trieulieuf9

In 2023, there are so many bug bounty resources for beginners, much more than before. I believe this is a bad thing for beginners, because now, they have to deal with so much unnecessary distractions just from choosing and sticking to a learning path alone. The over-abundance of free resources also fuels procrastination, we usually see people jumping from one learning path to another, without actually touch a real target. In this article, I will show you how much learning is enough. So you can get out of your learning rabbit holes and start hunting on a real target. By the way, this article aims to help you find bugs in IDOR, Information Disclosure, Business Logics, Broken Access Control. It may not help you to find injections bugs or misconfiguration bugs. Because I don't know how hunt them myself. # Technical Skill If you can solve Practitioner labs in PortSwigger with relatively ease, you have enough technical skill to hunt bugs: - https://portswigger.net/web-security/logic-flaw...

A quote in the movie John Wick 1: John Wick is the main of focus, commitment and sheer will Out of all the good traits, the movie writer chooses only 3 traits to describe how bad ass John Wick is. That shows how powerful focus is. I believe he also gets his excellence skills thank to these 3 traits. Focus, commitment and sheer will are pretty similar to each others, they show that the man can stick to something for a long period of time, without switching goal, despite inconvenient challenges. If we apply this to bug bounty, it means, we make a goal, and stick to it, despite all self-doubts. For example, Losef is a beginner, who tries to find his first bug, he sets a goal to hunt on a program for 7 days. In day 1, he feels overwhelmed by how much details his target has. In day 2, he tests features one by one, but finds nothing, he feels down. In day 3, he feels that you have hit a steel wall, which he cannot even imagine how to get pass it. In day 4, he notices the program stats, w...

Progress in bug bounty is not an upward line but a wave. In my 2 years of full-time hunting. I always try to increase my monthly income. I did increase it a few times. What funny is that, I wouldn't see any sign of my income will increase, even 1 week before the increment. It was always a sudden spike. Getting my first bug was the same experience. I didn't see any sign of it coming, until I got an email say "ProgramX rewarded you $xxx". I believe that is a big reason why many people give up bug bounty. They put a lot of effort in and still see no result. It is too uncertain. Working 9/5 job is more comfortable mentally, we know we will get some fixed amount of money weekly or monthly, the result is guaranteed. Putting effort into bug bounty still builds up the result though. We just don't see it until it is fully formed. For some people, it's in 1 month, some others get it in 6 months or longer. That's why many people like playing video games. Progress is ...

Most people in bug bounty focus too much on technical side of it but ignore the spiritual side completely. We can clearly that in bug bounty community. The number of questions and blog posts relating to technical stuffs, tips, tricks is overwhelming compare to the spiritual resources. The most common spirit related articles are burn-out and keep-trying-encouragement, which are just enough to scrape the surface of it. However, I believe that your spirit contributes to 70% of your success in bug bounty, your technical skill is just 30%. Maybe that is the reason why many beginners struggle to find their first bug and even give up bug bounty. They mostly focus on learning technical hacking skills, while ignoring the spiritual side completely, or don't even know such a thing exist. This phenomena is not exclusive to bug bounty or hacking. I believe we can see it in all fields if we pay enough attention. Here are some examples: The Vietnamese National Football team had no good results wh...

25/04/2024: I will have vacation tomorrow. Today, while riding scooter to the market. I think to myself it would be nice if i can find at least one bug today. A few hours later, I find a bug. That is a nice moment in bug bounty. 07/12/2023: I re-test an attack scenario that I tested 1 year ago. I found a bug this time. Funny thing is that 1 year ago, I believed this feature is quite bug free. Glad that my skills have grown in this one year. The interesting thing is that I doesn't feel that my skills have grown this much, I rarely read articles, reports or hacking techniques in this year. I can't point to any piece of knowledge, information and say that my skill is up because of it. So all the new things I learned this year are from actual hunting. Many of them come in forms of intuitions, rather than knowledges which can be easily spoken and passed around. The downside of this is the ego will feel uncomfortable, thinking it knows nothing new, because ego relies on certainty, co...

26/11/2023 Feeling something before falling asleep and you will very likely dreams in that direction. Thinking has little effect though, but feeling has a much stronger effect. For example, If you want to dream of a beautiful girl that night. Just thinking of thoughts like "I will dream of a beautiful girl tonight" has very little effect on your dream that night. But if you spend a few minutes to feel the feelings you have when you meet a beautiful girl, you will very likely dream of her that night. 05/01/2023 Yesterday, I dream of the astral world, i believe that this world really exist and it is not a construct of my mind. In my dream, I walk into a hotel on top of an unknown hill. The sky and landscape is gloomy, I believe that this is in the morning, but it feels like a 18:00 rain. The interiors of the hotel are all dark, there are hot coal in the ground, but I didn't feel hot. It is not crowded, but people are in every corner. There are nothing out standing about thi...

Here I list sources of materials that I find really really interesting and educational. Personal development - https://www.newdawnmagazine.com/ - https://realitycreation.org/ - https://www.youtube.com/@realitycreationcoaching Fun, interesting and inspiring - https://www.youtube.com/@InternetHistorian - https://www.youtube.com/@morn1415 Hacking - https://www.youtube.com/@LiveOverflow Misc - https://www.nderf.org/Archives/archivelist.htm (near death experience stories)