The Low Down [TL;DR]:

Hello all and sorry for the missed blog post last week as well as the late post this week. If you’re reading this still.. then thank you! This weeks post is about lack of motivation in bug bounty following burnout and imposter syndrome and overall mentality. In this post I break down my own mindset when it comes to dealing with the mentioned negative feelings/thoughts in this field of research/life in general🤞.

The Vulnerability

The vulnerability this week is going to be a Cache Poisoning vulnerability impacting the mind. The reason I like to refer to the negative thoughts as Cache Poisoning is because it’s a fun analogy that somewhat makes sense and it is related to bug bounty so why not 🤷.

Cache Poisoning is when an attacker can make a web server and cache react in such a way that a harmful HTTP response is cached and served to regular users on the web application. The impact this type of vulnerability can have can be critical in most attack scenarios.. well as long as the hacker can cache a harmful response.

Negative thoughts are thoughts that we sometimes subconsciously create and then the little voice in our head ( hopefully I don’t sound crazy here 😅 ) projects this internal monologue to our sentient thought process which, when listened to, can affect how you feel. It can affect your thought process, your mood, an entire day, or entire week and sometimes when it’s bad enough.. your entire life.

Let’s refer to this internal monologue as the bad actor and the negative thoughts as the harmful response that the bad actor is trying to cache. When the server listens to this request and caches a harmful response, regular users ( aka your sentient being ) then receive this harmful cached response when performing a certain action on the web server ( aka taking an action in life/doing a task IRL ). When the payload pops it can overwhelm your mental with thoughts that lead to lack of motivation such as “Oh this is a hardened scope, no way I’ll find bugs here.. why even try” to “If I go to the gym, everyone will look at me like I don’t belong there” and even “Everyone else is finding bugs, I haven’t found one in weeks.. I’m just a bad hacker”.

Negative thoughts can lead people down an even darker path, as mental health is a serious issue in this modern world we live in. There are just so many life sucking things on the internet that when subconsciously or consciously binged can have such a demeaning impact on your life. This is why it is important to find balance outside of the screen. I’ve discussed some ways that I do this below!

Mitigating Cache Poisoning in the Mind

“Talk to yourself, but don’t listen to yourself” ~ Zig Ziglar

The above quote is one of the best quotes I have ever came across. It means that it is okay to have that internal monologue but it is important to know when and when not to actually listen to it. I have ADHD and so my thoughts come out like rapid fire, I’m talking 20 tabs open on chrome and each one my brain is trying to hyper fixate on within minutes of each other. This is a gift and a curse.. a curse because when I get demotivated it’s SUPER hard to get out of that slump.. But also a gift because when I manage to pull myself out of the slump I can steamroll for a while before hitting another stump.

This is the same thing as allowing yourself to feel out your emotions when a situation arises that causes them to flare but you don’t turn into those emotions or let them affect you as a person. This takes a lot of self reflection and internal perception to discipline yourself in these situations. The best way to do this is by making yourself comfortable in the uncomfortable. Putting yourself into uncomfortable situations and perceiving how you feel and trying to understand and be comfortable with those feelings is a super great exercise.

I say this because when you’re repeating your daily cycle over and over again you tend to get super complacent and comfortable to the point where it may end up making you miserable. This is when negative thoughts tend to set in.. and when they do you should try some of these listed exercises below.

Some things to do outside of the screen:

• Go to the gym

• Get outside/take a walk

• Socialize with friends

• Dates with your spouse

• Clean your study/house | Cook a good/new meal

• Work on another passionate hobby

When I get demotivated to hack or feel like an imposter hacker that doesn’t belong in the bug bounty scene.. I like to do practice hacks or try hacking on VDPs with wide scopes just to find SOMETHING to validate myself as a hacker. Practice labs are really good for refreshing your skills as a hacker and super great for beginner hackers. I have linked a few exercises below you can do when you’re feeling like an imposter hacker.

Some exercises to do behind the screen:

• Pentester Labs Exercises - these guys have great practice exercises for hacking web applications.

• TryHackMe - really good platform for refreshing your skills/knowledge. You can subscribe or do free labs. I recommend this for beginners as well!

• XSSGame - really fun XSS level based labs that get harder as you progress. Another great exercise for refreshing your hacking skills and testing your current knowledge.

• PortSwigger Labs - one of the top best free resources when it comes to educating yourself about bug bounty/hacking. A bunch of labs hitting every category of bug you are likely to run into in the wild. (100% recommend this one. )

Final Thoughts

It’s important to clear the mind.. especially when you’re on the verge of burnout or if you’re simply burnt out already. It’s super important to clear the mind especially if you’re burning out, this is when it’s crucial to break that cycle and refresh your system with some of the mentioned steps above. Even the greatest hackers and most successful people in the world suffer from burnout but you can best believe they also have processes/steps in place to help mitigate their own burnout.

Another key take away from this post is that it’s important to know when and when not to listen to your internal monologue. The reason being is that.. that “little voice” is something that sets the mental environment that you live with on a daily basis. The thoughts you focus on are the thoughts that will mend your daily life as it shows that what you tend to focus on more tends to shine brighter in the light.

Take time to step away from the computer screen and put the technology down. Something like your computer and the internet will likely be where you left it when you want to return to it. Don’t think you’re “wasting time” when you’re not attempting to hack or not spending your time productively, you’re simply “clearing your mind”.. unless you’re simply lazy and non-productive for weeks then you should probably splash some water on your face and slap yourself back to reality.

Anyways.. thanks for reading and always feel free to reach out to me on Twitter/Discord for any reason at all 🫶 Below are some drawings from when I used to draw in my spare time as another hobby outside of hacking. Funny thing to note about these drawings is that I completed each of them in under an hour.. sometimes in under 30 minutes 😎

Want to follow my bug bounty adventures? Catch me on Twitter @actuallyclover!

Resources:

- https://www.assetnote.io/resources/research/insecurity-through-censorship-vulnerabilities-caused-by-the-great-firewall

- https://pentesterlab.com/exercises

- https://tryhackme.com/

- http://www.xssgame.com/

- https://portswigger.net/web-security/all-labs