Sitemap
Open in app

Sign in

Medium Logo
Write
Search

Sign in

Starting Over with Bug Bounty (Again)

2 min readJul 23, 2025
Press enter or click to view image in full size

I’ve tried getting into bug bounty a few times before, but always failed at being consistent.

Sometimes it was life getting in the way. Sometimes it was burnout. Other times I was occupied with job hunt and semester exams etc.
Most of the time, I think it was just my own laziness to pick a target and just start hunting….

But I’m trying again. No big announcement, no “grind mode”. Just slowly getting back into it, one-baby step at a time.

Last night….

Yesterday was the first proper day back in months.
I picked a few public programs that seemed beginner-friendly (not naming them obv), and spent time just doing initial recon

  • Ran subdomain enumeration
  • Did basic passive recon to get a sense of the asset layout
  • Took notes on interesting endpoints and patterns

Nothing wild. No bugs found. But I was more focused than I’ve been in a while, and for now that’s enough.

Not enough to get going but still was enough to get into the feels of hunting and keeping the mind excited.

I wasn’t rushing to find something. I just wanted to reset my tools, get used to reading responses again, and remind myself of what I enjoy about this process.

Relearning the Basics

I also went back through my own notes and previous posts. The ones on subdomain takeover and Google Dorking, those were things I put together while learning, and they still feel useful.

Reading my old posts gave me a reminder : Just apply what I already know, even if it’s basic.

I’ve seen that the beginner phase in bug bounty can feel overwhelming, mostly because it’s easy to assume that everyone else is ahead of you.
But if there’s anything I’ve figured out, it’s that the only way forward is to keep putting in hours even if it’s slow, even if it feels repetitive.

The Plan Ahead

I’m not trying to find critical bugs next week.
The goal is simple : Stay regular.
Even if it’s 30 minutes a day. Run recon. Explore scopes. Take notes.

I’ll probably mess up a lot along the way, report things that aren’t valid, and miss obvious bugs and that’s fine.

Right now, I’m focused on:

  • Improving my recon methodology
  • Getting better at understanding how apps handle auth and data
  • Actually documenting what I do (so I don’t keep starting from scratch)

Not Much to Show Yet, But That’s Okay

This post doesn’t have any cool bugs or juicy screenshots. It’s just a checkpoint.

I’m back to trying, learning, and keeping myself accountable by writing things down.
I’ll share progress as it comes : writeups, mistakes, small wins, and anything useful I figure out along the way.

For now, I’m just glad I opened Burp again.

Bug Bounty
Cybersecurity
Motivation
Discipline
Money

--

--

Aditya Narayan
Aditya Narayan

Written by Aditya Narayan

42 followers
58 following

Posting Bug Bounty methodology, POCs, tips. My socials : https://linktr.ee/adityans Read more of my blogs on other tech topics at : https://aditya-narayan.com/

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech