This is meant to be a brief post to assist me with tracking my progression in the Bug Bounty space.
As there is no guarantee that I’ll ever be good at this field (let alone achieve a single bounty), I’m hoping these posts help me keep some perspective.
**UPDATED 10/25/2021**
- 10/9/2021: Initiated working on Synack platform. Briefly examined several available targets. Found one target that allowed users to upload files and make directories; however, was not able to to do anything meaningful yet; there was some file sanitization taking place and a filter applied to the naming conventions of the directories.
- 10/10/2021: Resumed working on Synack platform, also briefly surveyed 1 target on HackerOne. In the latter instance, started exploring the use of the AMASS tool offered by OWASP.
- 10/24/2021: Picked up with exploring target through Synack; however, found that there were issues with the target and Synack’s VPN; I was looking to try and play with some potential file upload / IDOR bugs, but time was late in the day and I ultimately had to cease without much progress.