Hello world!
| |
I’m a born computer nerd who’s trying to figure out how everything works. My path to cyber is fun and frustrating at the same time, so here’s a quick story…
One day, I decided I wanted more out of my IT career and asked a cyber buddy where I should begin. He suggested that I apply myself in a home-built lab and obtain my Security+ certification, so I did just that. I started by purchasing a Security+ course on a major online learning platform and began studying.
As I watched the Security+ course, I glanced at the page source to find the current video’s MP4 file exposed. I then force-browsed my way to the Security+ course’s root video directory, giving me access to all the Security+ course’s MP4 files… Big deal, right? I had paid for access. Well, after confirming this learning platform was part of a bug bounty program and that this discovery was in-scope, I wandered my way to a random unpaid-for course and found the directory structure by force-browsing from the course’s sample video URL. This ultimately led to the discovery of all the MP4 videos of the unpaid-for course! Did my intuition lead me to my first bug!? With the lack of experience I had, I was having a hard time believing the situation, so I confirmed the issue by looking over a few other courses, verifying the problem over and over.
Despite my lack of experience with bug reporting, the report I submitted was effective. After a few days passed, I revisited the learning platform and verified that the issue had been fixed, while later receiving a reply on the bug bounty platform stating that no issues were found.
Even though I was upset for not getting the recognition, I came out on top by learning two important things that day:
- I found my passion in cybersecurity, stemming from the idea of helping others protect their data.
- Making clear, concise, and detailed reports is very important!
Anyways, why this blog?
- Provide a resource for others. 😃
- Showcase my knowledge to employers. 😉
Now, go dig around!