Week 1: Documenting My Journey as a Full-Time Bug Hunter

Dates: November 3, 2024 — November 10, 2024

Last week, I reached out to X to see if anyone would be interested in weekly updates about my life as a full-time bug hunter. The response was encouraging, and here I am, sharing my first entry! Beyond the updates, this series will help keep me disciplined and accountable.

After a month-long break from bug hunting, I’m finally diving back in. I was tied up with other tasks — if you follow me on X, you might know that I recently bought a new home, a milestone I’m thrilled to achieve in my early 20s. It may take a bit to fully regain my rhythm, but I’m motivated and eager to share as much of this journey as possible with you.

In my first week of documenting this journey, I experienced that classic bug hunter rhythm: reporting bugs, refreshing the inbox for updates, and waiting on review outcomes. I reported a few bugs this week — some were triaged, a few ended up as duplicates, and many are still in the new state, pending program review. I haven’t received any major bounties yet, though I did get paid for a few retests. The client promised that bounties will be awarded next week, so fingers crossed!

One particular finding stood out: I discovered a bug the client fixed within hours. That dopamine rush when you know you’ve uncovered something valuable — it’s been a while since I felt that, and it was a great reminder of why I love this work. It happened on a day when I worked from 11 AM to 7 PM and ended up with some back pain (if you remember from my posts on X, follow me there for more updates!).

This week, I also spent some time developing a tool (yes, I’ve unofficially named it ChatGPT Jr.) to help streamline my bug-finding process for API-related vulnerabilities. The tool generates likely API paths with a good probability of identifying hidden endpoints on web applications. It’s already helped me find a bug in one program, and I’m excited to see how it performs as I refine it further — especially for hunting down those elusive IDORs.

If you’ve been following me, you know I hit the gym six days a week for about 1.5 hours, working on two muscle groups each day and taking Sundays off. If you’re a fellow bug hunter and haven’t incorporated physical activity into your routine, give it a try! For the first few days, it might be a struggle, but in the long run, it pays off — you’ll feel more energized and mentally sharp. Some of my best findings came right after gym sessions. My schedule can be all over the place, so I fit workouts in whenever I can — early mornings if I’m up, or in the evenings.

I’d love to hear from you if you have any recommendations for bug-hunting tools worth investing in. I’m considering a few paid options, and I know the right tool could make a difference in finding those extra bugs each month. Although I’m not focused on automation right now, a tool that could help me consistently find a few valid bugs would be amazing and worth the investment.

Starting next week, I’ll be focusing on tracking my time investment more closely. I tried logging my hours this week but kept forgetting to record them consistently. Since it’s only the first week, there’s still room for improvement, so bear with me as I get the hang of things. Each week, I’ll aim to refine my process, sharing as much detail as possible to give you a clearer picture of my full-time bug-hunting journey.

Thanks for joining me on this journey! I’ll be back next week with more updates on bugs, progress, and maybe even some bounties.