- Tram Ho
Written by Nguyen Hop Quang
Hacking sounds like a pretty tedious task. Sometimes when searching for hours, even days where you have not found any security holes, this feeling can make you frustrated and depressed when you have to “hack”. In this article, I will share my experience so you can regain your senses when “reporting a security hole”.
Depressed feeling while hacking
The first thing that I feel is quite important, is that you have to know what you are looking for, a lot of newbies, sitting on the computer and plugging their heads in “looking for something” without specifying clearly see from the beginning what you’re looking for. This results in you surfing through the pages very quickly without paying too much attention, or you tell yourself that you have searched all but nothing. So whenever you find it difficult, ask yourself this question.
What are you looking for? Which hole?
Make sure you have a clear goal. For example, the answer to this question is never “I’m looking for security holes.” Instead, it could be “For the next two hours, I’m looking for the Insecure Direct security hole. Object Reference (IDOR). ”This gives you a lot of other benefits like:
- You set a specific deadline to try harder
- You know what to test
- You know what you need to read to know more about this
- You can ask a specific question and get answers on forums
- You know which one should be tested first, which one is later
During the “hacking” process, remember to always note what you feel is abnormal, from the notify, header, text lines in the response so you can check it later. Every time you discover a new goal, make sure you approach it in a “SMART” way.
Focus on thinking about your goals
There are many different reasons that make you frustrated during the “hacking” process, trying to spend a lot of time “searching” is sometimes not a way. I would like to give some “methods” that you can practice applying while in a “stuck” state:
- Turn off the computer, go out
- Eating 😃)))
- Play the game (but do not take the full time to look at the electronic screen)
- Go to bed!
Learn and learn more
As a hacker, it is important that you know what you know, more importantly, that you know what you don’t know. Always be aware of these things so you can supplement your knowledge in exactly what you are weak. Assuming you’ve never heard of or heard about the XML External Entity (XXE) security vulnerability, this is an opportunity for you to learn more about this bug.
And as above I said:
Always taking notes
There are many friends in the process of hacking, not taking notes at all, leading to the latter, when the stalemate did not know where to start from, I myself find that taking notes brings a lot of benefits. When you “stuck”, you can reopen the note, re-read from the beginning and think about what you should do next, where to start. By the way, I always share with you my favorite note-taking tool, which is recon.sh
taking note with recon sh
That’s my advice, in addition, don’t be too discouraged when you’re “stuck”, remember that in work, everyone will “stuck” only, not in one problem, another problem, please Get acquainted and overcome it as simple as possible.
Source : Viblo