It feels like forever since I last posted here. Thanksgiving Break wasn't much of a break, to be honest. I spent the majority of the time engulfed by college and scholarship applications, so I can't say that I've done too much in the way of progressing through my original work. However, I can say that I've managed to get through at least the critical parts of HackerOne's web application penetration testing course (they call it a "hacking course", whatever floats your boat). After taking some relatively light notes over the most common and severe bugs to look for, I think it's well past time to begin actually trying out some of the available bug bounties. At this point, I have learned just how much prior experience most penetration testers have. As someone who thinks very mathematically (is that even the right way to say this?), I figured that developing a solid foundation would ultimately make taking on an original work like this easier. It has not. In reality, there is simply too much "foundation" to cover. I have touched on network infrastructure, internet protocols, even played with Assembly, of all things. Yet most of the work done by professional ethical hackers does not involve foundational-level knowledge of any of these things. What I should have been doing is using pentesting tools, familiarizing myself with routines and procedures of pentesters. I could never have feasibly developed a solid enough foundation to where I could just reason my way through everything. I made the same mistake last year with neuroradiology. I thought cybersecurity would be different. It is not.
Charles Wolfe