My name is Aoxin, and though I’ve been in this field for 3 years, I haven’t always been able to say I enjoyed being an ethical hacker.

‍

Learning the basics:

Like most people, my main hobbies when I got my first computer in 2009 consisted of computer games like poker, Grand Theft Auto, and Assassin’s Creed. It wasn’t until I had learned about hacking at school that my curious mind couldn’t stop thinking about it.

Mind you, at the time I knew nothing about hacking at the time, so the learning process was painfully slow. I had to Google every technical term I heard, explore Facebook groups and blogs, and do my own extensive research, but eventually, I finally learned the basics.

‍

What I loved:

With solid foundations covered, I could deepen my learnings and start to get into the real hacking world. I learned some phishing and how to crack paid software, and I did that for a few months until I moved onto my next adventure. I’ve always loved technology and hacking, but those weren’t my only interests. 

I also loved business and traveling too, but I wasn’t sure how to get on the right path to do them. For 2 years, I took web and graphic design courses leading me to some web-building projects and even starting my own start-up. 

‍

Overcoming frustration:

But none of them succeeded the way I wanted them to. I wasn’t feeling fulfilled and with the freelance market being so unstable, my start-up was greatly affected and unfortunately, I was unable to recover. 

By the time I got admitted to college, I found myself in a place where all I saw was frustration, procrastination, problems, boredom and I felt unwilling to do anything. I got used to attending classes and traveling back home in a monotonous routine. But I didn’t want that. I wanted to do things my own way and I was afraid of being stuck with a 9 to 5 job with no freedom.

I finished high school with little hope in the traditional study system. I realized that college doesn't always teach us the knowledge needed to survive in today’s society. So, although I was accepted into Varsity University, I decided not to attend, and instead, dedicate myself to doing something more practical. 

‍

Bug Bounties?

One day, I heard about bug bounties from a friend who had previous experience in hacking and being a bug bounty hunter. He showed me all of the bugs he found and how the process of finding them worked. I was immediately hooked and apart from reading the material and watching the YouTube channels he suggested, I started doing my own research to learn more about how I could get involved. 

Bug bounties are rewards offered by companies or different organizations for finding and reporting security vulnerabilities in their systems or products. People who look for these are called bug bounty hunters, and white-hat hackers (meaning ethical hackers that play by the rules).

I was thrilled by the idea of working with bug bounties as a freelancer on my own schedule and at my own pace. The flexibility to choose which programs to participate in and when to work on them was appealing to a busy student like me.

Getting started in the bug bounty world wasn't easy, but it was definitely worth it. In addition to my own independent research of the field, I also tapped into many resources out there for bug bounty hunters, including online tutorials, forums, and communities where I could learn from more experienced hunters and even share my own experiences.

There were certain times when I felt it was too hard and everything was going over my head, but I was determined to learn and improve, and with each bug I found and each report I submitted, I gained more confidence in myself to do more.

‍

My first reward:

I remember getting my first $50 bounty reward from a self-hosted program by submitting a low-severity bug known as Click-Jacking. This episode occurred sooner than expected and it encouraged me to practice and learn more about bug bounties. It wasn’t long before this became my biggest passion. 

Looking back, I’m proud of having submitted several successful bug bounties and receiving recognition from many well-known companies like Sony, Asana, Airbnb, Brave, and more. It’s been an incredibly rewarding journey, and I’m grateful for having the opportunity to use my skills to make a positive impact in the tech world. And the great thing is, the best is yet to come!

‍

Tips For you:

For those interested in getting into bug bounties, start learning and getting as much hands-on experience as you can. It may be intimidating at first, but with determination and perseverance, you can be on your way to making a difference in the cybersecurity space, too.

‍

The list:

• Stay up-to-date with industry news and developments: It's important to keep track of what's happening in the world of bug bounties so that you always have updated information on vulnerabilities and cybersecurity trends.

• Be persistent and resilient: It takes time and effort to find vulnerabilities, and you may not have success right away. Don't get discouraged, and keep trying!

• Be responsible: It's important to remember that you are working to improve. Starting a bug bounty journey can be both exciting and intimidating, especially if you're new to the infosec field. But with a little bit of perseverance and some helpful tips, anyone can jump into the world of bug bounty hunting and start making a difference in the online security landscape. Don't be afraid to ask for help or guidance from more experienced bug bounty hunters or online communities. There are many resources available to support your learning and growth.

• Stay ethical: When starting your hacking journey, remember to be ethical and responsible for your actions. Finding and reporting CVEs is important, but it is crucial to avoid harming the systems or users you’re testing. Follow the platforms or programs’ terms of service and guidelines, and be aware of potentially damaging impacts you may have.  

• Be patient, never stop learning & be helpful to others‍, never forge!

‍

‍