My Hacking Journey Part 2: NPC to security researcher

7 min readMay 6, 2023

In my previous blog, I shared my initial journey towards cybersecurity, starting from my childhood fascination with technology to my first ethical hacking workshop I attended. As I progressed through college, I continued to explore the field of cybersecurity and began to understand the various nuances and intricacies involved in this domain.

Ethical Hacking: A Hands-on Introduction to Breaking In (book you must read)

During my early second year of college, I started to learn C programming and began practicing it on coding platforms like HackerRank to improve my programming skills. Concurrently, I also started exploring computer networking and tools like Nmap, Burpsuite, and Kali Linux. However, my journey hit a major roadblock with the onset of the Covid-19 pandemic, which forced my college to shift to an online format.

Despite the setback, I persisted and continued my learning journey. Thanks to the support of my parents, I acquired my first ever laptop with impressive specs and began searching for cybersecurity internships and communities on social media platforms such as LinkedIn, Twitter, and Instagram. I discovered content creators on YouTube and Twitter like CybersecurityMeg, nahamsec, RanaKhalil101, InsiderPhD, _JohnHammond, PhillipWylie, huskyhacks, jhaddix, STOKfredrik, alh4zr3d3, Tib3rius, FarahHawa, snyff, corgi, hAPI_hacker, thecybermentor and many others who supported the cybersecurity community through CTFs, giveaways, swags, and challenges. During this course I connected with them and others like Dr. Deepak Kumar (D3), Mr. OoPpSs, Mr. Rakshit Tandon, and Anand Prakash on LinkedIn and Instagram while also undertook several remote internships such as

Graphic Designer Intern @Revolux Pvt. Ltd.
Python Programming with Python Design Intern @Cyberace Infovision Pvt. Ltd.
frontend developer Intern @Team Abadha, Fr. CRCE
PHP backend developer Intern & full stack developer Intern @Web Shine Tech Pvt. Ltd.
GPCSSI 2021 Intern @Gurugram Police Cyber Security Summer Internship
Blockchain Intern & Cybersecurity Intern @Pie Infocomm Pvt. Ltd.
Cybersecurity Intern @smartknower
Penetration Tester Intern & Cybersecurity Engineer Intern @Virtually Testing Foundation (VTF).

Out of these 11 internships that I undertook between April 2020 and June 2022, only Eight provided me with valuable hands-on experience and practical knowledge, while the others fell short. Nevertheless, I remained committed to my learning journey and continued to seek out new opportunities to develop my skills and knowledge in the field of cybersecurity.

Q. Could you provide with information on the specifications of your laptop?

Ans. Yes sure, here you go 16GB RAM, 500GB SSD, 1TB HDD and 4GB graphics

Q. Why such a heavy specs based laptop?

Ans. My Parents gave me as a gift for starting my new journey, no specific reason.

Q. Do we need such a high specs laptop/pc?

Ans. No. Minimum required specs to learn hacking are 4GB RAM and 256GB SSD/HDD

While on my learning journey, I unexpectedly encountered Cryptoknight01 and her sister on YouTube, who had achieved the impressive feat of cracking OSCP in their first attempt while still in their 20s. Feeling inspired, I enrolled in my first two ethical hacking courses on Udemy with Zaid Bhat from Zsecurity and on Internshala. Additionally, I purchased several books related to hacking. Unfortunately, I soon realized that although the courses were beneficial for novice learners, they failed to equip me with the necessary skills to handle real-world situations. It wasn’t until I stumbled upon NahamSec’s Udemy course Intro-to-bug-bounty-by-nahamsec that I finally found a resource that adequately prepared me for practical scenarios.

Subsequently, I embarked on a research phase, during which I discovered a wealth of resources that were available to me for free. I applied to various certification courses on platforms such as Coursera, Udacity, and Edx, as well as to TryHackMe, PentesterLab, HackTheBox, PortSwigger, VulnHub, APIsec University, TCMSecurityAcademy & RootMe. Additionally, I read various blogs and participated in various CTF challenges like PicoCTF, NahamCon CTF, CTF Times, HTB University CTF and Advent of Cyber in late 2021, entered various giveaways, and conducted research on Bug Bounty platforms such as HackerOne, Bugcrowd, Intigriti, and Synack.

As I delved deeper into the cybersecurity domain, I found myself inundated with an overwhelming amount of resources, leaving me perplexed about where to begin and what to prioritize. This led to demotivation and a feeling of being lost, which caused me to waste nearly two years aimlessly applying for various programs without making any headway. In an attempt to regain my focus and motivation, I took a break for a few months and slowed down my learning process. Later, I initiated a 100-day bug bounty challenge but was unable to complete it due to several reasons.

At some point in my pursuit of a career in cybersecurity, doubts started creeping in, making me question my capabilities and whether I was cut out for this field. But this was the point where my actual journey begin to start where I felt like I was stuck in one place, not making any progress. And to make things worse, I was dealing with personal and financial issues. In an attempt to overcome these obstacles, I took a break from learning about hacking and focused on sorting out my personal life while working to support my family. However, my interest in learning more about hacking did not fade away entirely. One day, I stumbled upon NahamSec’s Twitch stream, where he not only explained hacking concepts but also talked about coping with stress, cultivating patience, and maintaining consistency. This renewed my willpower and gave me hope, and I resumed my learning journey, making progress along the way. Eventually On July 29th 2022, I discovered my first three bugs on HackerOne, which boosted my confidence significantly.

All I learned is to be consistent and keep trying

Dunning-Kruger effect

This is an excellent model for explaining a type of cognitive bias that lets people overestimate their abilities. Especially in areas where they have little or no experience.

When people who are new to a subject learn about new skills, tools, or terminology related to that subject, it can give them a confidence boost.

Note: Each and everyone goes through this even I went through this phase but the only key mantra to tackle this challenge is “consistent”. So be consistent in what you learn and what you do.

As I continued to learn, I realized that soft skills such as communication, collaboration, and teamwork are crucial in cybersecurity, especially when working with clients or as part of a team. I started attending cybersecurity events and meetups to network with other professionals in the field and keep up with the latest trends and technologies. Encouraged by my progress and newfound passion, I founded my own community called HAWK-I CRCE, which helped others find their path in bug bounty, pentesting, and cybersecurity. With the help of HAWK-I and GDSC, I conducted several workshops on cybersecurity, bug bounty, CTFs, web and API security, AWS cloud computing, and AWS cloud security.

Finally, in April 2023 i.e during my final year of college, I organized Mumbai’s first-ever full-fledged cybersecurity conference, SummerCon CRCE 2023, where industry experts shared their insights on cybersecurity, the threat spectrum, how to land a job in cybersecurity, and the do’s and don’ts of hacking to make a significant impact.

Looking back, I realize that there were times when I felt overwhelmed and lost. But by staying focused, persevering through challenges, and learning from my mistakes, I was able to grow and develop my skills as a cybersecurity professional. Today, I am proud to be part of this dynamic and exciting field, and I look forward to continuing my journey and making a positive impact on the world.

In conclusion, while I initially sought inspiration from the success of others, I learned that having a structured and manageable approach to learning is crucial to avoid getting lost in the vast sea of information and resources. Therefore, in the last part of my blog, I will share my rough structure and approach to learning VAPT / Penetration Testing / Bug Bounty, which others may find helpful. Till then happy hacking and keep learning.