| I suffer from this badly, I'm slowly coming to the conclusion that I'm just not that good at any of it. I get the basics, I even do it for a living, but I'm never going to be driven to create products. I want to be able to make something, I also really want to be able to finish my progress on cryptopals, or finally get a real bounty on hackerone, but I'm just not good enough. And I get caught thinking, well if I just didn't spend so much time playing computer games, or wasting time I could do that stuff. But is it true, or am I just using them as an excuse, so I don't have to face up to the fact I'm just not that good at it. It's easier to blame my laziness than blame the fact that I struggle to produce output and struggle to find meaningful[1] vulnerabilities. If I ever do find myself unemployed, then I'd hit stockfighter up straight away, that would I guess give me the motivation to work at the stuff. I think there's a fundamental "understanding gap" between me at the problems presented though. In the same way that I can look at a demo scene write ups and understand the concepts they're talking about but there's this vast chasm between the work I do and the work they do, and it's not clear how to bridge that gap. Maybe I should read less hacker news and spend more time practicing the craft. But hey, I'm back in the "if only I worked harder" trap. [1] Sure, I can find open redirects, maybe the occasional http subdomain leaking a cookie from the https root domain, maybe even an open endpoint, but finding vulns worth paying for[2] is difficult when dealing with sites which already care enough to have bounties. [2] It's not about the money, I'd likely not even claim it given the typically small amounts paid out and the hassle of declaring it, but I'd like to bag a bounty for pride sake. |