Its been 2 weeks since I passed OSCP.Hopefully this will be my secret source to beat this endless rat race.
I have built a domain assets monitoring tool to discover more potentially vulnerable assets for the bug bounty.
Sadly, all the reports I have submitted to verizon are not qualified for $$$.
Luckily, all of those reports I found from android apps are triaged and pay off $$. Some of those are still under review.
I want to make a come back.
This is my week update -
Tasks/day | Results |
---|---|
Music App Pen Test | found 1 vuls |
Line news, yahoo tw shopping, pixiv, dropbox, dropbox paper | inital recon |
pixiv hacking | found 1 vuls |
pixiv follow up, init recon hyatt, netflix, credit-karma | \ |
Yahoo TW News | found 2 vuls |
Yahoo TW News | found 3 vuls |
research on Yahoo TW News / Yahoo TW ecshopping & fix tax form | 2 duplicated |
research on Yahoo TW News / Yahoo TW ecshopping & fix tax form | 2 duplicated |
research on Yahoo TW News / Yahoo TW ecshopping & fix tax form | 2 duplicated |
building monitoring asset tool | \ |
building monitoring asset tool | \ |
building monitoring asset tool | \ |
fix monitoring asset tool, & + hyatt | found 1 vul, duplicated |
rest | \ |
fix monitoring asset tool, & + hyatt, + tw yahoo stock / news / ecshopping/ flurry | found 1 vul, too low issue |
hyatt dotdotpwn, pixiv review, indeed dns review, hacking indeed, kingred | found 1 vul, submit to bugcrowd |
After 2 weeks, I have submitted total 12 reports, 3 duplicated, 2 informative, 1 + 1 N/A, 1 also considered N/A shut down because the apps are closed after I have submitted the report in few days. 2 are under review, 3 are triaged.
Current confirmed bounty : $500 USD .