️♂️ “I Didn’t Plan to Find a P1… But My Script Had Other Plans ”
1 min read
Summary
The article details the journey of a young ethical hacker and his path to discovering a lucrative bug bounty programme through a YouTube video about AWS S3 buckets.
The YouTube video inspires him to create his own tool, S3BucketMisconf, which assesses AWS S3 buckets for misconfigurations that could potentially lead to data leaks.
He identifies one target with an unusually named bucket, target-public-docs, which he investigates further using his own tool and AWS commands that list all the files stored in the bucket.
He is stunned to discover thousands of sensitive files, including financial statements, user data, and PII, which he reports to the organisaztion, and is rewarded with a hefty bounty for his findings.
His advice to newbie hackers inspires them to start small, stay curious, build their own projects, automate tasks, and eventually the bounties will follow.