Day 136 - Bug Bounty. - Full MFA bypass came back as “Works as intended” today lol.- Focused mainly on logic bugs.- Kept working on my source code lead automation, to save on time and manual work. Total earned so far: $5425.

Day 135 - Bug Bounty. - Received some Swag from @AVROTROS for finding a vuln on their infrastructure .- Thought it was payout at first - turned out they send Swag only 😅 Still liked it, thanks!.- Another report on Bugcrowd came back as duplicate . Total earned so far: $5425

Day 134 - Bug Bounty. - Another day of deep manual hacking.- Went through different types of reports on 2FA bypasses, using Hacktivity, pentesterland, etc. - Worked on some custom automation with the goal to detect leads which I can manually exploit. Total earned so far: $5425.

Day 133 - Bug Bounty. - Was hunting on the same app.- Focused on single features and went deep on them by going through the docs and every request .- Was able to identify some interesting behavior . Total earned so far: $5425.

Day 132 - Bug Bounty. - Did a deep dive into an app I was hunting on in the past.- Reported 2 issues, but seemed pretty low hanging, so probably duplicate .- If you are one of those asking for a roadmap, this is a good one:. Total earned so far: $5425.

Day 131 - Bug Bounty. - Did a full day of manual hunting, focusing on critical features.- Was able to find one interesting issue.- Started looking more into GitHub Dorking and this was a nice introduction:. Total earned so far: $5425.

2/2.

Day 130 - Bug Bounty. - One report came back as duplicate.- Was this 🤏 close to 2 ATOs on different programs, but wasn't able to exploit both because of only 1 missing gadget - That was painful.- Went deep into OAuth and found this helpful:👇. Total earned so far: $5425. 1/2.

Day 129 - Bug Bounty . - Focused on logic bugs today and found some interesting behavior.- Went deep manually into single flows.- Continued reviewing code on an open-source PHP application . Total earned so far: $5425.

Day 128 - Bug Bounty. - Found multiple issues in an open-source project with over 50k installations .- Also went hunting and focused mainly on auth.- So far code reviews have been hard to monetize . Total earned so far: $5425.

Day 127 - Bug Bounty. - Did full day of code review today.- Focused on an open-source project with over 200k installations.- Played around with taint-analysis and was able to find 2 interesting gadgets. Total earned so far: $5425.

Day 126 - Bug Bounty . - Another bounty came in 🎉🎉.- Went deep today in regex and code review.- The bounty was a logic issue in the main application on a public program. Total earned so far: $5425

Day 125 - Bug Bounty. - Hit finally that juicy P1/Crit - It paid off focusing only on impactful vulns🎉🥳.- This is a huge milestone for me and I was able to hit all my goals for my 1st year bug bounty hunting, I set myself.- It was a 0-Click ATO. Total earned so far: $4525

Day 124 - Bug Bounty. - Kept hunting on a target today and played around with CodeQL.- Learned about Server-Side Prototype Pollution .- Found these resources to be a nice introduction to SSPP:. Total earned so far: $2525.

Day 123 - Bug Bounty. - Kept focusing on higher impact vulnerabilities only.- Went deeper into all types of parsing issues.- While researching email parsing I found this talk which I think is extremely underrated:. Total earned so far: $2525.

Day 122 - Bug Bounty. - One report came back as duplicate.- Focused on authentication .- Went through ~30 H1 Hacktivity reports and found this blog post:. Total earned so far: $2525.

Day 121 - Bug Bounty . - Wasted 9 hours on CodeQL today. Pain.- Tomorrow will be better hopefully.- If someone is dealing with some issues, this might help:. Total earned so far: $2525.

Day 120 - Bug Bounty . - Got 2 duplicates today and 1 triaged .- Started a new target which I will focus on the next 30 days.- Decided I will go very deep feature by feature. Total earned so far: $2525.

Day 119 - Bug Bounty . - Today again 2 reports came back as duplicate .- I duplicated on the initial submitter by ~8h.- Will start focusing on high/crit only and see how it'll go . Total earned so far: $2525.