Log-1

Summary

Rather than starting to hunt for bugs right from the start I tried to learn about low-hanging bugs for the first 2 weeks and also read a minimum of 2 medium articles of writeups to gain more knowledge on different kind of bugs. I was surfing different programs during this time to see which one might suit me and I can use my beginner experimental knowledge, jumped through different programs but then I realized that I was looking at these programs like a CTF or a pwn machine on HTB and trying to tackle them without a surface-wide recon or a long stakeout. I decided to develop a Bug-Bounty Methodology for myself and then comeback again on the 60th day until then learn about more different bugs.

In the same duration I was also trying to solve the Dante Pro Labs, hoping for the Synack Red Team waitlist Bypass. It was going smoothly except for the windows machines, so I decided to take Tib3rius's windows priv esc course and got back pretty smoothly on track with 16/27 flags by the 30th day. Took a break of 10 days from solving Dante because of University exams and also for a breather to get new perspectives. Solving Dante alongside bug hunting might've affected the way i approach things in both places, have to learn to isolate things more.

Not only just working on stuff, I decided to read Research Papers of different profs, one per week. Read 3 papers about hardware security, though I didn't understand it to the full extent I liked them and the prof's approach. I'll read more and try to mail them for a research intern openings and get more insights if possible.

Takeaways

• Pentester Methodology is very different from Bug Hunter Methodology.

• Try to be more consistent with less breaks.

• Read more diverse Research papers to find interests.

Catenate (some links if you wanna follow some of the stuff I did)