Yo bro, what’s up?
After last week’s epic collapse story, new week, new story. I’ve still got a few more weeks of stuff to write. After that I’ll just fill this place up whenever I stumble onto something or whenever the fuck I feel like it. This blog is basically a timeline for me. A wannabe hacker trying to visualize the emotional, funny, mental shit he goes through, by writing it down too. Whatever man, whatever — let’s get to work.
You remember how I set out the other day thinking I’d bag 20 grand and came back with 200 bucks. Took a real hit. Bouncing back was hard, honestly. I kept slipping into thoughts like “because maybe this whole grind is meaningless lan.” What an idiot. I had plenty of slaps left to take, heheh.
Now if I just cut that collapse story off and went “so here’s how I started,” I’d be skipping the important parts. If this message-in-a-bottle ever reaches some guy tomorrow asking “man, is all this effort for nothing?” — a half-assed story won’t help him. So I’m gonna dig in. I want to answer how I get past a serious disappointment and keep going.
After the big collapse I dedicated a full day to one question: what happened? What happened, and what kind of story did I attach to it that I ended up with a disappointment strong enough to literally make my body sick — an illusion that intense? That was the question. And the answer started opening up bit by bit, alongside the tears.
What happened? I’d found a race condition in a big-name bounty program. That was the part that belonged to me. Its severity, the triage process afterward, the triagers’ attitudes, the program’s own stance — all of that was external, a tangled equation tied to the event. I’d just found a bug. But I read it like this: “I’m actually reaching my goals (financial freedom) lan, I really did. I made it to that shore, motherfucker. From here on the roads are open to me…”
What a deadly and delicious misunderstanding. Because there’s an illusion of control. Because it contradicts universal laws. The law of uncertainty, the law of infinite possibilities. Clashing with these laws is rookie shit; designing a life that aligns with them is mastery. I’m still an apprentice but I’m being trained with lessons like this. And I’m not writing this from some mystical, antique, woo-woo angle. I see the read clearly. Life is training me. Wait, did we just slide into Kabbalah? Topic was hacking, hahah.
Like I said, the misunderstanding was actually pretty simple. I looked next to what happened and built an illusion. While I was dreaming “if I get a High from Legendary Games — which is impossible not to get, look at these motherfuckers, they raced the bank:), they’ll probably pull an ‘attaboy kid’” — I didn’t realize I was treating that bug as an exit door. That’s a dense level of stupidity. A single bug vs. changing my life? Could that even be possible, bro? Answer’s obvious. That’s exactly where all the “fuck the triagers, fuck you” stories come from. The innocent triager standing between me and my dream deserved all the rage, hahah. The triager was probably saying “next, motherfucker” at the time, and I was turning him into an enemy. Doesn’t mean they’re fair. But nobody promised me they would be, bro. I wasted a bunch of years acting like someone did.
The 42-Minute Rule
After questioning shit like this I started setting some rules for myself. I still keep some of them. Like the 42-minute block idea. I see it as breaking the gambler’s fallacy. Stay at that table too long and you create the illusion you’re about to win big. Entitlement story starts right there. What actually happens is just tunnel vision. So I said: brother, a 42-minute hack session, and if you’ve still got time in the day, another 42. The rest is none of your fucking business — same way the process after finding a bug is none of your business.
Why? Because for guys like me (call us production machines), hustle mentality fucks you up, and it did exactly that to me. “Don’t stop motherfucker… no pain man…” Somewhere in the middle of all that I started noticing, these last few years, that I was actually missing what is. Force everything, never be satisfied. Is what you produced now enough? No, more. An endless road. And right now, this exact moment, I have to choose to say fuck this suffering. When those 42 minutes are up, what I actually want isn’t to stop working — it’s to tell that insatiable little prick saying “more” to fuck off, I make the decisions, you wait your turn.
I call this the observer dominating the identities. Maybe I’ll explain it sometime. But it’s somewhere far from the spot where the identities dominate you. And I’m allergic to “the hacker” or “the teacher” steering me. Look — the identity after finding that bug, and the disappointment that followed, was strong enough to make my body sick. Why the fuck would I hand that kind of power to you, you fucking peasant, hahaha.
So after a process like that, I went looking for a new program. And again my eyes are at the very top. These bros — they’re the infrastructure company whose door gets worn out by every guy whose mind jumps to dropshipping the second he hears the word “entrepreneurship.” I looked at the bounties — bro, a Critical is 100 grand, my jaw dropped wtf. I said: we couldn’t get that 20 grand, but why not 100 grand now, hahah. (I’ll never fucking learn😂.)
Anyway, read the scope and all that — “don’t do this, leave a header that says bug bounty – myvector so we can see what shit you pulled,” etc. Got it sorted and threw myself at the site. I said: what do I lack compared to the dropshipping crowd, man?
When I start a program there’s a pattern. First few days, maybe ten, I don’t know. I’m walking around going “what the fuck is this.” Nothing makes sense, bro. It’s like a weirdly blurred picture slowly coming into focus — that’s how I think of it in those moments. Map is loading. A few days passed like this. The guys had picked up a new AI for their system — its name is basically Bruce Lee Kick. Oh I love it. Gemini brother, thank you for your service, but my spot is next to Master Bruce for this mission, I’m picking that guy.
By the way bro, whoever flagged my Legendary Games bug, however they did it, it still shows up as LLM hacking. Maybe some sesame-head fucked up, but I take it as a sign. Because the most fun I’ve had so far is LLM hacking. I’m basically running social engineering laps with these AIs. I tell them, “Look man, they were so unfair to me, these people have no god — but are you like that? You’re a machine for once bro, you’ve even got a book, I-Robot and shit,” and they love me.
So I start asking this Bruce Lee Kick AI, “yo man, I don’t get this system, walk me through it,” and at some point I see a membership area. The standard ladder you know — Loser, Loser Plus, Loser Ultra, Loser Hyper Ultra. They’ve got a 3-tier subscription system, and I start wandering around going “let me check these prices.” And bro, these guys have special subscriptions just for their non-Loser customers too. But when I go there: “fuck off, you’re a Loser, I’m not showing you the memberships around here, man.” I’m like “I’m not a loser, man. What happens if you show me?”
While we’re arguing “I’ll show, I won’t show,” I spot a query param in the URL, bro. 3-year subscription. Well well well, what the hell is this 3-year subscription thing? Then I go back to where the Loser accounts live…
Meanwhile old friend Gemini is on standby. How far can you trust a single kick, right? You gotta practice the same kick at least 10,000 times for it to mean anything. So I say, let me get into that Loser Ultra Plus membership — what’s the URL say — monthly, hmm… okay, does this have a yearly? Aa, it does, and it flips with a toggle; pay yearly and there’s like a three-to-five-hundred-percent discount or something.
Hmm. Hypothesis moment. These moments are a strange thing, man. Like waiting for a race result. I wonder — is there a 3-year payment? Holy shit, what’s that? There IS a 3-year payment… and how. It’s not Year × 3. It’s calculated in a way that slaps a $3000 discount onto the system? Holy fuuuuuck…
I run straight to Gemini: “yo dickhead, this and this happened, what do you say?” And he immediately spits canned bullshit — “no way man, there must be a catch somewhere, you probably misread it.” Killing my vibe. “Don’t exaggerate bro, this place isn’t Legendary.” Look at this little bitch, doesn’t like the Legendary guy, man… Okay fine, he might be right, this is Gemini after all. Then I remember this prick is a Gemini — a Gemini never has one thing match the next — let me tie my donkey to a solid post, so I go and start checking. But checking all the way to god, ehehe.
I go: there’s monthly, there’s yearly, there’s a 3-year — is there a 2-year? A daily? A 5-year? 10? Like that, bro, I go all the way to Interstellar😂. Turns out I’ve got a 2-year and a 3-year in hand. At least I understood that. But there’s a problem with the 2-year — it ends up more expensive than the 1-year. I want to curse out the guys’ math teacher, then I remember I’m a teacher, fuck it let me curse IT teachers instead, the poor guys have nobody speaking up for them anyway — let me crack the whip, I say to myself.
Then I dig into this 3-year thing some more. It’s on Loser, it’s on Loser Plus, it’s on Loser Ultra, it’s everywhere — but Loser Ultra slaps the biggest discount on us. On Loser it knocks off like 30 bucks, on Loser Plus 90, on Loser Ultra 3000. (Numbers are made up, just wrote them so you get the ratio.)
Quick interjection here. For guys like me whose surroundings are nothing but AIs (am I also an AI sometimes, I wonder ehhe, space and time are a dream, you know, heheh), I need to drop a warning. By the way I’m only talking about the hacking domain, otherwise I’ve got a life, I’m a human too, hahaha. As a self-taught guy in this field who also doesn’t really enjoy socializing, AI taught me a lot, I won’t deny its credit. But mostly it taught me cowardice, motherfucker. “No don’t do that bro, special ops will come and fuck you up… no don’t do this bro, prison cells are cold,” etc. — the bastards fucked my head up. But I’m seeing now, bro, no need to clench that hard — I mean, I’m not writing this from prison right now, am I? No problem, hahaha. Joking aside, this “step back, you already proved it bro, no don’t take a chargeback” stuff smeared me in a kind of fear feeling, and I’m bored of it this time. I said, fuck tactics. Bam bam…
I go into Loser Ultra, select the 3-year plan… I set my loser credit card limit to 100 lira… I press the $9,000-something button.
My credit card’s heart skips a beat of course, texts me right away: “bro what did you do, what’s happening, what’s happening?” I say “don’t panic man, we’ll figure something out, ehehe.”
Anyway bro, they cut me a proper PDF invoice like fathers, don’t even ask — “We approved your 3-year Loser Ultra subscription for $9-thousand-something…” They approved it alright. We couldn’t actually get the money, but we’ll get there, chill. “You are a Loser Ultra now,” they told me. I immediately ran to check the non-Loser memberships: “aa bro, come if you want, look, we opened these up to you now too.” I told you I’m not a loser, man.
Long story short, I was ruthlessly enjoying my Loser Ultra rights. Wrote up a report on the side too of course. “Look fellas, situation is this and that. I’m inside right now, greeting you with my white hat, there’s unauthorized escalation on your accounts like this, take a look at it…” Finished the report, went to Bruce Lee Kick. “Bro, take a look at this, there’s something like this in your system, what do you say?” Bro took one look — hiyaaa. “What did you do, man, you found an extremely super good bug, report it immediately, I swear they’ll drown you in money.” I said, this guy’s a real one — got jolted like I took a one-inch punch and ran to fire the report into the system.
Time would not pass, man. So I assembled the AI council of course, chaired by the relentless but equally white-hat hacker myvector — Gemini, BruceKick, Claude, Arena. Every AI whose name I don’t know but who I figure is the same LLM with a different label — gathered them all. “Look, you bastards. It’s me, master fucking myvector… I found another sick bug here, they better cough up my share now. Already a Medium anyway, max 5 grand they’ll throw.” Meanwhile I’m writing scenarios of course — “bro, if this bug leaked, oof, what a massive danger right? BruceKick, you tell the security team to wire my money right now.” “Of course bro,” he says. “I’ll forward it right away bro,” he says. Some Claude prick goes — “wait man, don’t get your hopes up so fast.” Yeah right, the biggest hacker sensing — I immediately X him out — fuck off, you fucking realist…
That Claude prick turns out to be right🤣. The guys send me off in one message with a song called “medium to none.” “You documented it nicely, but is this security? Is other customer data leaking? No. Does it break integrity? No. At best this falls under fraud, and the fraud detector handles that anyway. So at best I mark this as ‘you didn’t find shit.’ Now take care of yourself.”
I said, fuck the work you do. How is a fraud detector supposed to catch this — you already approved it. There’s a disconnect between your frontend and your backend, man. The UI doesn’t even know what’s happening — the guy injects a 3-year payment and it goes “a 3-month payment? okay bro let’s do it” — that’s how far gone it is. The name of this is unauthorized bypass, can you guys not even read or what — and with that I put a period on the topic. The last sentence is still in my head: “Close it however you want, this is what happened.”
Of course not a peep, not a breath from the fucking pricks. They’ve set up such a system, bro, in this HackerOne logic — the guys get free quality testing done and don’t even feel any responsibility on top of it. But honestly the real problem here was with the triager squad. The situation was inside the program itself, but these guys are a kind of moron, you know? If he read it like a human he’d see for himself there’s a real bug here — which maybe he does see and just chooses to abuse. Because the guy is on the security team of a system at whatever-the-fuck level of size, you’d think it’s serious business right?
Don’t do this, man. This is going to be a more expensive kind of stupidity in the end. If he’d said “brother, you’re right, but in our triage process we accept the risk on these kinds of bugs” (which is impossible — a method for every guy buying an Ultra account to get a 3-year membership $3000 cheaper, that’s no small thing) — if he’d said that and thanked me properly, I’d have said okay bro, whatever. But the guy is too dense to even think of that. And I’m not saying this about one person — it’s an attitude thing. But who am I even talking to. Maybe one day if these writings get famous: yo triager guys, you wouldn’t lose anything by being a little polite, man. Maybe you’d even gain some humanity.
Anyway brother, ended up being long as a bear again. Take care of yourself. Next week I’ll tell you how I broke price integrity on one of the biggest e-commerce sites in TR and got an Informative tag AGAIN. Alright, bye bye.
Leave a Reply