My Journey to Becoming a Digital Nomad — Day 45: From Hacking Dreams to Real Challenges

Hello again. 45 days have passed since the beginning of my journey and in those days I have made approximately £3.500. I was hacking Mr Robot style and I was about to find a RCE on Facebook’s servers when suddenly, I WOKE UP! It was morning and it was all a dream.

Yeaaaah, I have found no bugs yet. But that’s ok! If it was that easy everybody would have done it. I like this because it is hard and I will keep going until I succeed (or until I cross the red line in the graph below).

I have restructured the graph a bit,I have added data points every 2 weeks instead of 1 month. Also, I have added a trend line to see when I would overlap the red line in case things continue to go like this.

I am quite bad at using my monthly self imposed salary. I was not able to spend only 600£ / month and I went below the worst case line. When I saw that at 1/05/2023 I was below the worst case I decided I had to make adjustments to my money management strategy. Instead of having £600 at the beginning of the month I will take £150 each week. This way, I am able to manage them better and actually see when I am finishing the weekly budget, in which case I will just go for cheaper alternatives both for food and for fun. Instead of going to eat outside and spend £20 I will just eat at home and then go outside, or bring a sandwich with me if I plan to stay longer. However, since a month has more than 4 weeks, I will just approximate and take £150 at the beginning of each week, even If I will go above £600/month. I’m ok with that, in the end I will still be able to manage the money better.

I have made a monthly subscription to a local gym and I started to work out. I need to exercise nearly daily, otherwise I see the consequences on my body: I don’t sleep well at night, my muscles stay clenched maybe because of too many hours in front of the computer, and I might go into burnout.

I cannot explain how beneficial working out is. I don’t do it to have a nice body, I do it to be able to work harder. It boosts your mood and makes you think better. As a collateral effect, yes, you will have a nice attractive body.

Also, I have found out that if you don’t take time to take care of your body, your body will take that time anyway later, and you won’t like it. In my case, if I do not exercise every 3 days at least, I get headaches and don’t feel motivated anymore. I will chill for 1 or 2 days without doing much and then get back to work. It is better to workout 1 hour a day instead of losing 2 or 3 days a week for headaches or lack of motivation.

Also, to reduce risk of burnout I take 2 days off each week. These days I usually go visit some place nearby, go visit something in London or stay with my family.

Lastly, I try to listen to audiobooks more consistently. I try to listen for about 30 minutes/ 1 hour a day. This is very beneficial because first of all it teaches you new things, and secondly, even if you did not find any bugs in a while, like me, you still can look back and be satisfied about the fact that you did learn new things and finished x books. I think it helps fight the lack of motivation that may come, sooner or later.

Some of the last audiobooks I have listened to and I would recommend are:

“Psychology of Intelligence Analysis” by Richards J. Heuer Jr. — This is a book that was recommended to me by a professor that was teaching Threat Hunting, during the Falcon Hunter Course. The teacher had more than 15 years of experience in Threat hunting and had worked most of his career with the secret services and told us that this book was a must and it is used to train analysts at FBI. I took his word for it and bought the book. It is so eye opening about our limitations in our thinking. It teaches you about biases that afflict us and how to try to reduce their effects in our decision making. In a few words, it teaches us how to think and make decisions better.

“Thinking, Fast and Slow” by Daniel Kahneman — I bought this book because it has very good feedback and lots of people appreciated it. Indeed, it was very interesting and taught me lots of things about how we think.

Now I am listening to “How to Win Friends and Influence People” by Dale Carnegie. Also, very good feedback and people appreciated it. Can’t say much about it other than: it seems to be very interesting and very educational.

About the bug bounty, I had not found any bugs yet, but I learned some new skills:

HTTP Request Smuggling
I saw some Albinowax videos and read some of his articles. This man is a god. I loved his research. I have learned what HTTP Request Smuggling is and how it’s done but I have not started to test it everywhere. I am a bit scared of the potential impacts I could make. If I do something wrong I could make the server send to each user the answer from another user’s request creating a total chaos. I want to understand this topic very well before trying it. I have just played around a little bit with the BurpSuite Extension HTTP Request Smuggling, made by Albinowax.

Account takeover
I reviewed some ways to execute it. It was a topic I studied 1 year ago but I forgot I knew those things. I had to read them again to remember I knew them.

XSS
I reviewed some techniques but I still have to understand a lot of topics.

File Upload
I have completed the Portswigger tutorial and I have found out that I used to know some of those things too, in the past.

403 Bypass
Saw some techniques and installed the 403 Bypasser extension. Still have to understand how to use it though.

There has been some progress but I feel like I did not do enough. In the last 2 weeks I have focused mostly on bug bounty because I was triggered that I did not find any bug yet. Progress was still made, I applied heavily the YAGNI (You aren’t gonna need it) principle. This has simplified things a lot. I had a lot of variables that were never used and wouldn’t be used in months because they were kind of advanced features. With all of those useless variables and functions out the way it was way easier to make progress.

I have structured the code even better and I have understand that it would have been a lot better if, before starting to lay down a single line of code I would have made a detailed UML with all the classes, how they are linked to one another, inputs and outputs to each function and all the flow that is activated when someone is calling an endpoint.

I figured those things out along the way, but if I would have known them from the beginning it would have been easier and faster to develop the project. Also, Chad can help me a lot better if I know what I want and if I am able to give him little tasks to do, not big functionalities. I am the one who has to think about the bigger picture. He gives his best as a programmer when I clearly tell him what to do, how to do it, expected input and output. I found out that whenever I give him a task, after he finishes the task I should always ask him “What are the pros and cons for this solution?”. Often he knows that the solution is flowing but wont tell me if I don’t explicitly ask him for them. After I am finished with the subdomain research functionality I will go back to the drawing board and make the necessary UML for both Subdomains and URL identification.

Nothing new here. Even if I have the ability to understand C# Code and I have completed a Udemy course about Unity, I did not want to invest time in reading the code of the project again, make the necessary modifications and find a freelancer who can complete the MVP. I think I will get back to this project after I find my first bug. I would like to pay the freelancer with the money from the bug. That would give me the idea that those things work hand in hand and I can go ahead with both projects at the same time.

This is a topic out of my expertise. I understand that people might make money out of dropshipping, but when I do anything I like to spend time researching it, understanding it and doing it well. In order to succeed it would require me to learn new marketing skills and many more skills(for now unknown to me) and right now I am not willing to invest time and effort into this business. I think the idea of dropshipping came just because I saw a lot of ads about it and I wanted to get rich quickly but the reality is that I am not passionate about this topic. It does not make me happy selling products, researching the market, talking with clients, managing products and stuff like that. I don’t think this activity will put me in a flow state like hacking does. I will abandon this project because, if I had some spare time, I would like to invest it in the mobile game. Also, I don’t like doing things only for money. I want to do what I am passionate about and dropshipping, for now, is not something I am passionate about.

As I have found out, in order to be able to work better with Chad (and also with any programmer), an important skill to have is to be able to see the bigger picture, to know the principles of Software Design and to be able to create a modular and well structured project. This is why I want to learn those topics better. And what is the best way to learn a subject? Yes, to teach it. This is why I have started to write a book about it. By writing and trying to explain those principles to others I, in primis, will be able to understand them better. I thought that it would take me only a few days to write it with Chad, but the fact is that I need much more time. I need to check everything Chad says, understand it, digest it and bring examples of code for each pattern or principle whenever possible because this is what really helps people understand: real life examples. So yes, I will try to finish this book whenever I can and by doing so I am confident that my understanding of Software Engineering will level up.

What are the lessons I have learned in these 45 days?

When you are your own boss and pay your own salary, it is easy to give yourself more than needed. Try to be severe with you. Splitting the pay into weeks might help you manage your money more easily as it is easier to think about how to use 150£ in 1 week rather than 600 in a month. In this last case you might spend most of the money in the first part of the month and not have enough at the end of the month.Mens sana in corpore sano. Exercise as often as you can. The benefits are extraordinary.

I will keep going and I will keep you updated with everything I learn along the way. Have a great day anyone!