and they told us a lot about privacy so it will be nice trying to look at how it really works
  • A very nice writeup about a Zoom Session Takeover
Zoom Session Takeover - Cookie Tossing Payloads, OAuth Dirty Dancing, Browser Permissions Hijacking, and WAF abuse
Here you can read all about my research and techniques I’ve gathered over time!
Harel Security ResearchHarel Security Research
Linkedin A solid styled icon from Orion Icon Library.
Aituglo

Aituglo

Paris
The author of this blog, a bug bounty hunter and security researcher that shares his thoughts about the art of hacking.

Recommendations