THE THIRD ONE!

Hey everyone! 🌟 It’s been a little while since I last shared my thoughts, and I’ve been diving deep into some fascinating topics lately. I took a break from bug bounty hunting to sharpen my skills in code review—specifically in JavaScript. This week, I’ve been soaking up a ton of information about programming, hacking, AI, and even encryption.

I really didn’t expect to get stuck at times, and I ended up going back to web hunting, which sadly led to a duplicate submission. There’s this feeling I have about needing to be productive and not just learning, especially when I see so many great things happening in the community on Twitter. It can be a bit overwhelming!

I did some work on PentesterLab but got stuck—mostly because I don’t fully understand the difference between let and var in JavaScript. Is let a constant or a variable? It sure doesn’t want to be redeclared! 😂 I’m working on this, and hopefully, by the end of this blog, I’ll have a better grasp of it and javascript although for some reason there is always something more to learn.

Back to PentesterLab, I didn’t want to just breeze through the labs with the help of spoilers without really understanding anything. I found myself stuck and had to reach out to a mentor, Louis (Louis Nyffenegger, the owner of PentesterLab), who was incredibly helpful. He advised me that if I wanted to do well, I needed to focus on the source code and consider that my attack surface, unlike web applications, which are generally easier to deep dive into.

Enough of my rambling! I think I’ll have to separate these blog posts into a Saturday and Wednesday thing so they won’t be too long. My apologies for the lengthy intro, but I appreciate you sticking with me!

It’s Cybersecurity Awareness Month, and just in case you don’t know what cybersecurity awareness is, it’s basically a month where we spread knowledge about cybersecurity information. That’s why our main topic today is on securing our information. And don’t feel that this blog will be all about general topics; it’s mostly about hacking. But since it’s Cybersecurity Awareness Month, one blog post has to go to that. Since I won’t be speaking much on these topics on my Twitter, I might as well make one blog post that emphasizes awareness. Of course, there will also be some bug bounty tips or penetration testing tips at the end that relate to these, so feel free to skip to the end! And obviously, come back up since you would need help and knowledge setting these up.

How to Secure Your Email Address

Before you remove these or skip over,it might be something you have not heard before so stick around a bit.Never judge a blog post by it's second header

Let’s talk about email addresses. They’re like the lifeblood of our digital lives! But here’s the catch: they can also be a way for bad actors to track us down. If your email address includes your name—like firstname.lastname@gmail.com—someone could easily figure out who you are. Yikes!

Imagine getting a phishing email that has your name in it. You might think, “Oh, this looks trustworthy!” But if your email address is out there, it’s a recipe for disaster. So, how do we fix this?

Here’s a Simple Solution!

One great way to enhance your online security is by using DuckDuckGo, a privacy-focused search engine that doesn’t track your searches or store your personal information. It’s all about keeping your online activities private!

And guess what? DuckDuckGo also has a fantastic browser that blocks trackers and keeps your searches anonymous. By using both the search engine and the browser, you can significantly reduce your digital footprint. How cool is that?

Let’s Dive into DuckDuckGo’s Email Relay Feature!

One of the coolest features DuckDuckGo offers is its Email Relay. This service lets you create a unique, anonymous email address that forwards messages to your real email. This way, you can keep your identity safe while still getting important communications. Here’s how to set it up:

1. Visit the Email Relay Page: Head over to DuckDuckGo Email Relay.
2. Create a New Email Address: Click to create a new email address that ends with @duck.com. This will be your anonymous email address.
3. Link to Your Real Email: Enter your existing email address where you want the forwarded messages to go. This way, you won’t miss any important emails!

How to Use Your New Email Address

• Sign Up for Services: Use your DuckDuckGo email address when signing up for services, newsletters, or online accounts. This keeps your real email private and helps reduce spam.
• Receive Emails: Any emails sent to your DuckDuckGo address will be forwarded to your real email, so you can manage your communications without revealing your identity.

Why You’ll Love It

• Privacy: Your real email address stays hidden, which means less spam and fewer phishing attempts.
• Control: If you start getting unwanted emails, you can easily delete or disable your DuckDuckGo email address. You’re in charge! However, I haven’t explored all the potential risks, so be careful—there might be ways that could lead to an email relay address takeover if you where to delete your relay email, allowing an attacker to claim your relay email including your messages. Also, if you delete the relay email, be cautious, as DuckDuckGo may not allow you to reclaim that relay address later. Just something to keep in mind!

Bug Bounty Tip as Promised!

Here’s a little bug bounty tip for you! You might be testing an application and find that a certain functionality requires you to have a paid email. You might think, “That’s weird; my Gmail doesn’t work!” Well, that’s because Gmail isn’t considered a business email. For example, testing@gmail.com is not a business email, but testing@duck.com is! You see where I’m going with this? 😂 You get a free business email, so you can continue your testing without a hitch,you are welcome😂

Final Thoughts

In a world where our digital identities are constantly at risk, taking proactive steps to secure your email is super important. DuckDuckGo’s Email Relay is a powerful tool that enhances your privacy and gives you control over your online presence. Remember, cybersecurity awareness isn’t just a month-long event; it’s a journey we’re all on together. Stay informed, stay secure, and let’s keep learning!

Recommended Blogs to Check Out

Before I sign off, here’s a list of blogs I highly recommend checking out for more insights and tips:

1. PentesterLab Blog: This blog offers valuable insights into why wasting time sometime is okay and even necessary
   

2. Cryptography Engineering Blog: This post discusses the security implications of using Telegram as a messaging app, highlighting its encryption features and potential vulnerabilities.

   3. A path to thrive in bugbounty: These is an awesome blog post on a mental guide to bug bounty,I literally read it these evening and just had to add it in.
   

Thanks for hanging out and reading my ramblings! On the bright side, I finally figured out the difference between let and var. Yay me! Until next time, have fun and take care!