BBP BUCKETLIST 2K24
In 2024, I dedicated myself to creating and following a personal bug bounty checklist as part of my journey in ethical hacking and self-improvement. This wasn’t just about finding vulnerabilities it was about building discipline, sharpening my technical mindset, and proving to myself that persistence pays off. The project served as a roadmap to grow from a curious learner into a recognized security researcher, earning acknowledgments from some of the world’s biggest companies.
When I started, I had limited direction Just raw curiosity and a passion for cybersecurity. Bug bounties looked intimidating, and the sheer number of attack surfaces made it overwhelming. I realized I needed structure, so I created a checklist of methodologies, tools, and processes to guide me step by step. My early days were full of trial and error, diving deep into web app security, cloud misconfigurations, and fuzzing techniques while slowly building confidence in reporting bugs.
/// Through this project, I built resilience and patience the hard way. Getting tons of N/A and duplicate reports was frustrating at first, but each rejection forced me to recheck my methods and improve. I realized bug bounty isn’t about instant wins it’s about process and persistence.
Instead of getting discouraged, I started following and learning from top researchers, breaking down how they approached targets, wrote reports, and shared knowledge. That shift helped me refine my own methodology. Over time, I transitioned from random attempts at “just hacking” into structured, methodical testing with documentation and checklists.
This mindset change made the biggest difference: every failed report became a data point, every duplicate a signal that I was on the right track, and every valid report proof that consistency pays off. Eventually, I gained recognition not only from programs but also within myself—developing confidence, technical depth, and that “hacker intuition” that only comes through grind and experience.
/// I struggled with impostor syndrome, often doubting my skills when reports were marked as duplicates or N/A.
Managing time between personal life, research, and reporting was challenging.
Sometimes, I spent weeks on a target with nothing to show for it, which tested my patience.
Staying up-to-date with evolving CVEs and new attack vectors required constant learning and adaptation.
/// The outcomes of this journey were beyond what I expected:
Earned Hall of Fame acknowledgments at Apple, BlackBerry (#01 Top Rank), Nokia, Mercedes, Porsche, and many more.
Built a repeatable bug bounty checklist framework that helped me stay focused and productive.
Gained financial rewards, but more importantly, the recognition and validation of my skills by global companies.
Evolved from being “just curious” into a professional security researcher capable of competing at a top level.
Most importantly, I transformed my self-doubt into confidence and turned setbacks into stepping stones.
