FROM STRUGGLES TO SUCCESS: MY JOURNEY TO THE NASA HALL OF FAME
Hello, everyone! My name is zabit . I am a cybersecurity researcher, ethical hacker, and bug bounty hunter with a dream to leave my mark in the prestigious NASA Hall of Fame. Today, I’m thrilled to share my journey with you — a story of perseverance, failure, and ultimate triumph. This is not just my story; it’s a testament that hard work and determination can help anyone achieve their dreams. So buckle up, because this is going to be one inspiring ride!
THE BEGINNING OF THE HUNT
My journey started with immense enthusiasm. I had successfully submitted several reports to NASA. However, to my dismay, many of these were reclassified as “informational.” This meant they didn’t qualify as valid vulnerabilities, and I was left disappointed. For a while, I was demotivated. I began questioning my skills and wondered if I’d ever find a real, impactful vulnerability that could earn me a place in the NASA Hall of Fame.
But then, something clicked. I told myself: “This is not the end. It’s just the beginning.”
I restructured my approach. I turned to Bugcrowd’s Vulnerability Rating Taxonomy (VRT) and focused on P1 to P4 bugs that had a clear and undeniable impact. My mindset shifted from blindly hunting bugs to strategically targeting vulnerabilities that couldn’t easily be dismissed.
FAILURES THAT SHAPED ME
I started hunting for SQL injection (SQLi) vulnerabilities. Over time, I detected many potential issues, but most turned out to be false positives or non-exploitable. Disheartened, I shifted my focus to denial-of-service (DoS) and rate-limiting attacks. While I successfully discovered a few vulnerabilities, I realized they were out of scope for NASA’s program.
Frustration began to build, but giving up was not an option. I decided to try my hand at broken link hijacking. After hours of hard work, I found a hijackable link — but it didn’t belong to NASA. Another failed report.
I started using tools like SourceWolf to automate my hunt for broken links. Yet again, nothing came up. Switching gears, I began targeting personally identifiable information (PII) leaks. I found several instances, but they were marked as “informational.” My attempts to report IDORs (Insecure Direct Object References) and sensitive data exposures also failed to produce any triaged reports.
Every failure felt like a punch to the gut, but I refused to let it define me. I realized that each setback was a lesson, pushing me to refine my techniques and sharpen my focus.
THE TURNING POINT
Determined, I returned to manual hunting. That’s when I struck gold. I found an old NASA page containing software installation guides for employees. Within it, I spotted a broken link to Instagram. Without wasting time, I hijacked the link and submitted my report. But in my haste, I made a critical mistake: my report lacked detail and failed to emphasize the potential impact.
As expected, the report was marked as “informational.” I was furious with myself. But instead of letting anger consume me, I decided to learn from my mistake. I revisited the page and discovered additional broken links to Instagram, Facebook, and Twitter accounts. This time, I prepared a detailed, well-written report, complete with potential impacts, account bios, and examples of how attackers could misuse these hijacked links.
When NASA reviewed my improved submission, it was finally triaged. The feeling of validation was incredible!
THE FINAL PUSH
With renewed confidence, I began reporting other vulnerabilities, including confidential information disclosures. Some reports were duplicates, but many were triaged, and blockers were added to address the issues I found. For the first time, I felt like I was making real progress.
And then, the moment I had been dreaming of arrived: I made it into the NASA Hall of Fame!
Not only was my submission accepted, but I was also informed that I would receive a Letter of Recognition from NASA. The sense of accomplishment was overwhelming. It wasn’t just about the recognition — it was proof that persistence pays off.
MY MESSAGE TO YOU
If there’s one thing I want you to take away from my story, it’s this: never give up on your dreams, no matter how many times you fail. Every setback is an opportunity to learn and grow. Stay consistent, stay passionate, and success will follow.
To all aspiring ethical hackers and bug bounty hunters out there: keep learning, keep hunting, and never lose sight of your goals. One day, you too can make your mark in this world — maybe even in the NASA Hall of Fame.
Thank you for reading my story. Let’s connect and learn together!
You can find me on Instagram: @xabit___ / @xabittttt.
Make sure to follow and once i recieve the LOR i will share it on my instagram also add here .
Let’s make our dreams a reality!
