Lessons For Today
I spent the entire day doing recon, manually. What was I doing exactly? I was hunting down functionalities, endpoints that automation cannot get to, endpoints behind authentication, I was basically doing manual hacking.
My lesson is — have a reason to do something, randomly “hunting” or hacking without a destination in mind is counter-productive, know what you’re looking for, and know what to do once you’ve found that. Let functionalities drive your methodology. Move with a goal in mind.
For example, when you have an XSS methodology, as most people already know, you search/recon(automation/manually) for areas where your user-input is being reflected(this is a goal, a direction), you do not randomly fire payloads all over the place, you first gather data, manually or through automation, I personally prefer both. This is a very important step, which is why it consumed my entire time for hacking today.
Let functionalities drive your methodology. Hack with a final destination in mind.
I’d like to thank each and every one of you.
Thank you for taking the time to read through my post. Take care.
For updates — Twitter: https://twitter.com/wallotry/
To send me private program invites — HackerOne: https://hackerone.com/wallotry
