Hello folks,
I hope you are doing well. Rudra16 here again, a security enthusiast and learner of cyber security. This is my second blog and it’s about the common mistake I made while doing bug bounties, which led to failure. and will explore the ideas using them. You can avoid this type of mistake. I would also recommend you to watch “How To Fail In Bug Bounty Hunting” by Caleb Kinney.
TL;DR
Failing here is not related to money; it is about not learning enough, being unable to find the right path, getting distracted etc. Avoiding these mistakes will help you in this field. This step includes everything from not doing collaboration to not sticking to one target. It summarises all the mistakes I made from the start of my bug bounty journey back in November 2018 to earn my first bounty in February 2019, to register my name on Facebook HoF in 2020 to till this date.
1. Not Sticking to One Target
The main problem that I have faced since the start of my journey to this day is how to choose a target and stick to it. In my early days, I used to hunt for 4–5 different targets a day in the temptation of finding a valid issue instead of trying to understand the working of the application. This led to feelings of being burned out and giving up. To avoid this issue, try to select a target that has a larger scope and has more functionalities. You can choose a target that works in the field of your interest, so you will feel more comfortable with that, I would also suggest to watch Katie Paxton-Fear ‘s “How to choose your target video”.
2. Not Taking Care of Mental Health
So this was one of the biggest problems I ever faced. I was spending too much time on my laptop in my college days, but especially in 2020, when lockdown started, I read this blog and gave myself a challenge to do intensive bug hunting. I was spending around 16–18 hours a day on my laptop and was sleeping for just 3–4 hours. I did this for more than 3–4 months before I started to hate everything, even my laptop. My mental health was a total disaster and has not fully recovered from that even till this day.I deleted my social media accounts(Mainly the twitter account) I even went to the therapist also, but it didn’t help (P.S. Nobody knew that till now 😬 ). So always remember that “bug bounty hunting is not a race, it’s a marathon”. Not taking care of your health will create more hurdles in your path. Always follow a time schedule and specifically focus on your health, otherwise it will only make the road difficult for you like it did for me.
3. Taking A Long Break
There are different views on this, like some people suggest taking a long break from infosec and coming back when you are feeling good, but it wasn’t the case for me, I took a long break due to burn out, but then I tried to come back. I faced a lot of issues, including imposter syndrome. It was like everyone was finding bugs during that break and people were increasing their knowledge, but I just wasted my time at that break. I also became lazy and had no motivation to hunt and felt like I missed many things. So, rather than taking a long break, I would suggest managing your time by making some rules, such as always hunting on Sundays or weekends, or simply reading blogs or watching new vulnerability videos to keep you fresh.
4. Attempting to do too many things at once
So when I was again trying to start doing bug bounty, I was trying to attempt too many things, like-Mobile Application Testing, Windows Native App Testing, Blockchain smart contract security etc. So it only created confusion for me, like, what should I do? Should I concentrate on Web Apps or learn about blockchain? In the end, I was just wasting my time trying to do many things at once. So it is essential that you know what your goal is and identify the field in which you are most interested. You can just focus on that field and you can also learn about things you are interested in, but do that in free time.
5. Failure to Collaborate
Last but not least, I failed to do collaboration with other hackers. That’s why I could neither share my knowledge nor learn from others. There were reasons due to which I couldn’t collaborate with others. Like the fear of failure was one of them, and I always think that my knowledge is too little to collab with someone due to which I never asked someone. But to increase our knowledge, we have to collaborate with someone who has a great understanding of us and who is always ready to help us. We should find a person with the same frequency as ours. For me, it’s Rajesh Ranjan, one of my best friends who always helps and motivates me ❤️.
The failure is not only limited to these causes, but these are the common issues that I guess everyone faces. I tried my best to explain my journey and the mistakes I made. I hope you have learnt something from this.
Okay folks, that’s all for this time and please don’t forget to give your feedback. It is always helpful and if you have anything to say just drop a comment here or reach me out at-
Twitter — https://twitter.com/Rudra16t
LinkedIn — https://www.linkedin.com/in/ankit-thakur-6ab3a0219/
Instagram — https://www.instagram.com/Rudra16.t/
And the last thing to say is “I’m still not out of the game, will come back stronger.”.
Regards,
Rudra16
