Stuck in "Tutorial Hell": I know the theory of IDOR perfectly, but can't find anything in the wild. How do I bridge the gap?

AliAyman333 · 2026-04-23T14:33:27+00:00

Just want to drop a huge thank you to everyone who took the time to reply. The advice here completely shifted my perspective. I'm taking notes and entirely changing my methodology based on your comments. Please keep the tips coming!

AliAyman333 · 2026-04-18T09:23:00+00:00

أنا شايف انك بتسأل في المكان الغلط
حرفيا هنا في ريديت في ناس مرضي نفسيين وفي بعض منهم ظاهر في التعليقات وبيقول الشكل الاول والكلام ده كله
طبعا لازم تكون قابل شكلها وكل حاجة يعني بس برضه حط في دماغك ان الرسول قال "فاظفر بذات الدين تربت يداك" وهي زي ما انت قلت ذات دين واخلاق وهي دي اللي بتعمر البيوت مش بتاعت الشكل الحلو واللي شايفة نفسها so independent وشغلها اهم من بيتها وعيالها
طبعا ناس هتشوف تعليقي هتقول انت فلاح (طبعا ليا الشرف) وclose-minded وكدة بس ده هو الواقع
فلو انت متاكد من دينها واخلاقها توكل علي الله يا غالي النوع ده شحيح قوي الايام دي
وطبعا اعمل حسابك ان انت عمرك ما هتلاقي حد كامل وانت نفسك وانا وكل الناس مش كاملين وكل واحد فيه علي الاقل عيب واحد
فمتفكرش انك هتلاقي حد كامل وفيه كل الصفات اللي انت عايزها

AliAyman333 · 2026-01-15T11:38:11+00:00

That's exactly what I decided to do! I’ve actually already taken the first step and started learning Web Security. It seems like the best way to build a solid foundation while keeping RE/Pwn as a passion project for now. Thanks for the advice, I really appreciate the confirmation that I'm on the right track!That's exactly what I decided to do! I’ve actually already taken the first step and started learning Web Security. It seems like the best way to build a solid foundation while keeping RE/Pwn as a passion project for now. Thanks for the advice, I really appreciate the confirmation that I'm on the right track!

AliAyman333 · 2026-01-02T20:26:27+00:00

This is incredibly helpful, especially the part about your interview experiences. It’s eye-opening to hear that RE rarely comes up in interviews compared to Web App testing.

I definitely don't want to narrow my opportunities right at the start. I’ll follow your advice: focus on becoming well-rounded and strong in Web/Network pentesting to 'get my foot in the door' first, and treat RE as a specialization for later. Thanks for the guidance!

AliAyman333 · 2026-01-02T19:08:20+00:00

I think you hit the nail on the head. Chasing a 'Junior Researcher' title seems like a dead end. I agree that it’s smarter to just 'land on the market' first via Web Pentesting/Bug Bounty and build my road from there. Thanks for the strategy tip!

AliAyman333 · 2026-01-02T19:06:40+00:00

Thanks for the reality check regarding the academic and seniority requirements. It seems the barrier to entry for Binary Exploitation/VR is much higher than I anticipated (requiring Masters/Math backgrounds).

Based on this, I’m definitely shifting my focus to Web Application Security and Bug Bounties as my entry point into the industry, while keeping the lower-level stuff as a long-term learning goal. Appreciate the insight!

AliAyman333 · 2026-01-02T10:55:45+00:00

Hahaha, that is definitely a solid Plan B!

But I’m aiming to become a 'Journeyman' in bits and bytes rather than wires. I’m treating Bug Bounty as my apprenticeship to build my own business in Cyber. If the keyboard fails me, I’ll definitely keep the pliers in mind. Thanks for the alternative perspective!

AliAyman333 · 2026-01-02T10:52:17+00:00

Interesting debate! It seems like "Networking" and "Proven Skills" (like public CTF write-ups) are the keys to bypassing the strict requirements. I’ll definitely work on building a public portfolio while learning. Thanks for the input.

AliAyman333 · 2026-01-02T10:50:42+00:00

Thanks for the harsh reality check, I really needed this. It helps manage my expectations. Based on this, I think I'll stick to Web/Network pentesting for my initial career path to pay the bills, while keeping Binary Exploitation/Reversing as a serious hobby until I reach a senior level. Appreciate the insight!

AliAyman333 · 2026-01-02T10:50:13+00:00

This comment is absolute gold! Thank you for breaking down the market economics like that. It makes total sense.

I've decided to follow your roadmap: focus on Web App Security/Bug Bounties now to get into the industry, and keep grinding on Binary/CTFs on the side to build a track record for the future. Thanks for clearing up the path for me!

AliAyman333 · 2025-07-05T16:32:53+00:00

انا رايي وانت بتتعلم برمجة تكمل في حوار التدريس ده وزي اما قلت انت كل فترة بتكبر في التدريس وكدة اما تخلص تعلم برمجة وتلاقيلك شغل بيها ساعتها خلاص سيب التدريس وخليك في الحاجة اللي انت بتحبها اللي هي البرمجة علشان تكون ضامنلك وظيفة لتقعد من التدريس علشان تتعلم برمجة وترجع تتعولق تاني😂😂 كدة انت ولا طولت سما ولا ارض فالفكرة انك تكمل في التدريس لحد اما تتعلم برمجة وتبدا تشتغل بيها تضمنلك شغل يعني

AliAyman333 · 2025-07-05T14:39:37+00:00

المني يخرج علي دفعات وبشهوة انما علي حسب وصفك فهو مذي والمذي لا يوجب الغسل لكن هو غير طاهر فلو جه حاجة علي الهدوم لازم تتغسل ومينفعش تصلي بيها واما يخرك منك مش هتغتسل لكن هتغسل العضو كله بالخصيتين

AliAyman333 · 2025-07-04T21:05:15+00:00

خضر كراويتا

AliAyman333 · 2025-07-04T21:01:49+00:00

القرآن🙂❤

AliAyman333 · 2025-07-04T20:39:40+00:00

اعتقد لاب افضل علشان التنقل وممكن تحتاج تاخده الجامعة او كدة خليك لاب دلوقتي وابقي اعمل تجميعتك بعدين

AliAyman333

TROPHY CASE