What’s up man?
Remember my last post? The one where I ranted about being forced to take a digital literacy 101 course as a computer teacher. Hell, it’s not even 101, it’s 11, maybe fucking 1. When they pushed that “seminar” on me, something snapped. I said fuck this system, and cracked the whip on the SCORM backend. Then I looked around and thought — wait, this is actually fun. Should I be hanging out in these parts? Maybe bug bounty is where a self-taught hacker like me belongs. And that question is what this post is about. Buckle up, if anyone’s out there.
The AI Age, Gemini, and the Zero-to-Hero Curriculum
The story starts with the AI age, man. You know, this supersonic era we’re living in. Full of hallucinations too.
AI gave me unlimited access to learning, and that’s an incredible thing. Go learn whatever you want. Of course, you have to learn how to learn first. But I’d already cracked that through something I call “mind coding.” We’ll get to that another day. Anyway, I asked myself — if I’m someone with talent for hacking, how do I test it? By trying, obviously. And how do I try? By looking at who the real badasses in this field are. Haddix, Nahamsec — you know them. I started digging into their courses, their curriculums. Then I went to AI — Gemini, brother, forgive me — and said: look at these guys’ work and build me a zero-to-hero curriculum. 100-day challenge. And Gemini didn’t let me down. Laid out a solid program. Start with basics. Go to Bandit. Then Natas. Then PortSwigger. Work through every CTF. And whatever you do, don’t touch bug bounty programs yet — start with VDPs, collect thank-yous, build your HackerOne profile, then move to BBPs. But not the big ones. Only the small ones.
Get a few thank-yous in your first year and you’re doing great, buddy. It played me clean. Took me 30 days to wake up. Said I was smart, didn’t I. 🤣
Bandit, Natas, Burp Suite — All Too Easy
So I started the zero-to-hero grind. I remember my first dives into Bandit. Damn, it was a rush. Let me not pretend I came from nothing though — I studied a technical field in college, and I’d spent years becoming an expert at cursing out every damn Linux distro of that era. That ATI driver and xorg.conf drama aged me in college. You know that one legendary hardass professor every department has — the one responsible for guys who take 11 years to graduate because of a single course? That guy. I probably got my highest grades from his classes, armed with this whole curse vocabulary. But that’s a story for another time.
For all these reasons, Bandit didn’t last me 9-10 days. It was supposed to take a month. Fine, I said, keep pushing. Threw myself into Natas, onto the shores of OverTheWire. That one? Gone in under 10 days. And I wasn’t grinding hours either — half an hour a day, maybe an hour tops. But something felt off. I was getting suspicious. Fine, I said, if this is easy there’s no point dragging it out. Heard about this program called Burp Suite, and the forest belonging to the famous Kettle guy who built it — dove right in. Packets flying everywhere. HTTP 1, HTTP 2, requests, responses. HTML looking familiar because I’d seen it and taught it. Eating labs like candy.
Day 27: The Trap Revealed
Then came day 27. Gemini, the little bitch, starts telling me — buddy you’re doing great, but take it easy, don’t get excited, the bounty world will chew you up. I said shut the fuck up man. You don’t see this lab environment? Look — somewhere in this system there’s a vulnerability, and you’re going to find it, and I’ll give you a gold star. Whole big story. And that’s when it hit me — education was a trap. And the guy inside me — the one who spent 6 years and couldn’t even build a portfolio, who bought every anatomy course on the market — called out from somewhere: you’re eating the same shit again.
And this time I couldn’t eat it, man. I didn’t have the luxury of burning another 6 years reaching for an asynchronous life. Don’t get me wrong — I don’t see my old 2D animation and logo days as wasted time. But if one of the byproducts is supposed to be financial freedom, I’m not waiting another 6 years to build it. And at the end of those days I figured it out: the system is constantly selling you training, man. Constantly selling you education. Because you have to stay incomplete, forever, so you keep buying. You can never be ready. But here’s the thing — knowing and being, in the way we’ve been told, are two things that never actually complete. That’s where the story they sell us begins. One day I’ll learn anatomy so well I’ll become Kim Jung Gi (rest in peace, he was a good one). It doesn’t work like that. It didn’t. One day I’ll solve every CTF so well that the HackerOne angels will descend and say “oh mighty one, what a great hacker, please come be our king.” That’s not happening either. 🤣
Straight to the Big Leagues
Then I explained all this to AI, and it said — no buddy, please stop. First CTFs, then all the labs, then VDPs, maybe then BBPs. Collect a bunch of thank-yous by year’s end. Are we going to eat thank-yous for dinner? Fuck your memorized standards, I said. Did we come here to be standard? Bring me the biggest one. For the record — three days of Burp Suite experience, be warned. 🤣 And that’s how my journey to one of the most badass programs, that famous accommodation app, began. I won’t name names and embarrass anyone, but my HackerOne account is there. Got a few thank-yous, maybe.
Money? No money. But that’s a story for the other posts.
Fuck that triager. Sayonara…
Leave a Reply