Welcome to the den where you get to hear tales on how I am building and securing the tech atmosphere in daytime and getting highly caffeinated to break into the systems at night. Officially, I am a DevSecOps engineer, building next generation cybersecurity products to secure the digital realms staying within set boundaries of policies and procedures. Driven by passion, also a trying-to-be a Bug Hunter to break into systems with my wild ways and thoughts but with legit permission and submit reports.
Intentionally, I'm not making this a personality blog, you won't get the vibe of typical social media posts like we do post in Facebook or Instagram. Rather, you will sense who I am from the work, alarms that I notice, triggers that mitigate, loopholes that I discover to break into, and reports I may submit. You may not gain a penny listening to how my personal life is going but get insights from one of my posts that are relevant to the ecosystem we are in, the mighty tech space.
Credit: The image is generated by Google AI
What You Can Expect from Me
As a DevSecOps, I need to abide by the rules and regulation, industry standards, scheduled meetings, tight deadlines from the management, corporate rules and what not. But when acting as a Hunter, not to abide by strict rules but to hunt into the wild with ethics, not to follow scheduled tasks but to go for spontaneous discovery, a blinking cursor in the terminal waiting for my next command to land in the loophole, a logical flaw and checkmate from my end.
Living in both worlds for a while and this blog will contain the reflections of those experiences. So it's an open invitation to follow along, join if you share the same mindset. Welcome to my archive!
Corporate Security Notes - Defensive Guy!
I work on the defensive side, to build stuff so intruders can't break into your application or system. We, as a team, are developing next generation cybersecurity products, to secure the infrastructures of the clients that reside in the cloud. Me, from the researching team, diving into the development as well so you gonna see the journey from this atmosphere to that.
So you will see me researching and sharing with you the pain points of a tech feature, logic flaws that raise concerns, proof of concepts that are gonna fail or pass, and ways to mitigate them as a service to provide.
Bug Bounty Hunting - Offensive Guy!
What drives me to better perform on the defensive side is my interest in offensive stuff. By passion, I poke around to Bug Bounty programs to break into them, to find logic flaws, code vulnerabilities, and more that can be exploited. These very instincts to break into the systems, research to figure out the flaws, makes me a checklist on possible ways. And when I sit as the defensive guy, I am bound to cross check and for the parameter so these checklists get sanitized, defensive mechanisms are in place, breaking into these methods are forbidden. That's how I stay in the loop.
So, you will see me writing blogs on getting started in Bug Bounty Hunting, how I do spend time on bug hunting, my research, valuable insights, and what not. If anyone want to hop in with me on this journey, most welcome for a collaborative approach to the targets in poking around, to learn, grow, and crack.
Infosec Tales
I tried to dig for infosec stuff here, in this hive ecosystem, barely could see them. That's why this approach, thought of grabbing the opportunity to sit in the driving seat to deliver what I can the best. Security in this digital atmosp[here is a shared responsibility, if the both sides aren't enlightened equally then the sync gets destroyed and creates flaws that cause disruptions.
So I am here to fill in the gaps from my knowledge and experiences, bridge between the gaps with information, and keep you ahead of the curve by sharing what's happening in the wild.
The 60-Day Sprint - Do or Die
To be honest, I am preparing to dive into Bug Bounty Hunting with a 60 day sprint, dedicated time. 60 days with the priority to Bug Bounty research and hunting. In Bug Bounty, success isnt sure shot, rare to the beginners, so I am going to be more focused on learning and enriching the senses rather than reporting blindly for a payout. Well, the goal is, if I dont land on a decent bug within that 60-days sprint, I might quit Bug Hunting and solely dive into defensive, the advanced stuff that requires more research, time, and dedication.
So, to keep track of these days, research, thoughts, findings and failures, needed something to keep track of. Twitter could have been a suitable space but needed something to go as much description=ve as possible, throw as much stuff as i want, make like a journal, that might help a fellow warrior as well.
Why on Hive Ecosystem (A Public Platform)
For accountability, with publicly announced goals (60 days sprint to leave bug bounty) it's harder to ghost around without really doing. Writing publicly also helps in better clarity, because the engagements I am expecting will push me deeper to better explain, solve queries, and go to the next level.
Also, a track record, isolated from the social cluttering. Gonna be a timeline, a resources sharing journey, countless engagements. This is me building an archive in public.
Call for Collaboration
This is day 0, initial introduction has been marked, the real work begins from next. Diving into the wild. Looking for fellow tech guys, maybe you are a DevSecOps, Pentester, Bug Hunter, or an infosec guy from any relevant domain. The comment box is open, feel free to hop in, would love to have a chitchat with you. Learning and progress gets skyrocketed when you get like minded people to collaborate in the journey, badly looking for someone.
Let’s dive into the journey of building, breaking, and learning in the process…
Signing out for now…
Your InfoSec guy!
Credit: The image is generated by Google AI