For all the new readers, this article is a continuation of my yearly cybersecurity journey. This marks the 4th year of my learning journey in cybersecurity.

My journey started with a free TryHackMe subscription that I won through a giveaway hosted by https://x.com/TipsyTux. That single opportunity changed a lot for me. It motivated me to continue my career in cybersecurity seriously. After that, I also got the chance to participate in eJPTv2 beta testing, which further strengthened my foundations.

Before reading this article, I highly recommend checking out my previous three years’ journey so you can understand where I started and how things evolved over time. I hope it gives you inspiration and motivation if you’re starting from scratch or facing difficulties.

Now, let’s get into this year’s journey.

Certifications & Learning

This year, I focused on API penetration testing. I learned API pentesting from APISec University and successfully earned their ACP certification.

I also participated in the OffSec report writing competition to assess and improve my report-writing skills. Alhamdulillah, I secured 1st position, which honestly felt unreal at first — but it was legitimate. Along with that, I passed the exam with a perfect score of 100/100.

You can read about this experience in detail in my Medium article, or you can watch a fun and interesting video filled with memes:

All the relevant links, notes, and resources are included inside the video and the mentioned article.

This year, I also obtained the PT1 certification. Overall, I’d say it was okay. The web pentesting part was good, and I really liked that section. However, I wasn’t a fan of the Active Directory and individual machine pentesting in that exam, and the AI-checking felt a bit problematic at that time. That said, I believe it will improve significantly with time.

Fuzzy HTTP Server Tool

During my OSCP preparation, I created several scripts. One tool that gained a lot of attention was my Fuzzy HTTP Server.

This server hosts multiple useful binaries that can be transferred to a target machine. It also supports fuzzy matching, meaning if you make a typo or use short words while downloading a binary from your server to the victim machine, it will still fetch the correct file easily. This makes it very practical during CTF-related scenarios where we have unstable shell.

Bug Bounty Journey

I discovered a duplicate bug in LinkedIn that allowed the creation of multiple pages without proper restrictions. I came across this issue during my investigation.

I noticed a large number of job postings on LinkedIn with almost the same writing style, which looked suspicious. After diving deeper, I discovered that many LinkedIn pages were sharing the same links. It turned out to be a massive LinkedIn phishing campaign, which I later posted about.

This discovery motivated me to start bug bounty hunting more actively. The Orwa Atiyat podcast also played a big role in motivating me during this phase.

I also found a vulnerability in an open-source software project. I’ll update this article in the month of January and share more details on LinkedIn about it. [SOON BE UPDATED]

Additionally, I discovered a react2shell vulnerability on multiple websites. I reported these issues directly via email, including findings on NASA and gov.uk domains.

I received a quick response via HackerOne for the gov.uk vulnerability. On the other hand, Bugcrowd responses were quite slow, but the issue was eventually fixed after I contacted [email protected] directly.

You can check out my YouTube video for all the details.

My Achievement

One of my biggest achievements this year was that John Hammond, one of my mentors, followed me. This means a lot to me because, as I mentioned in my second-year article, he once replied to my post — and now he follows me as well.

Lesson

One of the most common questions people ask me is:

“How are you getting so many things for free?”

People who have followed me from the beginning know that my journey started with TryHackMe vouchers from giveaways, then eJPT, Google Cloud, and eventually OSCP.

Lesson 1: Never Lose Hope

I faced many difficulties in life. Over time, I realized one important thing: losing hope or doing nothing will never give you anything.

Even if you have no money, no support, or no resources, at least you can try harder and give your best. Leave your fate to Allah, because whatever is written for you will happen. Work hard, work smart, don’t waste time, and leave the results to Allah — but always give your best effort.

I never imagined I’d be able to get these certifications because I simply couldn’t afford them. But I decided to learn beforehand anyway. It’s always better to do something than to sit idle — and slowly, doors started opening for me.

If you focus your attention and energy in the right direction, instead of wasting it on mindless scrolling on Instagram or other platforms, you can actually change the trajectory of your life. Endless scrolling and binge-watching don’t make your life successful or meaningful. Instead, they often pull you into an imaginary world of movie or game characters, while your real life, goals, and opportunities quietly pass by.

There’s nothing wrong with watching movies, cartoons, or entertainment content — I watch them too. However, I usually choose content that helps me learn, grow, or stay motivated, rather than binge-watching series or spending hours on things that add no real value to my life.

Everyone has limited time, and it’s completely your choice where you invest it and who you want to become. You can’t master everything in life, so choose wisely what you want to focus on — and commit to becoming great at it.

Lesson 2: Internal Motivation Matters Most & Discipline

Never rely solely on external motivation, such as praise or support from others. Sometimes, you’ll need to work when nobody supports you — or when everyone around you tries to stop you or becomes a hurdle.

Never care about what others say if you know you’re on the right path. Take advice from everyone, but learn to differentiate between constructive criticism and destructive criticism.

Appreciate everyone who helps you in your journey — even those who try to stop you. They are like fuel for your engine. Let that fuel combust into action, and prove yourself through results, not words.

If you found this article helpful or informative, I would greatly appreciate your support by giving it a like and following me on Medium and my social media accounts. Your support will motivate me to create more content and share my knowledge and experience with others. Thank you for your support!

You can follow me for more informative material on:

• Twitter: https://twitter.com/PakCyberbot
• LinkedIn: https://www.linkedin.com/in/pakcyberbot/
• Medium: https://pakcyberbot.medium.com/
• GitHub: https://github.com/PakCyberbot
• Instagram: https://www.instagram.com/pakcyberbot/
• https://buymeacoffee.com/pakcyberbot