Hello world!
| |
Hello world!
| |
I’ve always been a computer nerd, endlessly curious about how everything works under the hood. My journey into cybersecurity has been equal parts exciting and exasperating—so here’s a quick story about how it all began.
One day, I realized I wanted more from my IT career. I reached out to a friend in cybersecurity for advice, and he pointed me toward building a home lab and earning my Security+ certification. Motivated, I jumped in: I bought a Security+ course from a popular online platform and started studying.
As I watched the course, my curiosity got the better of me. I peeked at the page source using my browser’s developer tools and noticed the current video’s MP4 file was exposed. Intrigued, I started force-browsing and soon found the root directory containing all the Security+ course videos. No big deal—I had paid for the course, after all. But then, I wondered: What about courses I hadn’t paid for?
After confirming the platform was part of a bug bounty program and that this kind of discovery was in-scope, I tried the same trick on another course I hadn’t purchased. Sure enough, by tweaking the sample video URL, I uncovered the directory structure and gained access to all the videos for that course, too! The rush of realizing I’d found a real bug was incredible. I tested a few more courses and confirmed the issue was widespread.
Despite my inexperience with bug reporting, I submitted a detailed report. A few days later, I checked back and saw the issue had been fixed. However, the bug bounty platform replied that “no issues were found.” I was frustrated not to get recognition, but I walked away with valuable experience and a boosted drive to pursue a career in cybersecurity.
Today, I’m a security analyst looking to advance into offensive security.
Anyways, why this blog?
- Provide a resource for others. 😃
- Showcase my knowledge to employers. 😉
Anyways, go poke around in the blog and see what you can find!