February 22, 2024
Today was a good day, I guess.
Yesterday, I went to sleep early around 9 PM and got enough sleep, but I still faced distractions. The same thing happened again—I woke up at 3 AM, tried to keep myself calm, and went back to sleep around 5 AM until 7:30 AM.
Since today is Saturday, and as I’ve mentioned so many times before, we don’t really have work on Saturdays. We just pretend to work. So, I just clocked in to the remote attendance portal at 8:30 AM and that was it—no actual work. Interns have a working day on Saturdays, but permanent employees have a weekly off.
I spent 30 minutes reading some write-ups, daily blogs, and research articles. Then, I decided to work on a security write-up about a bug we found in our company’s product a few days ago. The blog is titled:
Silent Takeover: How We Hacked Authentication Flows to Compromise 2000+ Healthcare Tenants with Zero Clicks
I already uploaded it on Medium: Read on Medium
Later tonight, I'll also upload it here:
To keep myself busy and distracted from intrusive thoughts, I worked on this write-up continuously till 3 PM while listening to my favorite Spotify & Apple Music playlists. It felt really good to write this! The write-up mainly focuses on the critical authentication bugs we found in our company’s product, including SAML authentication flow vulnerabilities. Since we didn’t get any formal approval, I had to make sure the write-up didn’t disclose any sensitive details like product names, company names, or domains.
Me & my friend also got great feedback on this blog. Many people from the InfoSec & Bug Bounty community reached out, praising our findings. It felt amazing to receive such recognition!
I honestly didn’t want to upload this blog because I know our company's security posture is weak, and their intern stipend is just ₹15K, which is too low. If I had reported a low-level bug in an external bug bounty program, I could have earned more than this stipend from just one bug. But still, I uploaded it because there should be some benefits for us. To balance things ethically, I made sure to redact all critical details. Even though our company pays so little, what we offer in return is much more valuable, so write-ups like these make things fair.
After working continuously till 3 PM, I took a nap and woke up at 4:30 PM. During that time, I received a lot of reactions and messages on Discord, Twitter, and LinkedIn from the InfoSec community, appreciating the write-up. It felt really good!
Later in the evening, I went for my daily walk at 5:30 PM. The sunlight was still strong since we’re just a few days away from summer (must apply sunscreen now!). I put on my playlist and walked 6,374 steps, bringing my total steps for the month to 123,281.
On the brighter side, guess what? My screen time today was just 48 minutes (till I’m writing this journal)! Feels great to stay away from my phone and social media, especially from shorts/reels videos. It’s been a week since I last mindlessly scrolled through them. Sometimes, I watch them, but I’ve enforced a strict time limit on social media apps. I try my best not to remove or extend these limits. I guess today's low screen time is because I spent the whole day in front of my laptop instead. Still, it feels good!
