BlackCat Hacks

 I love ethical hacking, Cybersecurity, and finding a tasty and juicy vulnerability. However, I think people underestimate the lessons from a very important job: help desk. Help desk is one of those almost "put you through the ringer" type of jobs. It can be soul-sucking, it can be filled with frustration, endless tickets, anxiety, and so on. I think one of the most important things about help desk because of this is to take some lessons in order to understand not only Cybersecurity, IT, and even society as a whole. Let's dig in. The weakest link: the human brain Help desk is basically this: ticket comes in, a user is having an issue that you may or may not know how to fix off the top of your head. You do your best to assist them as urgently and best as possible. This can go a myriad of ways, the user doesn't answer, the user is frustrated and just "wants you to fix it" but is not describing the issue so you have to figure it out, and so on.  One of the thin

 Within the world wide web you have what are called redirections, or forwarding. Redirection is as simple as it sounds: You are browsing to a website and redirects your (or sends you) to a different site. This could be an old URL redirecting you to the new one, a url of a company directing you to the main page, or a malicious redirect. The 3rd one is what we will be discussing today.  Generally, redirects are in the 300 HTTP status code (reference here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/300) and are either 301, 302, or 308. Depending on the website, it will require some action from the user (like logging in).  Within the bug bounty platform open redirects are generally P4 on severity level, and so generally don't offer much in way of bounty or severity. Generally, you want to combine this with something like an XSS, SSRF, CSRF, etc to make it much higher impact, and higher bounty. But open redirects are easy to teach and understand and so they are hunted quit

You're scrolling twitter (or x now) or on a discord, or just on youtube, google, what have you and you see multiple posts "$10,000 bug bounty!!! $50,000!! $100,000". And it seems like an auction of bug bounties. Or maybe you hear about pwn2own and see that some teams get awarded up to $250,000 and you think to yourself "wow, hacking seems like a big money maker, I think I'll take a crack at it."  So you spend the next 6 months, or 12 to get into bug bounty hunting. You read the books like bug bounty bootcamp, the tangled web, etc. you watch the youtube videos like insiderPhd, codingo, and so on. And you spend a lot of time learning about the web, you find a bounty platform like bugcrowd and you dive into a platform after 6 months. At the end of 12 months, you've found nothing. Nata. Zilch. So what do you do? Do you continue another 12 months? Or give up? I want to preface this with saying that I am not trying to discourage *anyone* from getting into ethi