Kaiser784's Blog
  • whoami
  • Ingress
  • 90 Day High Frequency
    • Log-1
    • Log-2
    • Log-3
    • Conclusion
  • Making a Boot2root machine with docker
  • Adversarial ML
    • Practical Defenses against Adversarial ML
  • Certifications
    • eJPT
      • Cheatsheet/Notes
        • Enumeration
        • Web Attacks
        • System Attacks
        • Network Attacks
    • Dante ProLabs (HackTheBox)
  • Writeups
    • Google InternetCTF writeup
    • Lakera Gandalf LLM Security
    • OSPG Writeups
    • Matrix - AI Security Challenge by Repello writeup
    • WithSecure AI Challenge - My LLM Doctor writeup
    • WIZ Security Challenges
      • The BIG IAM Challenge writeup
      • K8S LAN Party Writeup
      • EKS Cluster Games Writeup
      • Prompt Airlines Writeup
  • Misc
    • Paul Kadali
    • Redirection
Powered by GitBook
On this page
  • Summary
  • Takeaways
  • Catenate

Was this helpful?

  1. 90 Day High Frequency

Log-2

Oct 1, 2021 - Nov 1, 2021

PreviousLog-1NextLog-3

Last updated 3 years ago

Was this helpful?

Summary

The first 2 weeks were dedicated to solving the Dante lab and completed it but now had some dilemma with what to do next and then decided to practice the rest of free HTB challenges and machines in a kind of preparation for Synack Technical Assessment and send the mail/application in mid-November.

Read upon 2 more Research papers and watched talks and presentations related to them. Got an opportunity to work as a Research Intern which will start from December, will try to do some groundwork on it before starting, Will keep posted or make blogs related to it unless it's not allowed.

I tried to setup frameworks and tools to organize work, scope and getting checklists ready in Obsidian but they were not working out, most of them were either too broad and were just useless for some programs or have nothing to do with programs I wanted to work on. They were mostly tailored to their Creators. I realized I have to do my own Trial and Error to work things out myself.

Do not trust Twitter and LinkedIN #BugBountyTips

I never realized choosing a Bug Bounty program would be this confusing and time taking as I have no specialty of bugs I hunt on. A lot of Twitter/LinkedIN gurus never tell you this stuff (coz most of them are fake and only post to sell their courses).

A lot of the #BugBountyTips that they post are Out of Scope in majority of the Programs if not all. So do not get excited that this is easy money when you see these posts or discouraged when you are not able to find these bugs.

I would rather suggest you to look into which is a gold mine among a lot of this Trashy noise.

Takeaways

Catenate

InsiderPhD's Youtube Channel
https://github.com/johnjhacking/Buffer-Overflow-Guide
https://github.com/gh0x0st/Buffer_Overflow
Insider PhD
Impact in Software Engineering Research
https://app.hackthebox.com/tracks/Synack-Red-Team-Track
https://portswigger.net/web-security/all-labs