Week 1: Documenting My Journey as a Full-Time Bug Hunter
Dates: November 3, 2024 — November 10, 2024
Last week, I reached out to X to see if anyone would be interested in weekly updates about my life as a full-time bug hunter. The response was encouraging, and here I am, sharing my first entry! Beyond the updates, this series will help keep me disciplined and accountable.
After a month-long break from bug hunting, I’m finally diving back in. I was tied up with other tasks — if you follow me on X, you might know that I recently bought a new home, a milestone I’m thrilled to achieve in my early 20s. It may take a bit to fully regain my rhythm, but I’m motivated and eager to share as much of this journey as possible with you.
Bug Bounty Update
In my first week of documenting this journey, I experienced that classic bug hunter rhythm: reporting bugs, refreshing the inbox for updates, and waiting on review outcomes. I reported a few bugs this week — some were triaged, a few ended up as duplicates, and many are still in the new state, pending program review. I haven’t received any major bounties yet, though I did get paid for a few retests. The client promised that bounties will be awarded next week, so fingers crossed!
One particular finding stood out: I discovered a bug the client fixed within hours. That dopamine rush when you know you’ve uncovered something valuable — it’s been a while since I felt that, and it was a great reminder of why I love this work. It happened on a day when I worked from 11 AM to 7 PM and ended up with some back pain (if you remember from my posts on X, follow me there for more updates!).
This week, I also spent some time developing a tool (yes, I’ve unofficially named it ChatGPT Jr.) to help streamline my bug-finding process for API-related vulnerabilities. The tool generates likely API paths with a good probability of identifying hidden endpoints on web applications. It’s already helped me find a bug in one program, and I’m excited to see how it performs as I refine it further — especially for hunting down those elusive IDORs.
On the Health Side
If you’ve been following me, you know I hit the gym six days a week for about 1.5 hours, working on two muscle groups each day and taking Sundays off. If you’re a fellow bug hunter and haven’t incorporated physical activity into your routine, give it a try! For the first few days, it might be a struggle, but in the long run, it pays off — you’ll feel more energized and mentally sharp. Some of my best findings came right after gym sessions. My schedule can be all over the place, so I fit workouts in whenever I can — early mornings if I’m up, or in the evenings.
Tool Suggestions?
I’d love to hear from you if you have any recommendations for bug-hunting tools worth investing in. I’m considering a few paid options, and I know the right tool could make a difference in finding those extra bugs each month. Although I’m not focused on automation right now, a tool that could help me consistently find a few valid bugs would be amazing and worth the investment.
What to Expect in My Journey Ahead
Starting next week, I’ll be focusing on tracking my time investment more closely. I tried logging my hours this week but kept forgetting to record them consistently. Since it’s only the first week, there’s still room for improvement, so bear with me as I get the hang of things. Each week, I’ll aim to refine my process, sharing as much detail as possible to give you a clearer picture of my full-time bug-hunting journey.
Thanks for joining me on this journey! I’ll be back next week with more updates on bugs, progress, and maybe even some bounties.
